/**
* Modify the value.
*
* @param $value
* @return bool
*/
public function modify($value)
{
if ($value == 'enable') {
$twofa = new Google2FA();
return $twofa->generateSecretKey(32);
} else {
return $value;
}
}
/**
* Return an HTML mailto link.
*
* @param null|string $text
* @return null|string
*/
public function qr_code()
{
if (!($user = $this->object->getEntry())) {
return null;
}
$twofa = new Google2FA();
$url = $twofa->getQRCodeGoogleUrl('The%20Linden%20Tree', $user->email, $this->object->getValue());
return $this->html->image($url);
}
public function index(Redirector $redirect, Repository $config)
{
$secret = $this->request->input('twofa');
$twofa = new Google2FA();
$valid = $twofa->verifyKey(\Auth::user()->twofa_secret, $secret);
if ($valid === false) {
$this->messages->error('Your code was not accepted. Please try again');
} else {
$this->request->session()->put('minioak::twofa::authenticated', true);
}
return $redirect->to($config->get('anomaly.module.users::paths.home', 'admin/dashboard'));
}
public function timebasedPost(Request $request, $user_id, Google2FA $google2fa)
{
$user = User::findOrFail($user_id);
if ($user->id != Auth::id() && !Auth::user()->can('board')) {
abort(403);
}
$code = $request->input('2facode');
$secret = $request->input('2fakey');
if ($google2fa->verifyKey($secret, $code)) {
$user->tfa_totp_key = $secret;
$user->save();
$request->session()->flash('flash_message', 'Time-Based 2 Factor Authentication enabled!');
return Redirect::route('user::dashboard', ['id' => $user->id]);
} else {
$request->session()->flash('flash_message', 'The code you entered is not correct. Remove the account from your 2FA app and try again.');
return Redirect::route('user::dashboard', ['id' => $user->id]);
}
}
/**
* Display the dashboard for a specific user.
*
* @param int $id
* @return \Illuminate\Http\Response
*/
public function show($id = null)
{
if ($id == null) {
$id = Auth::id();
}
$user = User::find($id);
if ($user == null) {
abort(404);
}
if ($user->id != Auth::id() && !Auth::user()->can('board')) {
abort(403);
}
$qrcode = null;
$tfakey = null;
if (!$user->tfa_totp_key) {
$google2fa = new Google2FA();
$tfakey = $google2fa->generateSecretKey(32);
$qrcode = $google2fa->getQRCodeGoogleUrl('S.A.%20Proto', str_replace(' ', '%20', $user->name), $tfakey);
}
$utwente = $user->getUtwenteData();
return view('users.dashboard.dashboard', ['user' => $user, 'tfa_qrcode' => $qrcode, 'tfa_key' => $tfakey, 'utwente' => $utwente]);
}
/**
* Handle a login request to the application.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
public function login(Request $request)
{
$this->validate($request, ['email' => 'required|email', 'password' => 'required']);
if ($lockedOut = $this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
// Is the email & password valid?
if (!Auth::attempt(['email' => $request->input('email'), 'password' => $request->input('password')], $request->has('remember'))) {
if (!$lockedOut) {
$this->incrementLoginAttempts($request);
}
return $this->sendFailedLoginResponse($request);
}
$G2FA = new Google2FA();
$user = User::select('use_totp', 'totp_secret')->where('email', $request->input('email'))->first();
// Verify TOTP Token was Valid
if ($user->use_totp === 1) {
if (!$G2FA->verifyKey($user->totp_secret, $request->input('totp_token'))) {
Auth::logout();
if (!$lockedOut) {
$this->incrementLoginAttempts($request);
}
Alert::danger(trans('auth.totp_failed'))->flash();
return $this->sendFailedLoginResponse($request);
}
}
return $this->sendLoginResponse($request);
}
public function postLogin(Request $request, Google2FA $google2fa)
{
if (Auth::check()) {
return Redirect::route('homepage');
} else {
if ($request->session()->has('2fa_user') && ($request->has('2fa_totp_token') || $request->has('2fa_yubikey_token'))) {
if ($request->has('2fa_totp_token') && $request->has('2fa_yubikey_token')) {
$request->session()->flash('flash_message', 'Please enter only one of the tokens.');
$request->session()->reflash();
return view('auth.2fa');
} elseif ($request->session()->get('2fa_user')->tfa_totp_key && $request->has('2fa_totp_token') && $request->input('2fa_totp_token') != '') {
// Catching Two Factor Authentication attempt
if ($google2fa->verifyKey($request->session()->get('2fa_user')->tfa_totp_key, $request->input('2fa_totp_token'))) {
Auth::login($request->session()->get('2fa_user'), $request->session()->get('2fa_remember'));
return Redirect::intended(route('homepage'));
} else {
$request->session()->flash('flash_message', 'Invalid TOTP. Please try again.');
$request->session()->reflash();
return view('auth.2fa');
}
} elseif ($request->session()->get('2fa_user')->tfa_yubikey_identity && $request->has('2fa_yubikey_token') && $request->input('2fa_yubikey_token') != '') {
try {
if (Yubikey::verify($request->input('2fa_yubikey_token'))) {
Auth::login($request->session()->get('2fa_user'), $request->session()->get('2fa_remember'));
return Redirect::intended(route('homepage'));
} else {
$request->session()->flash('flash_message', 'Invalid YubiKey token. Please try again.');
$request->session()->reflash();
return view('auth.2fa');
}
} catch (\Exception $e) {
$request->session()->flash('flash_message', $e->getMessage());
$request->session()->reflash();
return view('auth.2fa');
}
} else {
$request->session()->flash('flash_message', 'Invalid authentication attempt. Try again.');
$request->session()->reflash();
return view('auth.2fa');
}
} else {
// This is the real deal!
$username = $request->input('email');
$password = $request->input('password');
$remember = $request->input('remember');
$user = AuthController::verifyCredentials($username, $password);
if ($user) {
// Catch users that have 2FA enabled.
if ($user->tfa_totp_key || $user->tfa_yubikey_identity) {
$request->session()->flash('2fa_user', $user);
$request->session()->flash('2fa_remember', $remember);
return view('auth.2fa');
} else {
Auth::login($user, $remember);
return Redirect::intended(route('homepage'));
}
}
}
}
$request->session()->flash('flash_message', 'Invalid username of password provided.');
return Redirect::route('login::show');
}
/**
* Verify OTP Key.
*
* @param string $secret
* @param string $code
* @return boolean
*/
protected function verifykey($secret, $code)
{
return $this->twofactor->verifyKey($secret, $code);
}
