Close #15 added two factor authentication
This commit is contained in:
Antonio Ramirez
@ -15,7 +15,6 @@ use Da\User\Contracts\AuthClientInterface;
|
||||
use Da\User\Event\FormEvent;
|
||||
use Da\User\Event\UserEvent;
|
||||
use Da\User\Form\LoginForm;
|
||||
use Da\User\Model\User;
|
||||
use Da\User\Query\SocialNetworkAccountQuery;
|
||||
use Da\User\Service\SocialNetworkAccountConnectService;
|
||||
use Da\User\Service\SocialNetworkAuthenticateService;
|
||||
@ -38,10 +37,10 @@ class SecurityController extends Controller
|
||||
/**
|
||||
* SecurityController constructor.
|
||||
*
|
||||
* @param string $id
|
||||
* @param Module $module
|
||||
* @param string $id
|
||||
* @param Module $module
|
||||
* @param SocialNetworkAccountQuery $socialNetworkAccountQuery
|
||||
* @param array $config
|
||||
* @param array $config
|
||||
*/
|
||||
public function __construct(
|
||||
$id,
|
||||
@ -64,7 +63,7 @@ class SecurityController extends Controller
|
||||
'rules' => [
|
||||
[
|
||||
'allow' => true,
|
||||
'actions' => ['login', 'auth', 'blocked'],
|
||||
'actions' => ['login', 'confirm', 'auth', 'blocked'],
|
||||
'roles' => ['?'],
|
||||
],
|
||||
[
|
||||
@ -113,16 +112,27 @@ class SecurityController extends Controller
|
||||
|
||||
/** @var LoginForm $form */
|
||||
$form = $this->make(LoginForm::class);
|
||||
|
||||
/** @var FormEvent $event */
|
||||
$event = $this->make(FormEvent::class, [$form]);
|
||||
|
||||
if (Yii::$app->request->isAjax && $form->load(Yii::$app->request->post())) {
|
||||
|
||||
Yii::$app->response->format = Response::FORMAT_JSON;
|
||||
|
||||
return ActiveForm::validate($form);
|
||||
}
|
||||
|
||||
if ($form->load(Yii::$app->request->post())) {
|
||||
|
||||
if ($this->module->enableTwoFactorAuthentication && $form->validate()) {
|
||||
if ($form->getUser()->auth_tf_enabled) {
|
||||
Yii::$app->session->set('credentials', ['login' => $form->login, 'pwd' => $form->password]);
|
||||
|
||||
return $this->redirect(['confirm']);
|
||||
}
|
||||
}
|
||||
|
||||
$this->trigger(FormEvent::EVENT_BEFORE_LOGIN, $event);
|
||||
if ($form->login()) {
|
||||
$form->getUser()->updateAttributes(['last_login_at' => time()]);
|
||||
@ -142,6 +152,59 @@ class SecurityController extends Controller
|
||||
);
|
||||
}
|
||||
|
||||
public function actionConfirm()
|
||||
{
|
||||
if (!Yii::$app->user->getIsGuest()) {
|
||||
return $this->goHome();
|
||||
}
|
||||
|
||||
if (!Yii::$app->session->has('credentials')) {
|
||||
return $this->redirect(['login']);
|
||||
}
|
||||
|
||||
$credentials = Yii::$app->session->get('credentials');
|
||||
/** @var LoginForm $form */
|
||||
$form = $this->make(LoginForm::class);
|
||||
$form->login = $credentials['login'];
|
||||
$form->password = $credentials['pwd'];
|
||||
$form->setScenario('2fa');
|
||||
|
||||
/** @var FormEvent $event */
|
||||
$event = $this->make(FormEvent::class, [$form]);
|
||||
|
||||
if (Yii::$app->request->isAjax && $form->load(Yii::$app->request->post())) {
|
||||
|
||||
Yii::$app->response->format = Response::FORMAT_JSON;
|
||||
|
||||
return ActiveForm::validate($form);
|
||||
}
|
||||
|
||||
if ($form->load(Yii::$app->request->post())) {
|
||||
|
||||
$this->trigger(FormEvent::EVENT_BEFORE_LOGIN, $event);
|
||||
|
||||
if ($form->login()) {
|
||||
|
||||
Yii::$app->session->set('credentials', null);
|
||||
|
||||
$form->getUser()->updateAttributes(['last_login_at' => time()]);
|
||||
|
||||
$this->trigger(FormEvent::EVENT_AFTER_LOGIN, $event);
|
||||
|
||||
return $this->goBack();
|
||||
}
|
||||
}
|
||||
|
||||
return $this->render(
|
||||
'confirm',
|
||||
[
|
||||
'model' => $form,
|
||||
'module' => $this->module,
|
||||
]
|
||||
);
|
||||
|
||||
}
|
||||
|
||||
public function actionLogout()
|
||||
{
|
||||
$event = $this->make(UserEvent::class, [Yii::$app->getUser()->getIdentity()]);
|
||||
|
||||
@ -24,14 +24,17 @@ use Da\User\Query\ProfileQuery;
|
||||
use Da\User\Query\SocialNetworkAccountQuery;
|
||||
use Da\User\Query\UserQuery;
|
||||
use Da\User\Service\EmailChangeService;
|
||||
use Da\User\Service\TwoFactorQrCodeUriGeneratorService;
|
||||
use Da\User\Traits\ContainerAwareTrait;
|
||||
use Da\User\Validator\AjaxRequestModelValidator;
|
||||
use Da\User\Validator\TwoFactorCodeValidator;
|
||||
use Yii;
|
||||
use yii\filters\AccessControl;
|
||||
use yii\filters\VerbFilter;
|
||||
use yii\web\Controller;
|
||||
use yii\web\ForbiddenHttpException;
|
||||
use yii\web\NotFoundHttpException;
|
||||
use yii\web\Response;
|
||||
|
||||
class SettingsController extends Controller
|
||||
{
|
||||
@ -49,12 +52,12 @@ class SettingsController extends Controller
|
||||
/**
|
||||
* SettingsController constructor.
|
||||
*
|
||||
* @param string $id
|
||||
* @param Module $module
|
||||
* @param ProfileQuery $profileQuery
|
||||
* @param UserQuery $userQuery
|
||||
* @param string $id
|
||||
* @param Module $module
|
||||
* @param ProfileQuery $profileQuery
|
||||
* @param UserQuery $userQuery
|
||||
* @param SocialNetworkAccountQuery $socialNetworkAccountQuery
|
||||
* @param array $config
|
||||
* @param array $config
|
||||
*/
|
||||
public function __construct(
|
||||
$id,
|
||||
@ -81,6 +84,7 @@ class SettingsController extends Controller
|
||||
'actions' => [
|
||||
'disconnect' => ['post'],
|
||||
'delete' => ['post'],
|
||||
'two-factor-disable' => ['post']
|
||||
],
|
||||
],
|
||||
'access' => [
|
||||
@ -88,7 +92,16 @@ class SettingsController extends Controller
|
||||
'rules' => [
|
||||
[
|
||||
'allow' => true,
|
||||
'actions' => ['profile', 'account', 'networks', 'disconnect', 'delete'],
|
||||
'actions' => [
|
||||
'profile',
|
||||
'account',
|
||||
'networks',
|
||||
'disconnect',
|
||||
'delete',
|
||||
'two-factor',
|
||||
'two-factor-enable',
|
||||
'two-factor-disable'
|
||||
],
|
||||
'roles' => ['@'],
|
||||
],
|
||||
[
|
||||
@ -228,4 +241,70 @@ class SettingsController extends Controller
|
||||
|
||||
return $this->goHome();
|
||||
}
|
||||
|
||||
public function actionTwoFactor($id)
|
||||
{
|
||||
/** @var User $user */
|
||||
$user = $this->userQuery->whereId($id)->one();
|
||||
|
||||
if (null === $user) {
|
||||
throw new NotFoundHttpException();
|
||||
}
|
||||
|
||||
$uri = $this->make(TwoFactorQrCodeUriGeneratorService::class, [$user])->run();
|
||||
|
||||
return $this->renderAjax('two-factor', ['id' => $id, 'uri' => $uri]);
|
||||
}
|
||||
|
||||
public function actionTwoFactorEnable($id)
|
||||
{
|
||||
Yii::$app->response->format = Response::FORMAT_JSON;
|
||||
|
||||
/** @var User $user */
|
||||
$user = $this->userQuery->whereId($id)->one();
|
||||
|
||||
if (null === $user) {
|
||||
return [
|
||||
'success' => false,
|
||||
'message' => Yii::t('usuario', 'User not found.')
|
||||
];
|
||||
}
|
||||
$code = Yii::$app->request->get('code');
|
||||
|
||||
$success = $this
|
||||
->make(TwoFactorCodeValidator::class, [$user, $code, $this->module->twoFactorAuthenticationCycles])
|
||||
->validate();
|
||||
|
||||
$success = $success && $user->updateAttributes(['auth_tf_enabled' => '1']);
|
||||
|
||||
return [
|
||||
'success' => $success,
|
||||
'message' => $success
|
||||
? Yii::t('usuario', 'Two factor successfully enabled.')
|
||||
: Yii::t('usuario', 'Verification failed. Please, enter new code.')
|
||||
];
|
||||
}
|
||||
|
||||
public function actionTwoFactorDisable($id)
|
||||
{
|
||||
/** @var User $user */
|
||||
$user = $this->userQuery->whereId($id)->one();
|
||||
|
||||
if (null === $user) {
|
||||
throw new NotFoundHttpException();
|
||||
}
|
||||
|
||||
if($user->updateAttributes(['auth_tf_enabled' => '0']))
|
||||
{
|
||||
Yii::$app
|
||||
->getSession()
|
||||
->setFlash('success', Yii::t('usuario', 'Two-factor authorization has been disabled.'));
|
||||
} else {
|
||||
Yii::$app
|
||||
->getSession()
|
||||
->setFlash('danger', Yii::t('usuario', 'Unable to disable two-factor authorization.'));
|
||||
}
|
||||
|
||||
$this->redirect(['account']);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user