/** * Updates the current user. * * @return \Illuminate\View\View */ public function postUser() { $userData = array_filter(Binput::only(['username', 'email', 'password', 'google2fa'])); $enable2FA = (bool) array_pull($userData, 'google2fa'); // Let's enable/disable auth if ($enable2FA && !Auth::user()->hasTwoFactor) { $userData['google_2fa_secret'] = Google2FA::generateSecretKey(); } elseif (!$enable2FA) { $userData['google_2fa_secret'] = ''; } try { Auth::user()->update($userData); } catch (ValidationException $e) { return Redirect::route('dashboard.user')->withInput($userData)->withTitle(sprintf('%s %s', trans('dashboard.notifications.whoops'), trans('dashboard.team.edit.failure')))->withErrors($e->getMessageBag()); } return Redirect::route('dashboard.user')->withSuccess(sprintf('%s %s', trans('dashboard.notifications.awesome'), trans('dashboard.team.edit.success'))); }
/** * Validates the Two Factor token. * * This feels very hacky, but we have to juggle authentication and codes. * * @return \Illuminate\Http\RedirectResponse */ public function postTwoFactor() { // Check that we have a session. if ($userId = Session::pull('2fa_id')) { $code = Binput::get('code'); // Maybe a temp login here. Auth::loginUsingId($userId); $valid = Google2FA::verifyKey(Auth::user()->google_2fa_secret, $code); if ($valid) { return Redirect::intended('dashboard'); } else { // Failed login, log back out. Auth::logout(); return Redirect::route('auth.login')->withError(trans('forms.login.invalid-token')); } } return Redirect::route('auth.login')->withError(trans('forms.login.invalid-token')); }
/** * Updates the current user. * * @return \Illuminate\View\View */ public function postUser() { $items = Binput::all(); $passwordChange = array_get($items, 'password'); $enable2FA = (bool) array_pull($items, 'google2fa'); // Let's enable/disable auth if ($enable2FA && !Auth::user()->hasTwoFactor) { $items['google_2fa_secret'] = Google2FA::generateSecretKey(); } elseif (!$enable2FA) { $items['google_2fa_secret'] = ''; } if (trim($passwordChange) === '') { unset($items['password']); } try { Auth::user()->update($items); } catch (ValidationException $e) { return Redirect::back()->withInput(Binput::except('password'))->withTitle(sprintf('%s %s', trans('dashboard.notifications.whoops'), trans('dashboard.team.edit.failure')))->withErrors($e->getMessageBag()); } return Redirect::back()->withSuccess(sprintf('%s %s', trans('dashboard.notifications.awesome'), trans('dashboard.team.edit.success'))); }
/** * Updates the current user. * * @return \Illuminate\View\View */ public function postUser() { $items = Binput::all(); $passwordChange = array_get($items, 'password'); $enable2FA = (bool) array_pull($items, 'google2fa'); // Let's enable/disable auth if ($enable2FA && !Auth::user()->hasTwoFactor) { $items['google_2fa_secret'] = Google2FA::generateSecretKey(); } elseif (!$enable2FA) { $items['google_2fa_secret'] = ''; } if (trim($passwordChange) === '') { unset($items['password']); } $user = Auth::user(); $user->update($items); if (!$user->isValid()) { return Redirect::back()->withInput(Binput::except('password'))->with('title', sprintf('%s %s', trans('dashboard.notifications.whoops'), trans('dashboard.team.edit.failure')))->with('errors', $user->getErrors()); } $successMsg = sprintf('%s %s', trans('dashboard.notifications.awesome'), trans('dashboard.team.edit.success')); return Redirect::back()->with('success', $successMsg); }
/** * Validates the 2FA code. * * @param Request $request * @return Response */ public function postTwoFactorAuthentication(Request $request) { $user_id = Session::pull('2fa_user_id'); $remember = Session::pull('2fa_login_remember'); if ($user_id) { $auth = Auth::guard($this->getGuard()); $auth->loginUsingId($user_id, $remember); if (Google2FA::verifyKey($auth->user()->google2fa_secret, $request->get('2fa_code'))) { return $this->handleUserWasAuthenticated($request, true); } $auth->logout(); return redirect()->route('login')->withError(Lang::get('auth.invalid_code')); } return redirect()->route('login')->withError(Lang::get('auth.invalid_code')); }
/** * Activates two factor authentication. * @param Request $request * @return Response */ public function twoFactor(Request $request) { $secret = null; if ($request->has('two_factor')) { $secret = $request->get('google_code'); if (!Google2FA::verifyKey($secret, $request->get('2fa_code'))) { $secret = null; return redirect()->back()->withInput($request->only('google_code', 'two_factor'))->withError(Lang::get('auth.invalid_code')); } } $user = Auth::user(); $user->google2fa_secret = $secret; $user->save(); return redirect()->to('/'); }