TheRON/core
1
0
Fork 0
mirror of https://framagit.org/hubzilla/core.git synced 2026-06-21 00:52:33 -04:00
Code Issues Packages Projects Releases Wiki Activity

check form security token and require password to enable/diable mfa

Browse Source
This commit is contained in:
Mario
2023-03-11 20:24:56 +00:00
parent 641b1c2e1b
commit ac9c33fb3b
2 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
Zotlabs/Module/Settings/Multifactor.php
View File

@@ -12,10 +12,24 @@ use ParagonIE\ConstantTime\Base32;
class Multifactor { class Multifactor {
public function post() { public function post() {
check_form_security_token_redirectOnErr('/settings/multifactor', 'settings_mfa');
$account = App::get_account(); $account = App::get_account();
if (!$account) { if (!$account) {
return; return;
} }
if (empty($_POST['password'])) {
notice(t('Password is required') . EOL);
return;
}
$password = trim($_POST['password']);
if(!account_verify_password($account['account_email'], $password)) {
notice(t('The provided password is not correct') . EOL);
return;
}
$enable_mfa = isset($_POST['enable_mfa']) ? (int) $_POST['enable_mfa'] : false; $enable_mfa = isset($_POST['enable_mfa']) ? (int) $_POST['enable_mfa'] : false;
AConfig::Set($account['account_id'], 'system', 'mfa_enabled', $enable_mfa); AConfig::Set($account['account_id'], 'system', 'mfa_enabled', $enable_mfa);
if ($enable_mfa) { if ($enable_mfa) {
@@ -67,6 +81,7 @@ class Multifactor {
t('Logging in will require you to be in possession of your smartphone with an authenticator app'), t('Logging in will require you to be in possession of your smartphone with an authenticator app'),
[t('No'), t('Yes')] [t('No'), t('Yes')]
], ],
'$password' => ['password', t('Please enter your password'), '', t('Required')],
'$submit' => t('Submit'), '$submit' => t('Submit'),
'$test' => t('Test') '$test' => t('Test')
] ]

1
view/tpl/totp_setup.tpl
View File

@@ -28,6 +28,7 @@
<div id="mfa-submit-wrapper" class="{{if !$enable_mfa.2}}d-none{{/if}}"> <div id="mfa-submit-wrapper" class="{{if !$enable_mfa.2}}d-none{{/if}}">
<form action="settings/multifactor" method="post"> <form action="settings/multifactor" method="post">
<input type='hidden' name='form_security_token' value='{{$form_security_token}}'> <input type='hidden' name='form_security_token' value='{{$form_security_token}}'>
{{include file="field_password.tpl" field=$password}}
{{include file="field_checkbox.tpl" field=$enable_mfa}} {{include file="field_checkbox.tpl" field=$enable_mfa}}
<div class="settings-submit-wrapper" > <div class="settings-submit-wrapper" >
<button id="otp-enable-submit" type="b" name="submit" class="btn btn-primary"> <button id="otp-enable-submit" type="b" name="submit" class="btn btn-primary">