Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-07-09 03:14:30 -04:00
Code Issues Packages Projects Releases Wiki Activity

Improve 2FA setup

Browse Source
This commit is contained in:
Hillel Coren 2017-11-02 10:43:36 +02:00
parent 297a83fdd9
commit 9dcc3af5ad
4 changed files with 33 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
app/Http/Controllers/Google2FAController.php → app/Http/Controllers/TwoFactorController.php
View File

@ -5,21 +5,20 @@ namespace App\Http\Controllers;
use PragmaRX\Google2FA\Google2FA; use PragmaRX\Google2FA\Google2FA;
use Crypt; use Crypt;
class Google2FAController extends Controller class TwoFactorController extends Controller
{ {
public function enableTwoFactor() public function setupTwoFactor()
{ {
$user = auth()->user(); $user = auth()->user();
if ($user->google_2fa_secret) { if ($user->google_2fa_secret || ! $user->phone) {
return redirect('/settings/user_details'); return redirect('/settings/user_details');
} }
$google2fa = new Google2FA(); $google2fa = new Google2FA();
$secret = $google2fa->generateSecretKey(); $secret = $google2fa->generateSecretKey();
$user->google_2fa_secret = Crypt::encrypt($secret); session(['2fa:secret' => $secret]);
$user->save();
$qrCode = $google2fa->getQRCodeGoogleUrl( $qrCode = $google2fa->getQRCodeGoogleUrl(
APP_NAME, APP_NAME,
@ -34,4 +33,19 @@ class Google2FAController extends Controller
return view('users.two_factor', $data); return view('users.two_factor', $data);
} }
public function enableTwoFactor()
{
$user = auth()->user();
$secret = session()->pull('2fa:secret');
if ($secret && ! $user->google_2fa_secret && $user->phone) {
$user->google_2fa_secret = Crypt::encrypt($secret);
$user->save();
session()->flash('message', trans('texts.enabled_two_factor'));
}
return redirect('settings/user_details');
}
} }

4
app/Http/routes.php
View File

@ -143,8 +143,8 @@ Route::group(['middleware' => ['lookup:user', 'auth:user']], function () {
Route::post('settings/user_details', 'AccountController@saveUserDetails'); Route::post('settings/user_details', 'AccountController@saveUserDetails');
Route::post('settings/payment_gateway_limits', 'AccountGatewayController@savePaymentGatewayLimits'); Route::post('settings/payment_gateway_limits', 'AccountGatewayController@savePaymentGatewayLimits');
Route::post('users/change_password', 'UserController@changePassword'); Route::post('users/change_password', 'UserController@changePassword');
Route::get('settings/enable_two_factor', 'Google2FAController@enableTwoFactor'); Route::get('settings/enable_two_factor', 'TwoFactorController@setupTwoFactor');
Route::get('settings/disable_two_factor', 'Google2FAController@disableTwoFactor'); Route::post('settings/enable_two_factor', 'TwoFactorController@enableTwoFactor');
Route::resource('clients', 'ClientController'); Route::resource('clients', 'ClientController');
Route::get('api/clients', 'ClientController@getDatatable'); Route::get('api/clients', 'ClientController@getDatatable');

6
resources/lang/en/texts.php
View File

@ -699,7 +699,7 @@ $LANG = array(
'invalid_credentials' => 'These credentials do not match our records', 'invalid_credentials' => 'These credentials do not match our records',
'show_all_options' => 'Show all options', 'show_all_options' => 'Show all options',
'user_details' => 'User Details', 'user_details' => 'User Details',
'oneclick_login' => 'Social Login', 'oneclick_login' => 'Connected Account',
'disable' => 'Disable', 'disable' => 'Disable',
'invoice_quote_number' => 'Invoice and Quote Numbers', 'invoice_quote_number' => 'Invoice and Quote Numbers',
'invoice_charges' => 'Invoice Surcharges', 'invoice_charges' => 'Invoice Surcharges',
@ -2513,10 +2513,10 @@ $LANG = array(
'enable_two_factor' => 'Two-Factor Authentication', 'enable_two_factor' => 'Two-Factor Authentication',
'enable_two_factor_help' => 'Use your phone to confirm your identity when logging in', 'enable_two_factor_help' => 'Use your phone to confirm your identity when logging in',
'two_factor_setup' => 'Two-Factor Setup', 'two_factor_setup' => 'Two-Factor Setup',
'two_factor_setup_help' => 'Scan the bar code with a :link compatible app or enter the following code: :code', 'two_factor_setup_help' => 'Scan the bar code with a :link compatible app.',
'return_to_settings' => 'Return to Settings',
'one_time_password' => 'One Time Password', 'one_time_password' => 'One Time Password',
'set_phone_for_two_factor' => 'Set your phone number to enable.', 'set_phone_for_two_factor' => 'Set your phone number to enable.',
'enabled_two_factor' => 'Successfully enabled Two-Factor Authentication',
); );

12
resources/views/users/two_factor.blade.php
View File

@ -8,6 +8,8 @@
@include('accounts.nav', ['selected' => ACCOUNT_USER_DETAILS]) @include('accounts.nav', ['selected' => ACCOUNT_USER_DETAILS])
@endif @endif
{!! Former::open() !!}
<div class="row"> <div class="row">
<div class="col-md-12"> <div class="col-md-12">
<div class="panel panel-default"> <div class="panel panel-default">
@ -17,15 +19,19 @@
<div class="panel-body form-padding-right"> <div class="panel-body form-padding-right">
<div class="text-center"> <div class="text-center">
<img src="{{ $qrCode }}" alt=""> <img src="{{ $qrCode }}" alt="">
<p>{!! trans('texts.two_factor_setup_help', ['code' => $secret, 'link' => link_to('https://github.com/antonioribeiro/google2fa#google-authenticator-apps', 'Google Authenticator', ['target' => '_blank'])]) !!}</p> <p class="text-muted">{{ $secret }}</p><br/>
<p>{!! trans('texts.two_factor_setup_help', ['link' => link_to('https://github.com/antonioribeiro/google2fa#google-authenticator-apps', 'Google Authenticator', ['target' => '_blank'])]) !!}</p>
</div> </div>
<p>&nbsp;</p> <p>&nbsp;</p>
<center> <center class="buttons">
{!! Button::normal(trans('texts.return_to_settings'))->large()->asLinkTo(url('settings/user_details')) !!} {!! Button::normal(trans('texts.cancel'))->large()->asLinkTo(url('settings/user_details'))->appendIcon(Icon::create('remove-circle')) !!}
{!! Button::success(trans('texts.enable'))->large()->submit()->appendIcon(Icon::create('lock')) !!}
</center> </center>
</div> </div>
</div> </div>
</div> </div>
</div> </div>
{!! Former::close() !!}
@stop @stop