public function index(Redirector $redirect, Repository $config) { $secret = $this->request->input('twofa'); $twofa = new Google2FA(); $valid = $twofa->verifyKey(\Auth::user()->twofa_secret, $secret); if ($valid === false) { $this->messages->error('Your code was not accepted. Please try again'); } else { $this->request->session()->put('minioak::twofa::authenticated', true); } return $redirect->to($config->get('anomaly.module.users::paths.home', 'admin/dashboard')); }
public function timebasedPost(Request $request, $user_id, Google2FA $google2fa) { $user = User::findOrFail($user_id); if ($user->id != Auth::id() && !Auth::user()->can('board')) { abort(403); } $code = $request->input('2facode'); $secret = $request->input('2fakey'); if ($google2fa->verifyKey($secret, $code)) { $user->tfa_totp_key = $secret; $user->save(); $request->session()->flash('flash_message', 'Time-Based 2 Factor Authentication enabled!'); return Redirect::route('user::dashboard', ['id' => $user->id]); } else { $request->session()->flash('flash_message', 'The code you entered is not correct. Remove the account from your 2FA app and try again.'); return Redirect::route('user::dashboard', ['id' => $user->id]); } }
/** * Handle a login request to the application. * * @param \Illuminate\Http\Request $request * @return \Illuminate\Http\Response */ public function login(Request $request) { $this->validate($request, ['email' => 'required|email', 'password' => 'required']); if ($lockedOut = $this->hasTooManyLoginAttempts($request)) { $this->fireLockoutEvent($request); return $this->sendLockoutResponse($request); } // Is the email & password valid? if (!Auth::attempt(['email' => $request->input('email'), 'password' => $request->input('password')], $request->has('remember'))) { if (!$lockedOut) { $this->incrementLoginAttempts($request); } return $this->sendFailedLoginResponse($request); } $G2FA = new Google2FA(); $user = User::select('use_totp', 'totp_secret')->where('email', $request->input('email'))->first(); // Verify TOTP Token was Valid if ($user->use_totp === 1) { if (!$G2FA->verifyKey($user->totp_secret, $request->input('totp_token'))) { Auth::logout(); if (!$lockedOut) { $this->incrementLoginAttempts($request); } Alert::danger(trans('auth.totp_failed'))->flash(); return $this->sendFailedLoginResponse($request); } } return $this->sendLoginResponse($request); }
public function postLogin(Request $request, Google2FA $google2fa) { if (Auth::check()) { return Redirect::route('homepage'); } else { if ($request->session()->has('2fa_user') && ($request->has('2fa_totp_token') || $request->has('2fa_yubikey_token'))) { if ($request->has('2fa_totp_token') && $request->has('2fa_yubikey_token')) { $request->session()->flash('flash_message', 'Please enter only one of the tokens.'); $request->session()->reflash(); return view('auth.2fa'); } elseif ($request->session()->get('2fa_user')->tfa_totp_key && $request->has('2fa_totp_token') && $request->input('2fa_totp_token') != '') { // Catching Two Factor Authentication attempt if ($google2fa->verifyKey($request->session()->get('2fa_user')->tfa_totp_key, $request->input('2fa_totp_token'))) { Auth::login($request->session()->get('2fa_user'), $request->session()->get('2fa_remember')); return Redirect::intended(route('homepage')); } else { $request->session()->flash('flash_message', 'Invalid TOTP. Please try again.'); $request->session()->reflash(); return view('auth.2fa'); } } elseif ($request->session()->get('2fa_user')->tfa_yubikey_identity && $request->has('2fa_yubikey_token') && $request->input('2fa_yubikey_token') != '') { try { if (Yubikey::verify($request->input('2fa_yubikey_token'))) { Auth::login($request->session()->get('2fa_user'), $request->session()->get('2fa_remember')); return Redirect::intended(route('homepage')); } else { $request->session()->flash('flash_message', 'Invalid YubiKey token. Please try again.'); $request->session()->reflash(); return view('auth.2fa'); } } catch (\Exception $e) { $request->session()->flash('flash_message', $e->getMessage()); $request->session()->reflash(); return view('auth.2fa'); } } else { $request->session()->flash('flash_message', 'Invalid authentication attempt. Try again.'); $request->session()->reflash(); return view('auth.2fa'); } } else { // This is the real deal! $username = $request->input('email'); $password = $request->input('password'); $remember = $request->input('remember'); $user = AuthController::verifyCredentials($username, $password); if ($user) { // Catch users that have 2FA enabled. if ($user->tfa_totp_key || $user->tfa_yubikey_identity) { $request->session()->flash('2fa_user', $user); $request->session()->flash('2fa_remember', $remember); return view('auth.2fa'); } else { Auth::login($user, $remember); return Redirect::intended(route('homepage')); } } } } $request->session()->flash('flash_message', 'Invalid username of password provided.'); return Redirect::route('login::show'); }
/** * Verify OTP Key. * * @param string $secret * @param string $code * @return boolean */ protected function verifykey($secret, $code) { return $this->twofactor->verifyKey($secret, $code); }