initial commit at dedicated page

2025-11-07 22:05:59 +01:00 · 2017-08-26 18:25:34 -06:00
parent 853acb2057
commit 8ca011dcd6
8 changed files with 70 additions and 27 deletions
--- a/classes/admin.php
+++ b/classes/admin.php
@@ -364,7 +364,6 @@ class Admin
            }

            if ($user->exists()) {
-                $user->authenticated = true;

                // Authenticate user.
                $result = $user->authenticate($data['password']);
@@ -375,22 +374,20 @@ class Admin
            }
        }

-        $action = [];
+
+        $twofa_admin_enabled = $this->grav['config']->get('plugins.admin.twofa_enabled', false);
+        if ($twofa_admin_enabled && isset($user->twofa_enabled) &&
+            $user->twofa_enabled == true && !$user->authenticated) {
+            $this->session->redirect = $post['redirect'];
+            $this->session->user = $user;
+
+            $this->grav->redirect($this->base . '/twofa');
+        }
+

        if ($user->authorize('admin.login')) {

-            $twofa_admin_enabled = $this->grav['config']->get('plugins.admin.twofa_enabled', false);
-
-
-
-            if ($twofa_admin_enabled && isset($user->twofa_enabled) && $user->twofa_enabled == true) {
-                $twofa = $this->get2FA();
-
-                $secret = isset($user->twofa_secret) ? $user->twofa_secret : null;
-                if (!(isset($data['2fa_code']) && $twofa->verifyCode($secret, $data['2fa_code']))) {
-                    return false;
-                }
-            }
+            $user->authenticated = true;

            $this->user = $this->session->user = $user;

--- a/classes/adminbasecontroller.php
+++ b/classes/adminbasecontroller.php
@@ -93,9 +93,9 @@ class AdminBaseController
            return false;
        }

-//        if (!$this->validateNonce()) {
-//            return false;
-//        }
+        if (!$this->validateNonce()) {
+            return false;
+        }

        $method = 'task' . ucfirst($this->task);

--- a/classes/admincontroller.php
+++ b/classes/admincontroller.php
@@ -699,6 +699,19 @@ class AdminController extends AdminBaseController
        return true;
    }

+    protected function task2faverify()
+    {
+        $twofa = $this->admin->get2FA();
+        $user = $this->grav['user'];
+
+        $secret = isset($user->twofa_secret) ? $user->twofa_secret : null;
+
+        if (!(isset($this->data['2fa_code']) && $twofa->verifyCode($secret, $this->data['2fa_code']))) {
+            $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.2FA_FAILED'), 'error');
+            return true;
+        }
+    }
+
    /**
     * Handle logout.
     *
--- a/languages/en.yaml
+++ b/languages/en.yaml
@@ -684,6 +684,7 @@ PLUGIN_ADMIN:
  ENABLE_AUTO_METADATA_HELP: "Automatically generate metadata files for images with exif information"
  2FA_TITLE: "2-Factor Authentication"
  2FA_LABEL: "Admin Access"
+  2FA_FAILED: "Invalid 2-Factor Authentication code, please try again..."
  2FA_ENABLED: "2FA Enabled"
  2FA_CODE_INPUT: "2FA Code (if enabled)"
  2FA_SECRET: "2FA Secret"
--- a/pages/admin/login.md
+++ b/pages/admin/login.md
@@ -20,13 +20,13 @@ form:
            validate:
                required: true
            
-        twofa_check:
-            type: conditional
-            condition: config.plugins.admin.twofa_enabled    
-           
-            fields:
-           
-                2fa_code:
-                    type: text
-                    placeholder: PLUGIN_ADMIN.2FA_CODE_INPUT   
+#        twofa_check:
+#            type: conditional
+#            condition: config.plugins.admin.twofa_enabled    
+#           
+#            fields:
+#           
+#                2fa_code:
+#                    type: text
+#                    placeholder: PLUGIN_ADMIN.2FA_CODE_INPUT   
 ---
--- a/pages/admin/twofa.md
+++ b/pages/admin/twofa.md
@@ -0,0 +1,13 @@
+---
+title: 2-Factor Authentication
+
+form:               
+    fields:
+        2fa_instructions:
+            type: display
+            markdown: true
+            content: These are some **important** instructions
+        2fa_code:
+            type: text
+            placeholder: PLUGIN_ADMIN.2FA_CODE_INPUT 
+---
--- a/themes/grav/templates/partials/login.html.twig
+++ b/themes/grav/templates/partials/login.html.twig
@@ -13,10 +13,12 @@

        {% block instructions %}{% endblock %}

+        {% set redirect = redirect ?: uri.route(false) %}
+
        <form method="post" action="{{ base_url_relative }}">
            <div class="padding">
                {% block form %}{% endblock %}
-                <input type="hidden" name="redirect" value="{{ uri.route(false) }}" />
+                <input type="hidden" name="redirect" value="{{ redirect }}" />
                {{ nonce_field('admin-form', 'admin-nonce')|raw }}
            </div>
        </form>
--- a/themes/grav/templates/twofa.html.twig
+++ b/themes/grav/templates/twofa.html.twig
@@ -0,0 +1,17 @@
+{% embed 'partials/login.html.twig' with {title:'Grav 2-Factor Authentication', redirect: admin.session.redirect} %}
+
+    {% block form %}
+        {% for field in form.fields %}
+            {% if field.type %}
+                <div>
+                    {% include ["forms/fields/#{field.type}/#{field.type}.html.twig", 'forms/fields/text/text.html.twig'] %}
+                </div>
+            {% endif %}
+        {% endfor %}
+        <div class="form-actions primary-accent">
+            <button type="submit" class="button primary" name="task" value="2faverify"><i class="fa fa-sign-in"></i> {{ 'PLUGIN_ADMIN.LOGIN_BTN'|tu }}</button>
+        </div>
+    {% endblock %}
+
+{% endembed %}
+