mirror of
https://github.com/firefly-iii/firefly-iii.git
synced 2026-02-15 00:01:06 +00:00
🤖 Auto commit for release 'develop' on 2026-01-19
This commit is contained in:
JC5
@@ -70,7 +70,7 @@ class LoginController extends Controller
|
||||
protected string $redirectTo = RouteServiceProvider::HOME;
|
||||
private UserRepositoryInterface $repository;
|
||||
|
||||
private string $username = 'email';
|
||||
private string $username = 'email';
|
||||
|
||||
/**
|
||||
* Create a new controller instance.
|
||||
@@ -87,7 +87,7 @@ class LoginController extends Controller
|
||||
*
|
||||
* @throws ValidationException
|
||||
*/
|
||||
public function login(Request $request): JsonResponse | RedirectResponse
|
||||
public function login(Request $request): JsonResponse|RedirectResponse
|
||||
{
|
||||
$username = $request->get($this->username());
|
||||
Log::channel('audit')->info(sprintf('User is trying to login using "%s"', $username));
|
||||
@@ -105,7 +105,8 @@ class LoginController extends Controller
|
||||
$this->username => trans('auth.failed'),
|
||||
]
|
||||
)
|
||||
->onlyInput($this->username);
|
||||
->onlyInput($this->username)
|
||||
;
|
||||
}
|
||||
Log::debug('Login data is present.');
|
||||
|
||||
@@ -186,10 +187,10 @@ class LoginController extends Controller
|
||||
/**
|
||||
* Log the user out of the application.
|
||||
*/
|
||||
public function logout(Request $request): Redirector | RedirectResponse | Response
|
||||
public function logout(Request $request): Redirector|RedirectResponse|Response
|
||||
{
|
||||
$authGuard = config('firefly.authentication_guard');
|
||||
$logoutUrl = config('firefly.custom_logout_url');
|
||||
$authGuard = config('firefly.authentication_guard');
|
||||
$logoutUrl = config('firefly.custom_logout_url');
|
||||
if ('remote_user_guard' === $authGuard && '' !== $logoutUrl) {
|
||||
return redirect($logoutUrl);
|
||||
}
|
||||
@@ -223,13 +224,13 @@ class LoginController extends Controller
|
||||
* @throws ContainerExceptionInterface
|
||||
* @throws NotFoundExceptionInterface
|
||||
*/
|
||||
public function showLoginForm(Request $request): Factory | Redirector | RedirectResponse | View
|
||||
public function showLoginForm(Request $request): Factory|Redirector|RedirectResponse|View
|
||||
{
|
||||
Log::channel('audit')->info('Show login form (1.1).');
|
||||
|
||||
$count = DB::table('users')->count();
|
||||
$guard = config('auth.defaults.guard');
|
||||
$title = (string)trans('firefly.login_page_title');
|
||||
$count = DB::table('users')->count();
|
||||
$guard = config('auth.defaults.guard');
|
||||
$title = (string)trans('firefly.login_page_title');
|
||||
|
||||
if (0 === $count && 'web' === $guard) {
|
||||
return redirect(route('register'));
|
||||
@@ -249,15 +250,15 @@ class LoginController extends Controller
|
||||
$allowReset = false;
|
||||
}
|
||||
|
||||
$email = $request->old('email');
|
||||
$remember = $request->old('remember');
|
||||
$email = $request->old('email');
|
||||
$remember = $request->old('remember');
|
||||
|
||||
$storeInCookie = config('google2fa.store_in_cookie', false);
|
||||
$storeInCookie = config('google2fa.store_in_cookie', false);
|
||||
if (false !== $storeInCookie) {
|
||||
$cookieName = config('google2fa.cookie_name', 'google2fa_token');
|
||||
Cookie::queue(Cookie::make($cookieName, 'invalid-' . Carbon::now()->getTimestamp()));
|
||||
Cookie::queue(Cookie::make($cookieName, 'invalid-'.Carbon::now()->getTimestamp()));
|
||||
}
|
||||
$usernameField = $this->username();
|
||||
$usernameField = $this->username();
|
||||
|
||||
return view('auth.login', ['allowRegistration' => $allowRegistration, 'email' => $email, 'remember' => $remember, 'allowReset' => $allowReset, 'title' => $title, 'usernameField' => $usernameField]);
|
||||
}
|
||||
|
||||
@@ -24,8 +24,6 @@ declare(strict_types=1);
|
||||
namespace FireflyIII\Http\Controllers\Auth;
|
||||
|
||||
use Carbon\Carbon;
|
||||
use FireflyIII\Events\Security\MFAManyFailedAttempts;
|
||||
use FireflyIII\Events\Security\MFAUsedBackupCode;
|
||||
use FireflyIII\Events\Security\User\UserHasFewMFABackupCodesLeft;
|
||||
use FireflyIII\Events\Security\User\UserHasNoMFABackupCodesLeft;
|
||||
use FireflyIII\Events\Security\User\UserHasUsedBackupCode;
|
||||
@@ -51,7 +49,7 @@ class TwoFactorController extends Controller
|
||||
/**
|
||||
* What to do if 2FA lost?
|
||||
*/
|
||||
public function lostTwoFactor(): Factory | View
|
||||
public function lostTwoFactor(): Factory|View
|
||||
{
|
||||
/** @var User $user */
|
||||
$user = auth()->user();
|
||||
@@ -65,11 +63,11 @@ class TwoFactorController extends Controller
|
||||
* @throws ContainerExceptionInterface
|
||||
* @throws NotFoundExceptionInterface
|
||||
*/
|
||||
public function submitMFA(Request $request): Redirector | RedirectResponse
|
||||
public function submitMFA(Request $request): Redirector|RedirectResponse
|
||||
{
|
||||
/** @var array $mfaHistory */
|
||||
$mfaHistory = Preferences::get('mfa_history', [])->data;
|
||||
$mfaCode = (string)$request->get('one_time_password');
|
||||
$mfaHistory = Preferences::get('mfa_history', [])->data;
|
||||
$mfaCode = (string)$request->get('one_time_password');
|
||||
|
||||
// is in history? then refuse to use it.
|
||||
if ($this->inMFAHistory($mfaCode, $mfaHistory)) {
|
||||
@@ -84,7 +82,7 @@ class TwoFactorController extends Controller
|
||||
|
||||
// if not OK, save error.
|
||||
if (!$authenticator->isAuthenticated()) {
|
||||
$user = auth()->user();
|
||||
$user = auth()->user();
|
||||
$this->addToMFAFailureCounter();
|
||||
$counter = $this->getMFAFailureCounter();
|
||||
if (3 === $counter || 10 === $counter) {
|
||||
@@ -222,7 +220,7 @@ class TwoFactorController extends Controller
|
||||
*/
|
||||
private function removeFromBackupCodes(string $mfaCode): void
|
||||
{
|
||||
$list = Preferences::get('mfa_recovery', [])->data;
|
||||
$list = Preferences::get('mfa_recovery', [])->data;
|
||||
if (!is_array($list)) {
|
||||
$list = [];
|
||||
}
|
||||
|
||||
@@ -25,7 +25,6 @@ declare(strict_types=1);
|
||||
namespace FireflyIII\Http\Controllers\Profile;
|
||||
|
||||
use Carbon\Carbon;
|
||||
use FireflyIII\Events\Security\MFANewBackupCodes;
|
||||
use FireflyIII\Events\Security\User\UserHasDisabledMFA;
|
||||
use FireflyIII\Events\Security\User\UserHasEnabledMFA;
|
||||
use FireflyIII\Events\Security\User\UserHasGeneratedNewBackupCodes;
|
||||
@@ -86,7 +85,7 @@ class MfaController extends Controller
|
||||
|
||||
}
|
||||
|
||||
public function backupCodes(Request $request): Factory | RedirectResponse | View
|
||||
public function backupCodes(Request $request): Factory|RedirectResponse|View
|
||||
{
|
||||
if (!$this->internalAuth) {
|
||||
$request->session()->flash('error', trans('firefly.external_user_mgt_disabled'));
|
||||
@@ -103,14 +102,14 @@ class MfaController extends Controller
|
||||
return view('profile.mfa.backup-codes-intro');
|
||||
}
|
||||
|
||||
public function backupCodesPost(ExistingTokenFormRequest $request): Redirector | RedirectResponse | View
|
||||
public function backupCodesPost(ExistingTokenFormRequest $request): Redirector|RedirectResponse|View
|
||||
{
|
||||
if (!$this->internalAuth) {
|
||||
$request->session()->flash('error', trans('firefly.external_user_mgt_disabled'));
|
||||
|
||||
return redirect(route('profile.index'));
|
||||
}
|
||||
$enabledMFA = null !== auth()->user()->mfa_secret;
|
||||
$enabledMFA = null !== auth()->user()->mfa_secret;
|
||||
if (false === $enabledMFA) {
|
||||
request()->session()->flash('info', trans('firefly.mfa_not_enabled'));
|
||||
|
||||
@@ -119,17 +118,18 @@ class MfaController extends Controller
|
||||
// generate recovery codes:
|
||||
$recovery = app(Recovery::class);
|
||||
$recoveryCodes = $recovery->lowercase()
|
||||
->setCount(8) // Generate 8 codes
|
||||
->setBlocks(2) // Every code must have 2 blocks
|
||||
->setChars(6) // Each block must have 6 chars
|
||||
->toArray();
|
||||
->setCount(8) // Generate 8 codes
|
||||
->setBlocks(2) // Every code must have 2 blocks
|
||||
->setChars(6) // Each block must have 6 chars
|
||||
->toArray()
|
||||
;
|
||||
$codes = implode("\r\n", $recoveryCodes);
|
||||
|
||||
Preferences::set('mfa_recovery', $recoveryCodes);
|
||||
Preferences::mark();
|
||||
|
||||
// send user notification.
|
||||
$user = auth()->user();
|
||||
$user = auth()->user();
|
||||
Log::channel('audit')->info(sprintf('User "%s" has generated new backup codes.', $user->email));
|
||||
event(new UserHasGeneratedNewBackupCodes($user));
|
||||
|
||||
@@ -137,14 +137,14 @@ class MfaController extends Controller
|
||||
|
||||
}
|
||||
|
||||
public function disableMFA(Request $request): Factory | RedirectResponse | View
|
||||
public function disableMFA(Request $request): Factory|RedirectResponse|View
|
||||
{
|
||||
if (!$this->internalAuth) {
|
||||
request()->session()->flash('error', trans('firefly.external_user_mgt_disabled'));
|
||||
|
||||
return redirect(route('profile.index'));
|
||||
}
|
||||
$enabledMFA = null !== auth()->user()->mfa_secret;
|
||||
$enabledMFA = null !== auth()->user()->mfa_secret;
|
||||
if (false === $enabledMFA) {
|
||||
request()->session()->flash('info', trans('firefly.mfa_already_disabled'));
|
||||
|
||||
@@ -159,7 +159,7 @@ class MfaController extends Controller
|
||||
/**
|
||||
* Delete 2FA routine.
|
||||
*/
|
||||
public function disableMFAPost(ExistingTokenFormRequest $request): Redirector | RedirectResponse
|
||||
public function disableMFAPost(ExistingTokenFormRequest $request): Redirector|RedirectResponse
|
||||
{
|
||||
if (!$this->internalAuth) {
|
||||
$request->session()->flash('error', trans('firefly.external_user_mgt_disabled'));
|
||||
@@ -171,7 +171,7 @@ class MfaController extends Controller
|
||||
$repository = app(UserRepositoryInterface::class);
|
||||
|
||||
/** @var User $user */
|
||||
$user = auth()->user();
|
||||
$user = auth()->user();
|
||||
|
||||
Preferences::delete('temp-mfa-secret');
|
||||
Preferences::delete('temp-mfa-codes');
|
||||
@@ -195,7 +195,7 @@ class MfaController extends Controller
|
||||
/**
|
||||
* Enable 2FA screen.
|
||||
*/
|
||||
public function enableMFA(Request $request): Redirector | RedirectResponse | View
|
||||
public function enableMFA(Request $request): Redirector|RedirectResponse|View
|
||||
{
|
||||
if (!$this->internalAuth) {
|
||||
$request->session()->flash('error', trans('firefly.external_user_mgt_disabled'));
|
||||
@@ -215,9 +215,9 @@ class MfaController extends Controller
|
||||
return redirect(route('profile.index'));
|
||||
}
|
||||
|
||||
$domain = $this->getDomain();
|
||||
$secret = Google2FA::generateSecretKey();
|
||||
$image = Google2FA::getQRCodeInline($domain, auth()->user()->email, $secret);
|
||||
$domain = $this->getDomain();
|
||||
$secret = Google2FA::generateSecretKey();
|
||||
$image = Google2FA::getQRCodeInline($domain, auth()->user()->email, $secret);
|
||||
|
||||
Preferences::set('temp-mfa-secret', $secret);
|
||||
|
||||
@@ -232,7 +232,7 @@ class MfaController extends Controller
|
||||
* @throws ContainerExceptionInterface
|
||||
* @throws NotFoundExceptionInterface
|
||||
*/
|
||||
public function enableMFAPost(TokenFormRequest $request): Redirector | RedirectResponse
|
||||
public function enableMFAPost(TokenFormRequest $request): Redirector|RedirectResponse
|
||||
{
|
||||
if (!$this->internalAuth) {
|
||||
$request->session()->flash('error', trans('firefly.external_user_mgt_disabled'));
|
||||
@@ -241,10 +241,10 @@ class MfaController extends Controller
|
||||
}
|
||||
|
||||
/** @var User $user */
|
||||
$user = auth()->user();
|
||||
$user = auth()->user();
|
||||
|
||||
// verify password.
|
||||
$password = $request->get('password');
|
||||
$password = $request->get('password');
|
||||
if (!auth()->validate(['email' => $user->email, 'password' => $password])) {
|
||||
session()->flash('error', 'Bad user pw, no MFA for you!');
|
||||
|
||||
@@ -257,7 +257,7 @@ class MfaController extends Controller
|
||||
if (is_array($secret)) {
|
||||
$secret = null;
|
||||
}
|
||||
$secret = (string)$secret;
|
||||
$secret = (string)$secret;
|
||||
|
||||
$repository->setMFACode($user, $secret);
|
||||
|
||||
@@ -267,7 +267,7 @@ class MfaController extends Controller
|
||||
Preferences::mark();
|
||||
|
||||
// also save the code so replay attack is prevented.
|
||||
$mfaCode = $request->get('code');
|
||||
$mfaCode = $request->get('code');
|
||||
$this->addToMFAHistory($mfaCode);
|
||||
|
||||
// make sure MFA is logged out.
|
||||
@@ -327,7 +327,7 @@ class MfaController extends Controller
|
||||
Preferences::set('mfa_history', $newHistory);
|
||||
}
|
||||
|
||||
public function index(): Factory | RedirectResponse | View
|
||||
public function index(): Factory|RedirectResponse|View
|
||||
{
|
||||
if (!$this->internalAuth) {
|
||||
request()->session()->flash('error', trans('firefly.external_user_mgt_disabled'));
|
||||
|
||||
Reference in New Issue
Block a user