mirror of
https://codeberg.org/streams/streams.git
synced 2024-09-19 15:55:13 +00:00
fixes mfa escape from form
This commit is contained in:
parent
ee09d848cb
commit
d9e1de7832
4 changed files with 31 additions and 20 deletions
|
@ -14,10 +14,6 @@ class Totp_check extends Controller
|
|||
{
|
||||
$retval = ['status' => false];
|
||||
|
||||
if (!local_channel()) {
|
||||
json_return_and_die($retval);
|
||||
}
|
||||
|
||||
$account = App::get_account();
|
||||
if (!$account) {
|
||||
json_return_and_die($retval);
|
||||
|
|
|
@ -309,6 +309,13 @@ if (
|
|||
$atoken = $verify['xchan'];
|
||||
$channel = $verify['channel'];
|
||||
$account = App::$account = $verify['account'];
|
||||
$multiFactor = AConfig::Get(App::$account['account_id'], 'system', 'mfa_enabled');
|
||||
if ($multiFactor) {
|
||||
$_SESSION['2FA_REQUIRED'] = true;
|
||||
}
|
||||
else {
|
||||
unset($_SESSION['2FA_REQUIRED']);
|
||||
}
|
||||
}
|
||||
|
||||
if (App::$account) {
|
||||
|
|
|
@ -30,19 +30,27 @@ function authenticate_success($user_record, $channel = false, $login_initial = f
|
|||
$_SESSION['account_id'] = $user_record['account_id'];
|
||||
$_SESSION['authenticated'] = 1;
|
||||
|
||||
if ($channel) {
|
||||
$uid_to_load = $channel['channel_id'];
|
||||
$canChangeChannel = empty($_SESSION['2FA_REQUIRED']);
|
||||
if (!empty($_SESSION['2FA_VERIFIED'])) {
|
||||
$canChangeChannel = true;
|
||||
}
|
||||
|
||||
if (! isset($uid_to_load)) {
|
||||
$uid_to_load = (((x($_SESSION, 'uid')) && (intval($_SESSION['uid'])))
|
||||
? intval($_SESSION['uid'])
|
||||
: intval(App::$account['account_default_channel'])
|
||||
);
|
||||
}
|
||||
if ($canChangeChannel) {
|
||||
|
||||
if ($uid_to_load) {
|
||||
change_channel($uid_to_load);
|
||||
if ($channel) {
|
||||
$uid_to_load = $channel['channel_id'];
|
||||
}
|
||||
|
||||
if (!isset($uid_to_load)) {
|
||||
$uid_to_load = (((x($_SESSION, 'uid')) && (intval($_SESSION['uid'])))
|
||||
? intval($_SESSION['uid'])
|
||||
: intval(App::$account['account_default_channel'])
|
||||
);
|
||||
}
|
||||
|
||||
if ($uid_to_load) {
|
||||
change_channel($uid_to_load);
|
||||
}
|
||||
}
|
||||
|
||||
if (($login_initial || $update_lastlog) && (! (isset($_SESSION['sudo']) && $_SESSION['sudo']))) {
|
||||
|
@ -59,13 +67,13 @@ function authenticate_success($user_record, $channel = false, $login_initial = f
|
|||
|
||||
if ($login_initial && $interactive) {
|
||||
Hook::call('logged_in', $user_record);
|
||||
$multiFactor = AConfig::Get(App::$account['account_id'], 'system', 'mfa_enabled');
|
||||
if ($multiFactor && empty($_SESSION['2FA_VERIFIED'])) {
|
||||
goaway(z_root() . '/totp_check');
|
||||
}
|
||||
// might want to log success here
|
||||
}
|
||||
|
||||
if ($_SESSION['2FA_REQUIRED'] && !$_SESSION['2FA_VERIFIED'] && App::$module !== 'totp_check') {
|
||||
goaway(z_root() . '/totp_check');
|
||||
}
|
||||
|
||||
if ($return || x($_SESSION, 'workflow')) {
|
||||
unset($_SESSION['workflow']);
|
||||
return;
|
||||
|
|
|
@ -46,13 +46,13 @@ function hitkey(ev) {
|
|||
<div class="generic-content-wrapper">
|
||||
<div class="section-content-tools-wrapper">
|
||||
<h3 style="text-align: center;">{{$header}}</h3>
|
||||
|
||||
<div>{{$desc}}</div>
|
||||
|
||||
<br>
|
||||
<div class="form-group">
|
||||
<input type="text" class="form-control" style="width: 10em" id="totp-code" onkeydown="hitkey(event)"/>
|
||||
<div id="feedback"></div>
|
||||
</div>
|
||||
<br>
|
||||
<div>
|
||||
<input type="button" class="btn btn-primary" value={{$submit}} onclick="totp_verify()"/>
|
||||
</div>
|
||||
|
|
Loading…
Reference in a new issue