Source of file LoginHandler.php
Size: 6,133 Bytes - Last Modified: 2021-12-24T06:35:30+00:00
/var/www/docs.ssmods.com/process/src/src/Handlers/LoginHandler.php
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203 | <?php namespace _2fa; use _2fa\Authenticator; use SilverStripe\Forms\Form; use SilverStripe\Forms\FieldList; use SilverStripe\Forms\TextField; use SilverStripe\Security\Member; use SilverStripe\Control\Director; use SilverStripe\Forms\FormAction; use SilverStripe\Security\Security; use SilverStripe\Core\Config\Config; use SilverStripe\Control\HTTPRequest; use SilverStripe\SiteConfig\SiteConfig; use SilverStripe\Core\Injector\Injector; use SilverStripe\Security\MemberAuthenticator\MemberLoginForm; use SilverStripe\Security\MemberAuthenticator\LoginHandler as SS_LoginHandler; class LoginHandler extends SS_LoginHandler { private static $allowed_actions = [ 'step2', 'secondStepForm', 'twofactorsetup', 'twoFactorSetupFrom', 'verify_and_activate', 'twofactorcomplete', 'show_backup_tokens', ]; public function doLogin($data, MemberLoginForm $form, HTTPRequest $request) { if ($member = $this->checkLogin($data, $request, $result)) { $session = $request->getSession(); $session->set('TwoFactorLoginHandler.MemberID', $member->ID); $session->set('TwoFactorLoginHandler.Data', $data); if ($member->Has2FA) { return $this->redirect($this->link('step2')); } if (Injector::inst()->get(Authenticator::class)->is2FArequired($member) && !$member->isDefaultAdmin() ) { // If member is default admin bypass the 2FA Requirement return $this->redirect($this->link('twofactorsetup')); } if (Injector::inst()->get(Authenticator::class)->is2FAenabled()) { // 2FA is enabled but not enforced log in as normal $this->performLogin($member, $data, $request); return $this->redirectAfterSuccessfulLogin(); } } // Fail to login redirects back to form return $this->redirectBack(); } public function step2() { return [ "Form" => $this->secondStepForm() ]; } public function twofactorsetup() { return [ "Form" => $this->twoFactorSetupFrom() ]; } public function twofactorcomplete() { return $this->redirectAfterSuccessfulLogin(); } public function twoFactorSetupFrom() { $session = $this->request->getSession(); $memberID = $session->get('TwoFactorLoginHandler.MemberID'); $member = Member::get()->byID($memberID); $member->generateTOTPToken(); $member->write(); return $member ->customise(array( 'CurrentController' => $this, )) ->renderWith('TokenInfoDialog'); } /** * Function to allow verification & activation of two-factor-auth via Ajax * * @param $request * @return \SS_HTTPResponse */ public function verify_and_activate($request) { $session = $this->request->getSession(); $memberID = $session->get('TwoFactorLoginHandler.MemberID'); $member = Member::get()->byID($memberID); if (!$member) { return; } $TokenCorrect = $member->validateTOTP( (string) $request->postVar('VerificationInput') ); if ($TokenCorrect) { $member->Has2FA = true; $member->regenerateBackupTokens(); $member->write(); $data = $session->get('TwoFactorLoginHandler.Data'); if (!$member) { return $this->redirectBack(); } $this->performLogin($member, $data, $request); return $this->redirect($this->link('show_backup_tokens')); } // else: show feedback return [ "Form" => $member ->customise( [ 'CurrentController' => $this, 'VerificationError' => true, ] ) ->renderWith('TokenInfoDialog') ]; } public function show_backup_tokens() { $member = Security::getCurrentUser(); if (!$member->BackupTokens()->count()) { $member->regenerateBackupTokens(); } return [ "Title" => 'Two Factor Back Up Tokens', "Content" => $member->customise(array( "backUrl" => $this->getBackURL() )) ->renderWith('ShowBackUpTokens') ]; } public function secondStepForm() { return new Form( $this, "secondStepForm", new FieldList( new TextField('SecondFactor', 'Access Token') ), new FieldList( new FormAction('completeSecondStep', 'Log in') ) ); } public function completeSecondStep($data, Form $form, HTTPRequest $request) { $session = $request->getSession(); $memberID = $session->get('TwoFactorLoginHandler.MemberID'); $member = Member::get()->byID($memberID); if ($member->validateTOTP($data['SecondFactor'])) { $data = $session->get('TwoFactorLoginHandler.Data'); if (!$member) { return $this->redirectBack(); } $this->performLogin($member, $data, $request); return $this->redirectAfterSuccessfulLogin(); } // Fail to login redirects back to form return $this->redirectBack(); } public function getBackURL() { $session = $this->request->getSession(); $backURL = null; $data = $session->get('TwoFactorLoginHandler.Data'); if ($data && isset($session->get('TwoFactorLoginHandler.Data')['BackURL'])) { $backURL = $session->get('TwoFactorLoginHandler.Data')['BackURL']; } if ($backURL && Director::is_site_url($backURL)) { return $backURL; } return parent::getBackURL(); } } |