Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-05-31 10:54:34 -04:00
Code Issues Packages Projects Releases Wiki Activity

Cache password protection on login

Browse Source
This commit is contained in:
David Bomba 2021-03-16 23:10:15 +11:00
parent 2207168ee8
commit 0422c95e13
1 changed files with 25 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
app/Http/Controllers/Auth/LoginController.php
View File

@ -28,6 +28,9 @@ use Google_Client;
use Illuminate\Foundation\Auth\AuthenticatesUsers; use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Cache;
use Illuminate\Support\Str;
use PragmaRX\Google2FA\Google2FA;
use Turbo124\Beacon\Facades\LightLogs; use Turbo124\Beacon\Facades\LightLogs;
class LoginController extends BaseController class LoginController extends BaseController
@ -159,19 +162,40 @@ class LoginController extends BaseController
} }
if ($this->attemptLogin($request)) { if ($this->attemptLogin($request)) {
LightLogs::create(new LoginSuccess()) LightLogs::create(new LoginSuccess())
->increment() ->increment()
->batch(); ->batch();
$user = $this->guard()->user(); $user = $this->guard()->user();
//if user has 2fa enabled - lets check this now:
if($user->google_2fa_secret)
{
$google2fa = new Google2FA();
if(!$google2fa->verifyKey(decrypt($user->google_2fa_secret), $request->input('one_time_password')))
{
return response()
->json(['message' => ctrans('texts.invalid_one_time_password')], 401)
->header('X-App-Version', config('ninja.app_version'))
->header('X-Api-Version', config('ninja.minimum_client_version'));
}
}
$user->setCompany($user->account->default_company); $user->setCompany($user->account->default_company);
$timeout = auth()->user()->company()->default_password_timeout;
Cache::put(auth()->user()->hashed_id.'_logged_in', Str::random(64), $timeout);
$cu = CompanyUser::query() $cu = CompanyUser::query()
->where('user_id', auth()->user()->id); ->where('user_id', auth()->user()->id);
return $this->listResponse($cu); return $this->listResponse($cu);
} else { } else {
LightLogs::create(new LoginFailure()) LightLogs::create(new LoginFailure())
->increment() ->increment()
->batch(); ->batch();
@ -182,6 +206,7 @@ class LoginController extends BaseController
->json(['message' => ctrans('texts.invalid_credentials')], 401) ->json(['message' => ctrans('texts.invalid_credentials')], 401)
->header('X-App-Version', config('ninja.app_version')) ->header('X-App-Version', config('ninja.app_version'))
->header('X-Api-Version', config('ninja.minimum_client_version')); ->header('X-Api-Version', config('ninja.minimum_client_version'));
} }
} }