v1.0 Initial commit of project
This commit is contained in:
68
pub/api/v1/users/mfa/index.php
Normal file
68
pub/api/v1/users/mfa/index.php
Normal file
@@ -0,0 +1,68 @@
|
||||
<?php
|
||||
session_start();
|
||||
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_mfa.php';
|
||||
require $_SERVER['DOCUMENT_ROOT'] . '/../vendor/autoload.php';
|
||||
include_once $_SERVER['DOCUMENT_ROOT'] . '/login/php/authFunctions.php';
|
||||
|
||||
|
||||
use api\classes\API_mfa;
|
||||
use RobThree\Auth\TwoFactorAuth;
|
||||
use RobThree\Auth\Providers\Qr\EndroidQrCodeWithLogoProvider;
|
||||
|
||||
$API_mfa = new API_mfa();
|
||||
|
||||
if ($API_mfa->request_method === 'GET') {
|
||||
|
||||
} elseif ($API_mfa->request_method === 'POST') {
|
||||
# Setup a new MFA secret its posted from mfaSetup.php where it generated a secret
|
||||
|
||||
if (checkLoginAttempts() > 10) {
|
||||
echo 'too many attempts, please try again later.';
|
||||
exit;
|
||||
}
|
||||
|
||||
# check if the secret is in the session created at the mfaSetup.php file
|
||||
if (!isset($_SESSION['mfasetup']['secret'])) {
|
||||
$this->apiOutput(400, ['error' => 'secret not found.']);
|
||||
}
|
||||
|
||||
$tfa = new TwoFactorAuth(new EndroidQrCodeWithLogoProvider());
|
||||
|
||||
$API_mfa->postedData['user_uuid'] = $_SESSION['user']['user_uuid'];
|
||||
$API_mfa->postedData['user_two_factor_secret'] = $_SESSION['mfasetup']['secret'];
|
||||
$API_mfa->postedData['verificationCode'] = linkVerificationPosts(); # The code is entered in six loose posts this wil link it togheter
|
||||
|
||||
$requiredFields = [
|
||||
'user_uuid' => ['type' => 'uuid'],
|
||||
'user_two_factor_secret' => ['type' => 'string'],
|
||||
'verificationCode' => ['type' => 'string', 'min' => 6, 'max' => 6],
|
||||
];
|
||||
|
||||
$API_mfa->validateData($requiredFields);
|
||||
|
||||
|
||||
$result = $tfa->verifyCode($API_mfa->postedData['user_two_factor_secret'], $API_mfa->postedData['verificationCode']);
|
||||
if (!$result) {
|
||||
addLoginAttempts();
|
||||
$API_mfa->apiOutput(401, ['error' => 'Invalid verification code.']);
|
||||
}
|
||||
|
||||
$API_mfa->enableMFA();
|
||||
|
||||
} elseif ($API_mfa->request_method === 'PUT') {
|
||||
|
||||
} elseif ($API_mfa->request_method === 'DELETE') {
|
||||
|
||||
# Delete a mfa code for a user
|
||||
|
||||
$API_mfa->return_url = false;
|
||||
|
||||
$requiredFields = [
|
||||
'user_uuid' => ['type' => 'uuid'],
|
||||
];
|
||||
|
||||
$API_mfa->validateData($requiredFields);
|
||||
|
||||
$API_mfa->disableMFA();
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user