diff --git a/app/Http/Controllers/DebugController.php b/app/Http/Controllers/DebugController.php index c96cad13f6..451f92d9d7 100644 --- a/app/Http/Controllers/DebugController.php +++ b/app/Http/Controllers/DebugController.php @@ -88,7 +88,7 @@ class DebugController extends Controller public function flush(Request $request) { app('preferences')->mark(); - $request->session()->forget(['start', 'end', '_previous', 'viewRange', 'range', 'is_custom_range']); + $request->session()->forget(['start', 'end', '_previous', 'viewRange', 'range', 'is_custom_range','temp-mfa-secret','temp-mfa-codes']); Log::debug('Call cache:clear...'); Artisan::call('cache:clear'); Log::debug('Call config:clear...'); diff --git a/app/Http/Controllers/ProfileController.php b/app/Http/Controllers/ProfileController.php index 5ad9dc473e..59f75258d1 100644 --- a/app/Http/Controllers/ProfileController.php +++ b/app/Http/Controllers/ProfileController.php @@ -34,6 +34,7 @@ use FireflyIII\Http\Requests\ProfileFormRequest; use FireflyIII\Http\Requests\TokenFormRequest; use FireflyIII\Models\Preference; use FireflyIII\Repositories\User\UserRepositoryInterface; +use FireflyIII\Support\Facades\Preferences; use FireflyIII\Support\Http\Controllers\CreateStuff; use FireflyIII\User; use Google2FA; @@ -157,37 +158,36 @@ class ProfileController extends Controller return redirect(route('profile.index')); } - $domain = $this->getDomain(); - $secret = null; + $domain = $this->getDomain(); + $secretPreference = Preferences::get('temp-mfa-secret'); + $codesPreference = Preferences::get('temp-mfa-codes'); // generate secret if not in session - if (!session()->has('temp-mfa-secret')) { + if (null === $secretPreference) { // generate secret + store + flash $secret = Google2FA::generateSecretKey(); - session()->put('temp-mfa-secret', $secret); - session()->flash('two-factor-secret', $secret); - } - // re-use secret if in session - if (session()->has('temp-mfa-secret')) { - // get secret from session and flash - $secret = session()->get('temp-mfa-secret'); - session()->flash('two-factor-secret', $secret); + Preferences::set('temp-mfa-secret', $secret); } - // generate codes if not in session: + // re-use secret if in session + if (null !== $secretPreference) { + // get secret from session and flash + $secret = $secretPreference->data; + } + + // generate recovery codes if not in session: $recoveryCodes = ''; - if (!session()->has('temp-mfa-codes')) { + + if (null === $codesPreference) { // generate codes + store + flash: $recovery = app(Recovery::class); $recoveryCodes = $recovery->lowercase()->setCount(8)->setBlocks(2)->setChars(6)->toArray(); - session()->put('temp-mfa-codes', $recoveryCodes); - session()->flash('two-factor-codes', $recoveryCodes); + Preferences::set('temp-mfa-codes', $recoveryCodes); } - // get codes from session if there already: - if (session()->has('temp-mfa-codes')) { - $recoveryCodes = session()->get('temp-mfa-codes'); - session()->flash('two-factor-codes', $recoveryCodes); + // get codes from session if present already: + if (null !== $codesPreference) { + $recoveryCodes = $codesPreference->data; } $codes = implode("\r\n", $recoveryCodes); @@ -275,7 +275,11 @@ class ProfileController extends Controller /** @var User $user */ $user = auth()->user(); + Preferences::delete('temp-mfa-secret'); + Preferences::delete('temp-mfa-codes'); $repository->setMFACode($user, null); + app('preferences')->mark(); + session()->flash('success', (string) trans('firefly.pref_two_factor_auth_disabled')); session()->flash('info', (string) trans('firefly.pref_two_factor_auth_remove_it')); @@ -498,10 +502,13 @@ class ProfileController extends Controller $user = auth()->user(); /** @var UserRepositoryInterface $repository */ $repository = app(UserRepositoryInterface::class); - /** @var string $secret */ - $secret = session()->get('two-factor-secret'); + $secret = (string) session()->get('temp-mfa-secret'); + $repository->setMFACode($user, $secret); + Preferences::delete('temp-mfa-secret'); + Preferences::delete('temp-mfa-codes'); + session()->flash('success', (string) trans('firefly.saved_preferences')); app('preferences')->mark(); diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php index fcd48ce4c4..ebe20226df 100644 --- a/app/Providers/AuthServiceProvider.php +++ b/app/Providers/AuthServiceProvider.php @@ -64,7 +64,6 @@ class AuthServiceProvider extends ServiceProvider ); $this->registerPolicies(); - Passport::routes(); Passport::tokensExpireIn(now()->addDays(14)); } } diff --git a/app/Support/Authentication/RemoteUserProvider.php b/app/Support/Authentication/RemoteUserProvider.php index 2d309e018b..c67555b5a9 100644 --- a/app/Support/Authentication/RemoteUserProvider.php +++ b/app/Support/Authentication/RemoteUserProvider.php @@ -69,8 +69,6 @@ class RemoteUserProvider implements UserProvider $roleObject = Role::where('name', 'owner')->first(); $user->roles()->attach($roleObject); } - - } Log::debug(sprintf('Going to return user #%d (%s)', $user->id, $user->email)); diff --git a/app/Validation/FireflyValidator.php b/app/Validation/FireflyValidator.php index fa19a099db..a20ee3737f 100644 --- a/app/Validation/FireflyValidator.php +++ b/app/Validation/FireflyValidator.php @@ -35,6 +35,7 @@ use FireflyIII\Repositories\Bill\BillRepositoryInterface; use FireflyIII\Repositories\Budget\BudgetRepositoryInterface; use FireflyIII\Repositories\PiggyBank\PiggyBankRepositoryInterface; use FireflyIII\Services\Password\Verifier; +use FireflyIII\Support\Facades\Preferences; use FireflyIII\Support\ParseDateString; use FireflyIII\TransactionRules\Triggers\TriggerInterface; use FireflyIII\User; @@ -68,8 +69,13 @@ class FireflyValidator extends Validator if (null === $value || !is_string($value) || 6 !== strlen($value)) { return false; } - - $secret = session('two-factor-secret'); + $user = auth()->user(); + if (null === $user) { + Log::error('No user during validate2faCode'); + return false; + } + $secretPreference = Preferences::get('temp-mfa-secret'); + $secret = $secretPreference?->data ?? ''; return Google2FA::verifyKey($secret, $value); }