mirror of
https://github.com/invoiceninja/invoiceninja.git
synced 2025-07-07 12:54:31 -04:00
Require OTP to enable 2FA
This commit is contained in:
Hillel Coren
parent
e3f24607a0
commit
4db3445ca1
@ -38,8 +38,11 @@ class TwoFactorController extends Controller
|
|||||||
{
|
{
|
||||||
$user = auth()->user();
|
$user = auth()->user();
|
||||||
$secret = session()->pull('2fa:secret');
|
$secret = session()->pull('2fa:secret');
|
||||||
|
$oneTimePassword = request('one_time_password');
|
||||||
|
|
||||||
if ($secret && ! $user->google_2fa_secret && $user->phone && $user->confirmed) {
|
if (! $secret || ! \Google2FA::verifyKey($secret, $oneTimePassword)) {
|
||||||
|
return redirect('settings/enable_two_factor')->withMessage(trans('texts.invalid_one_time_password'));
|
||||||
|
} elseif (! $user->google_2fa_secret && $user->phone && $user->confirmed) {
|
||||||
$user->google_2fa_secret = Crypt::encrypt($secret);
|
$user->google_2fa_secret = Crypt::encrypt($secret);
|
||||||
$user->save();
|
$user->save();
|
||||||
|
|
||||||
|
|||||||
@ -2557,6 +2557,7 @@ $LANG = array(
|
|||||||
'deleted_scheduled_report' => 'Successfully canceled scheduled report',
|
'deleted_scheduled_report' => 'Successfully canceled scheduled report',
|
||||||
'scheduled_report_attached' => 'Your scheduled :type report is attached.',
|
'scheduled_report_attached' => 'Your scheduled :type report is attached.',
|
||||||
'scheduled_report_error' => 'Failed to create schedule report',
|
'scheduled_report_error' => 'Failed to create schedule report',
|
||||||
|
'invalid_one_time_password' => 'Invalid one time password',
|
||||||
);
|
);
|
||||||
|
|
||||||
return $LANG;
|
return $LANG;
|
||||||
|
|||||||
@ -8,7 +8,7 @@
|
|||||||
@include('accounts.nav', ['selected' => ACCOUNT_USER_DETAILS])
|
@include('accounts.nav', ['selected' => ACCOUNT_USER_DETAILS])
|
||||||
@endif
|
@endif
|
||||||
|
|
||||||
{!! Former::open() !!}
|
{!! Former::open()->rules(['one_time_password' => 'required']) !!}
|
||||||
|
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-md-12">
|
<div class="col-md-12">
|
||||||
@ -22,8 +22,12 @@
|
|||||||
<p class="text-muted">{{ $secret }}</p><br/>
|
<p class="text-muted">{{ $secret }}</p><br/>
|
||||||
<p>{!! trans('texts.two_factor_setup_help', ['link' => link_to('https://github.com/antonioribeiro/google2fa#google-authenticator-apps', 'Google Authenticator', ['target' => '_blank'])]) !!}</p>
|
<p>{!! trans('texts.two_factor_setup_help', ['link' => link_to('https://github.com/antonioribeiro/google2fa#google-authenticator-apps', 'Google Authenticator', ['target' => '_blank'])]) !!}</p>
|
||||||
</div>
|
</div>
|
||||||
<p> </p>
|
|
||||||
<center class="buttons">
|
<center class="buttons">
|
||||||
|
{!! Former::text('one_time_password')
|
||||||
|
->placeholder('one_time_password')
|
||||||
|
->style('width:300px;font-size:18px')
|
||||||
|
->raw() !!}
|
||||||
|
<p> </p>
|
||||||
{!! Button::normal(trans('texts.cancel'))->large()->asLinkTo(url('settings/user_details'))->appendIcon(Icon::create('remove-circle')) !!}
|
{!! Button::normal(trans('texts.cancel'))->large()->asLinkTo(url('settings/user_details'))->appendIcon(Icon::create('remove-circle')) !!}
|
||||||
{!! Button::success(trans('texts.enable'))->large()->submit()->appendIcon(Icon::create('lock')) !!}
|
{!! Button::success(trans('texts.enable'))->large()->submit()->appendIcon(Icon::create('lock')) !!}
|
||||||
</center>
|
</center>
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user