|
|
|
|
@ -339,6 +339,11 @@ class AccountController extends Controller
|
|
|
|
|
$request->session()->push('2fa.session.active', true);
|
|
|
|
|
return redirect('/');
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
|
|
if($this->twoFactorBackupCheck($request, $code, $user)) {
|
|
|
|
|
return redirect('/');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if($request->session()->has('2fa.attempts')) {
|
|
|
|
|
$count = (int) $request->session()->has('2fa.attempts');
|
|
|
|
|
$request->session()->push('2fa.attempts', $count + 1);
|
|
|
|
|
@ -350,4 +355,31 @@ class AccountController extends Controller
|
|
|
|
|
]);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
protected function twoFactorBackupCheck($request, $code, User $user)
|
|
|
|
|
{
|
|
|
|
|
$backupCodes = $user->{'2fa_backup_codes'};
|
|
|
|
|
if($backupCodes) {
|
|
|
|
|
$codes = json_decode($backupCodes, true);
|
|
|
|
|
foreach ($codes as $c) {
|
|
|
|
|
if(hash_equals($c, $code)) {
|
|
|
|
|
// remove code
|
|
|
|
|
$codes = array_flatten(array_diff($codes, [$code]));
|
|
|
|
|
$user->{'2fa_backup_codes'} = json_encode($codes);
|
|
|
|
|
$user->save();
|
|
|
|
|
$request->session()->push('2fa.session.active', true);
|
|
|
|
|
return true;
|
|
|
|
|
} else {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function accountRestored(Request $request)
|
|
|
|
|
{
|
|
|
|
|
//
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
Daniel Supernault
6 years ago