diff --git a/classes/admin.php b/classes/admin.php
index 9159de22..b96a605a 100644
--- a/classes/admin.php
+++ b/classes/admin.php
@@ -364,7 +364,6 @@ class Admin
}
if ($user->exists()) {
- $user->authenticated = true;
// Authenticate user.
$result = $user->authenticate($data['password']);
@@ -375,22 +374,20 @@ class Admin
}
}
- $action = [];
+
+ $twofa_admin_enabled = $this->grav['config']->get('plugins.admin.twofa_enabled', false);
+ if ($twofa_admin_enabled && isset($user->twofa_enabled) &&
+ $user->twofa_enabled == true && !$user->authenticated) {
+ $this->session->redirect = $post['redirect'];
+ $this->session->user = $user;
+
+ $this->grav->redirect($this->base . '/twofa');
+ }
+
if ($user->authorize('admin.login')) {
- $twofa_admin_enabled = $this->grav['config']->get('plugins.admin.twofa_enabled', false);
-
-
-
- if ($twofa_admin_enabled && isset($user->twofa_enabled) && $user->twofa_enabled == true) {
- $twofa = $this->get2FA();
-
- $secret = isset($user->twofa_secret) ? $user->twofa_secret : null;
- if (!(isset($data['2fa_code']) && $twofa->verifyCode($secret, $data['2fa_code']))) {
- return false;
- }
- }
+ $user->authenticated = true;
$this->user = $this->session->user = $user;
diff --git a/classes/adminbasecontroller.php b/classes/adminbasecontroller.php
index bdc7a40b..1ebeb3b4 100644
--- a/classes/adminbasecontroller.php
+++ b/classes/adminbasecontroller.php
@@ -93,9 +93,9 @@ class AdminBaseController
return false;
}
-// if (!$this->validateNonce()) {
-// return false;
-// }
+ if (!$this->validateNonce()) {
+ return false;
+ }
$method = 'task' . ucfirst($this->task);
diff --git a/classes/admincontroller.php b/classes/admincontroller.php
index e4e45c01..e36d4edd 100644
--- a/classes/admincontroller.php
+++ b/classes/admincontroller.php
@@ -699,6 +699,19 @@ class AdminController extends AdminBaseController
return true;
}
+ protected function task2faverify()
+ {
+ $twofa = $this->admin->get2FA();
+ $user = $this->grav['user'];
+
+ $secret = isset($user->twofa_secret) ? $user->twofa_secret : null;
+
+ if (!(isset($this->data['2fa_code']) && $twofa->verifyCode($secret, $this->data['2fa_code']))) {
+ $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.2FA_FAILED'), 'error');
+ return true;
+ }
+ }
+
/**
* Handle logout.
*
diff --git a/languages/en.yaml b/languages/en.yaml
index 3c98f461..4d751403 100644
--- a/languages/en.yaml
+++ b/languages/en.yaml
@@ -684,6 +684,7 @@ PLUGIN_ADMIN:
ENABLE_AUTO_METADATA_HELP: "Automatically generate metadata files for images with exif information"
2FA_TITLE: "2-Factor Authentication"
2FA_LABEL: "Admin Access"
+ 2FA_FAILED: "Invalid 2-Factor Authentication code, please try again..."
2FA_ENABLED: "2FA Enabled"
2FA_CODE_INPUT: "2FA Code (if enabled)"
2FA_SECRET: "2FA Secret"
diff --git a/pages/admin/login.md b/pages/admin/login.md
index bc478fc1..30b90a93 100644
--- a/pages/admin/login.md
+++ b/pages/admin/login.md
@@ -20,13 +20,13 @@ form:
validate:
required: true
- twofa_check:
- type: conditional
- condition: config.plugins.admin.twofa_enabled
-
- fields:
-
- 2fa_code:
- type: text
- placeholder: PLUGIN_ADMIN.2FA_CODE_INPUT
+# twofa_check:
+# type: conditional
+# condition: config.plugins.admin.twofa_enabled
+#
+# fields:
+#
+# 2fa_code:
+# type: text
+# placeholder: PLUGIN_ADMIN.2FA_CODE_INPUT
---
diff --git a/pages/admin/twofa.md b/pages/admin/twofa.md
new file mode 100644
index 00000000..9ac94f0a
--- /dev/null
+++ b/pages/admin/twofa.md
@@ -0,0 +1,13 @@
+---
+title: 2-Factor Authentication
+
+form:
+ fields:
+ 2fa_instructions:
+ type: display
+ markdown: true
+ content: These are some **important** instructions
+ 2fa_code:
+ type: text
+ placeholder: PLUGIN_ADMIN.2FA_CODE_INPUT
+---
diff --git a/themes/grav/templates/partials/login.html.twig b/themes/grav/templates/partials/login.html.twig
index e318c6b8..50a50a5e 100644
--- a/themes/grav/templates/partials/login.html.twig
+++ b/themes/grav/templates/partials/login.html.twig
@@ -13,10 +13,12 @@
{% block instructions %}{% endblock %}
+ {% set redirect = redirect ?: uri.route(false) %}
+
diff --git a/themes/grav/templates/twofa.html.twig b/themes/grav/templates/twofa.html.twig
new file mode 100644
index 00000000..f82623a8
--- /dev/null
+++ b/themes/grav/templates/twofa.html.twig
@@ -0,0 +1,17 @@
+{% embed 'partials/login.html.twig' with {title:'Grav 2-Factor Authentication', redirect: admin.session.redirect} %}
+
+ {% block form %}
+ {% for field in form.fields %}
+ {% if field.type %}
+
+ {% include ["forms/fields/#{field.type}/#{field.type}.html.twig", 'forms/fields/text/text.html.twig'] %}
+
+ {% endif %}
+ {% endfor %}
+
+
+
+ {% endblock %}
+
+{% endembed %}
+