kopia lustrzana https://github.com/pixelfed/pixelfed
Merge pull request #705 from pixelfed/frontend-ui-refactor
Frontend ui refactorpull/725/head v0.7.6
daniel
GitHub
commit
137788b00c
|
|
@ -339,6 +339,11 @@ class AccountController extends Controller
|
|||
$request->session()->push('2fa.session.active', true);
|
||||
return redirect('/');
|
||||
} else {
|
||||
|
||||
if($this->twoFactorBackupCheck($request, $code, $user)) {
|
||||
return redirect('/');
|
||||
}
|
||||
|
||||
if($request->session()->has('2fa.attempts')) {
|
||||
$count = (int) $request->session()->has('2fa.attempts');
|
||||
$request->session()->push('2fa.attempts', $count + 1);
|
||||
|
|
@ -350,4 +355,31 @@ class AccountController extends Controller
|
|||
]);
|
||||
}
|
||||
}
|
||||
|
||||
protected function twoFactorBackupCheck($request, $code, User $user)
|
||||
{
|
||||
$backupCodes = $user->{'2fa_backup_codes'};
|
||||
if($backupCodes) {
|
||||
$codes = json_decode($backupCodes, true);
|
||||
foreach ($codes as $c) {
|
||||
if(hash_equals($c, $code)) {
|
||||
// remove code
|
||||
$codes = array_flatten(array_diff($codes, [$code]));
|
||||
$user->{'2fa_backup_codes'} = json_encode($codes);
|
||||
$user->save();
|
||||
$request->session()->push('2fa.session.active', true);
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
public function accountRestored(Request $request)
|
||||
{
|
||||
//
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -110,6 +110,19 @@ trait SecuritySettings
|
|||
return view('settings.security.2fa.recovery-codes', compact('user', 'codes'));
|
||||
}
|
||||
|
||||
public function securityTwoFactorRecoveryCodesRegenerate(Request $request)
|
||||
{
|
||||
$user = Auth::user();
|
||||
|
||||
if(!$user->{'2fa_enabled'} || !$user->{'2fa_secret'}) {
|
||||
abort(403);
|
||||
}
|
||||
$backups = $this->generateBackupCodes();
|
||||
$user->{'2fa_backup_codes'} = json_encode($backups);
|
||||
$user->save();
|
||||
return redirect(route('settings.security.2fa.recovery'));
|
||||
}
|
||||
|
||||
public function securityTwoFactorUpdate(Request $request)
|
||||
{
|
||||
$user = Auth::user();
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ return [
|
|||
| This value is the version of your PixelFed instance.
|
||||
|
|
||||
*/
|
||||
'version' => '0.7.5',
|
||||
'version' => '0.7.6',
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
|
|||
|
|
@ -7,16 +7,26 @@
|
|||
</div>
|
||||
|
||||
<hr>
|
||||
|
||||
<p class="lead pb-3">
|
||||
Each code can only be used once.
|
||||
</p>
|
||||
|
||||
<p class="lead"></p>
|
||||
<ul class="list-group">
|
||||
@foreach($codes as $code)
|
||||
<li class="list-group-item"><code>{{$code}}</code></li>
|
||||
@endforeach
|
||||
</ul>
|
||||
@if(count($codes) > 0)
|
||||
<p class="lead pb-3">
|
||||
Each code can only be used once.
|
||||
</p>
|
||||
<ul class="list-group">
|
||||
@foreach($codes as $code)
|
||||
<li class="list-group-item"><code>{{$code}}</code></li>
|
||||
@endforeach
|
||||
</ul>
|
||||
@else
|
||||
<div class="pt-5">
|
||||
<h4 class="font-weight-bold">You are out of recovery codes</h4>
|
||||
<p class="lead">Generate more recovery codes and store them in a safe place.</p>
|
||||
<p>
|
||||
<form method="post">
|
||||
@csrf
|
||||
<button type="submit" class="btn btn-primary font-weight-bold">Generate Recovery Codes</button>
|
||||
</form>
|
||||
</p>
|
||||
</div>
|
||||
@endif
|
||||
|
||||
@endsection
|
||||
|
|
@ -166,6 +166,10 @@ Route::domain(config('pixelfed.domain.app'))->middleware(['validemail', 'twofact
|
|||
'2fa/recovery-codes',
|
||||
'SettingsController@securityTwoFactorRecoveryCodes'
|
||||
)->name('settings.security.2fa.recovery');
|
||||
Route::post(
|
||||
'2fa/recovery-codes',
|
||||
'SettingsController@securityTwoFactorRecoveryCodesRegenerate'
|
||||
);
|
||||
});
|
||||
|
||||
Route::get('applications', 'SettingsController@applications')->name('settings.applications');
|
||||
|
|
|
|||
Ładowanie…
Reference in New Issue