Nemcio/Grav-Admin-Plugin
1
0
Fork 0
mirror of https://github.com/getgrav/grav-plugin-admin.git synced 2026-02-22 14:38:06 +01:00
Code Issues Packages Projects Releases Activity

Fix session secret for 2FA

Browse Source
This commit is contained in:
Matias Griese
2018-05-10 11:51:27 +03:00
parent b7da3e98ac
commit 6d3e16dc07
2 changed files with 13 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
classes/admincontroller.php
View File

@@ -176,25 +176,26 @@ class AdminController extends AdminBaseController
try {
/** @var User $user */
$user = clone $this->grav['user'];
$user = $this->grav['user'];
/** @var TwoFactorAuth $twoFa */
$twoFa = $this->grav['login']->twoFactorAuth();
$secret = $twoFa->createSecret(160);
$image = $twoFa->getQrImageData($user->username, $secret);
$user->twofa_secret = str_replace(' ','', $secret);
unset($user->authenticated);
// Save secret into the user file.
$file = $user->file();
if ($file->exists()) {
$content = $file->content();
$content['twofa_secret'] = $user->twofa_secret;
$content['twofa_secret'] = $secret;
$file->save($content);
$file->free();
}
$this->admin->json_response = ['status' => 'success', 'image' => $image, 'secret' => trim(chunk_split($secret, 4, ' '))];
// Change secret in the session.
$user->twofa_secret = $secret;
$this->admin->json_response = ['status' => 'success', 'image' => $image, 'secret' => preg_replace('|(\w{4})|', '\\1 ', $secret)];
} catch (\Exception $e) {
$this->admin->json_response = ['status' => 'error', 'message' => $e->getMessage()];
return false;

10
themes/grav/templates/forms/fields/2fa_secret/2fa_secret.html.twig
View File

@@ -3,16 +3,18 @@
{% block input %}
<div class="form-input-wrapper twofa-wrapper">
{% try %}
{% set user = grav.user %}
{% set image = grav.login.twoFactorAuth.getQrImageData(user.username, user.twofa_secret) %}
{% set user = grav.user %}
{% set image = grav.login.twoFactorAuth.getQrImageData(user.username, user.twofa_secret) %}
{% set secret = user.twofa_secret|regex_replace('/(\\w{4})/', '\\1 ') %}
<img style="border: 1px solid #ddd" data-2fa-image src="{{ image }}" />
<div>
<span>{{ 'PLUGIN_ADMIN.2FA_SECRET'|tu }}: </span><span class="twofa-secret-code" data-2fa-secret>{{ user.twofa_secret }}</span>
<span>{{ 'PLUGIN_ADMIN.2FA_SECRET'|tu }}: </span><span class="twofa-secret-code" data-2fa-secret>{{ secret }}</span>
</div>
<div class="danger twofa-wrapper">
<button data-hint="{{ 'PLUGIN_ADMIN.2FA_REGEN_HINT'|tu }}" class="button button-small hint--bottom" data-2fa-regenerate><i class="fa fa-fw fa-refresh"></i> {{ 'PLUGIN_ADMIN.2FA_REGENERATE'|t }}</button>
</div>
<input type="text" class="no-form" style="display:none;" name="{{ (scope ~ field.name)|fieldName }}" data-2fa-value value="{{ user.twofa_secret }}" />
<input type="text" class="no-form" style="display:none;" name="{{ (scope ~ field.name)|fieldName }}" data-2fa-value value="{{ secret }}" />
{% catch %}
<div class="notice error">