aiden
/
pixelfed
mirror of https://github.com/pixelfed/pixelfed
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Rename 2fa columns to mfa to fix PHP variable naming

Browse Source 
- Rename database columns: 2fa_* -> mfa_*
- Update all PHP code references to use mfa_* fields
- Maintain API backward compatibility (still returns two_factor_enabled)
- Keep all route URLs unchanged
- Add migration to rename columns in users table
pull/6335/head
Your Name 1 day ago
parent 82a82ec3e7
commit 6d0f93dc9e
15 changed files with 85 additions and 51 deletions
Show Stats Download Patch File Download Diff File

14
app/Console/Commands/UserToggle2FA.php
Unescape Escape View File

@ -30,7 +30,7 @@ class UserToggle2FA extends Command implements PromptsForMissingInput
protected function promptForMissingArgumentsUsing()
{
return [
'username' => 'Which username should we disable 2FA for?',
'username' => 'Which username should we disable MFA for?',
];
}
@ -46,16 +46,16 @@ class UserToggle2FA extends Command implements PromptsForMissingInput
exit;
}
if(!$user->{'2fa_enabled'}) {
$this->info('User did not have 2FA enabled!');
if(!$user->mfa_enabled) {
$this->info('User did not have MFA enabled!');
return;
}
$user->{'2fa_enabled'} = false;
$user->{'2fa_secret'} = null;
$user->{'2fa_backup_codes'} = null;
$user->mfa_enabled = false;
$user->mfa_secret = null;
$user->mfa_backup_codes = null;
$user->save();
$this->info('Successfully disabled 2FA on this account!');
$this->info('Successfully disabled MFA on this account!');
}
}

6
app/Http/Controllers/AccountController.php
Unescape Escape View File

@ -533,7 +533,7 @@ class AccountController extends Controller
$user = Auth::user();
$code = $request->input('code');
$google2fa = new Google2FA;
$verify = $google2fa->verifyKey($user->{'2fa_secret'}, $code);
$verify = $google2fa->verifyKey($user->mfa_secret, $code);
if ($verify) {
$request->session()->push('2fa.session.active', true);
@ -564,13 +564,13 @@ class AccountController extends Controller
protected function twoFactorBackupCheck($request, $code, User $user)
{
$backupCodes = $user->{'2fa_backup_codes'};
$backupCodes = $user->mfa_backup_codes;
if ($backupCodes) {
$codes = json_decode($backupCodes, true);
foreach ($codes as $c) {
if (hash_equals($c, $code)) {
$codes = array_flatten(array_diff($codes, [$code]));
$user->{'2fa_backup_codes'} = json_encode($codes);
$user->mfa_backup_codes = json_encode($codes);
$user->save();
$request->session()->push('2fa.session.active', true);

2
app/Http/Controllers/Admin/AdminDirectoryController.php
Unescape Escape View File

@ -30,7 +30,7 @@ trait AdminDirectoryController
$res['countries'] = collect((new ISO3166)->all())->pluck('name');
$res['admins'] = User::whereIsAdmin(true)
->where('2fa_enabled', true)
->where('mfa_enabled', true)
->get()->map(function ($user) {
return [
'uid' => (string) $user->id,

4
app/Http/Controllers/Api/ApiV1Dot1Controller.php
Unescape Escape View File

@ -388,8 +388,8 @@ class ApiV1Dot1Controller extends Controller
}
$res = [
'active' => (bool) $user->{'2fa_enabled'},
'setup_at' => $user->{'2fa_setup_at'},
'active' => (bool) $user->mfa_enabled,
'setup_at' => $user->mfa_setup_at,
];
return $this->json($res);

36
app/Http/Controllers/Settings/SecuritySettings.php
Unescape Escape View File

@ -43,7 +43,7 @@ trait SecuritySettings
public function securityTwoFactorSetup(Request $request)
{
$user = Auth::user();
if($user->{'2fa_enabled'} && $user->{'2fa_secret'}) {
if($user->mfa_enabled && $user->mfa_secret) {
return redirect(route('account.security'));
}
$backups = $this->generateBackupCodes();
@ -65,8 +65,8 @@ trait SecuritySettings
)
);
$qrcode = $writer->writeString($qrcode);
$user->{'2fa_secret'} = $key;
$user->{'2fa_backup_codes'} = json_encode($backups);
$user->mfa_secret = $key;
$user->mfa_backup_codes = json_encode($backups);
$user->save();
return view('settings.security.2fa.setup', compact('user', 'qrcode', 'backups'));
}
@ -84,7 +84,7 @@ trait SecuritySettings
public function securityTwoFactorSetupStore(Request $request)
{
$user = Auth::user();
if($user->{'2fa_enabled'} && $user->{'2fa_secret'}) {
if($user->mfa_enabled && $user->mfa_secret) {
abort(403, 'Two factor auth is already setup.');
}
$this->validate($request, [
@ -92,10 +92,10 @@ trait SecuritySettings
]);
$code = $request->input('code');
$google2fa = new Google2FA();
$verify = $google2fa->verifyKey($user->{'2fa_secret'}, $code);
$verify = $google2fa->verifyKey($user->mfa_secret, $code);
if($verify) {
$user->{'2fa_enabled'} = true;
$user->{'2fa_setup_at'} = Carbon::now();
$user->mfa_enabled = true;
$user->mfa_setup_at = Carbon::now();
$user->save();
return response()->json(['msg'=>'success']);
} else {
@ -107,7 +107,7 @@ trait SecuritySettings
{
$user = Auth::user();
if(!$user->{'2fa_enabled'} || !$user->{'2fa_secret'}) {
if(!$user->mfa_enabled || !$user->mfa_secret) {
abort(403);
}
@ -118,10 +118,10 @@ trait SecuritySettings
{
$user = Auth::user();
if(!$user->{'2fa_enabled'} || !$user->{'2fa_secret'} || !$user->{'2fa_backup_codes'}) {
if(!$user->mfa_enabled || !$user->mfa_secret || !$user->mfa_backup_codes) {
abort(403);
}
$codes = json_decode($user->{'2fa_backup_codes'}, true);
$codes = json_decode($user->mfa_backup_codes, true);
return view('settings.security.2fa.recovery-codes', compact('user', 'codes'));
}
@ -129,11 +129,11 @@ trait SecuritySettings
{
$user = Auth::user();
if(!$user->{'2fa_enabled'} || !$user->{'2fa_secret'}) {
if(!$user->mfa_enabled || !$user->mfa_secret) {
abort(403);
}
$backups = $this->generateBackupCodes();
$user->{'2fa_backup_codes'} = json_encode($backups);
$user->mfa_backup_codes = json_encode($backups);
$user->save();
return redirect(route('settings.security.2fa.recovery'));
}
@ -142,7 +142,7 @@ trait SecuritySettings
{
$user = Auth::user();
if(!$user->{'2fa_enabled'} || !$user->{'2fa_secret'} || !$user->{'2fa_backup_codes'}) {
if(!$user->mfa_enabled || !$user->mfa_secret || !$user->mfa_backup_codes) {
abort(403);
}
@ -154,14 +154,14 @@ trait SecuritySettings
abort(403);
}
$user->{'2fa_enabled'} = false;
$user->{'2fa_secret'} = null;
$user->{'2fa_backup_codes'} = null;
$user->{'2fa_setup_at'} = null;
$user->mfa_enabled = false;
$user->mfa_secret = null;
$user->mfa_backup_codes = null;
$user->mfa_setup_at = null;
$user->save();
return response()->json([
'msg' => 'Successfully removed 2fa device'
'msg' => 'Successfully removed MFA device'
], 200);
}
}

2
app/Http/Middleware/TwoFactorAuth.php
Unescape Escape View File

@ -18,7 +18,7 @@ class TwoFactorAuth
{
if($request->user()) {
$user = $request->user();
$enabled = (bool) $user->{'2fa_enabled'};
$enabled = (bool) $user->mfa_enabled;
if($enabled != false) {
$checkpoint = 'i/auth/checkpoint';
if($request->session()->has('2fa.session.active') !== true && !$request->is($checkpoint) && !$request->is('logout'))

2
app/Http/Resources/AdminUser.php
Unescape Escape View File

@ -25,7 +25,7 @@ class AdminUser extends JsonResource
'is_admin' => (bool) $this->is_admin,
'email' => $this->email,
'email_verified_at' => $this->email_verified_at,
'two_factor_enabled' => (bool) $this->{'2fa_enabled'},
'two_factor_enabled' => (bool) $this->mfa_enabled,
'register_source' => $this->register_source,
'app_register_ip' => $this->app_register_ip,
'has_interstitial' => (bool) $this->has_interstitial,

8
app/Jobs/DeletePipeline/DeleteAccountPipeline.php
Unescape Escape View File

@ -219,10 +219,10 @@ class DeleteAccountPipeline implements ShouldQueue
$user->remember_token = null;
$user->is_admin = false;
$user->expo_token = null;
$user->{'2fa_enabled'} = false;
$user->{'2fa_secret'} = null;
$user->{'2fa_backup_codes'} = null;
$user->{'2fa_setup_at'} = null;
$user->mfa_enabled = false;
$user->mfa_secret = null;
$user->mfa_backup_codes = null;
$user->mfa_setup_at = null;
$user->save();
});
}

6
app/User.php
Unescape Escape View File

@ -26,7 +26,7 @@ class User extends Authenticatable
return [
'deleted_at' => 'datetime',
'email_verified_at' => 'datetime',
'2fa_setup_at' => 'datetime',
'mfa_setup_at' => 'datetime',
'last_active_at' => 'datetime',
];
}
@ -60,8 +60,8 @@ class User extends Authenticatable
*/
protected $hidden = [
'email', 'password', 'is_admin', 'remember_token',
'email_verified_at', '2fa_enabled', '2fa_secret',
'2fa_backup_codes', '2fa_setup_at', 'deleted_at',
'email_verified_at', 'mfa_enabled', 'mfa_secret',
'mfa_backup_codes', 'mfa_setup_at', 'deleted_at',
'updated_at',
];

34
database/migrations/2025_11_13_012725_rename_2fa_columns_to_mfa_in_users_table.php
Unescape Escape View File

@ -0,0 +1,34 @@
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
return new class extends Migration
{
/**
* Run the migrations.
*/
public function up(): void
{
Schema::table('users', function (Blueprint $table) {
$table->renameColumn('2fa_enabled', 'mfa_enabled');
$table->renameColumn('2fa_secret', 'mfa_secret');
$table->renameColumn('2fa_backup_codes', 'mfa_backup_codes');
$table->renameColumn('2fa_setup_at', 'mfa_setup_at');
});
}
/**
* Reverse the migrations.
*/
public function down(): void
{
Schema::table('users', function (Blueprint $table) {
$table->renameColumn('mfa_enabled', '2fa_enabled');
$table->renameColumn('mfa_secret', '2fa_secret');
$table->renameColumn('mfa_backup_codes', '2fa_backup_codes');
$table->renameColumn('mfa_setup_at', '2fa_setup_at');
});
}
};

4
resources/assets/components/admin/AdminDirectory.vue
Unescape Escape View File

@ -337,7 +337,7 @@
<p class="lead font-weight-bold text-danger">No admin(s) found</p>
<ul class="text-danger">
<li>Admins must be active</li>
<li>Admins must have 2FA setup and enabled</li>
<li>Admins must have MFA setup and enabled</li>
</ul>
</div>
</div>
@ -506,7 +506,7 @@
<li>No analytics or 3rd party trackers*</li>
<li>User data is not sold to any 3rd parties</li>
<li>Data is stored securely in accordance with industry standards</li>
<li>Admin accounts are protected with 2FA</li>
<li>Admin accounts are protected with MFA</li>
<li>Follow strict support procedures to keep your accounts safe</li>
<li>Give at least 6 months warning in the event we shut down</li>
</ul>

8
resources/views/auth/checkpoint.blade.php
Unescape Escape View File

@ -14,12 +14,12 @@
<a href="/">
<img src="/img/pixelfed-icon-white.svg" height="60px">
</a>
<h1 class="pt-4 pb-1">2FA Checkpoint</h1>
<h1 class="pt-4 pb-1">MFA Checkpoint</h1>
<p class="font-weight-light lead">
Enter the 2FA code from your device.
Enter the MFA code from your device.
</p>
<p class="text-muted small pb-3">
If you lose access to your 2FA device, contact the admins.
If you lose access to your MFA device, contact the admins.
</p>
</div>
<div class="card bg-glass">
@ -30,7 +30,7 @@
<div class="form-group row">
<div class="col-md-12">
<label class="font-weight-bold small text-muted">2FA Code</label>
<label class="font-weight-bold small text-muted">MFA Code</label>
<input
id="code"
type="text"

4
resources/views/settings/security.blade.php
Unescape Escape View File

@ -11,12 +11,12 @@
<div class="mb-4 pb-4">
<div class="d-flex justify-content-between align-items-center">
<h4 class="font-weight-bold mb-0">{{__('settings.security.two_factor_authentication')}}</h4>
@if($user->{'2fa_enabled'})
@if($user->mfa_enabled)
<a class="btn btn-success btn-sm font-weight-bold" href="#">{{__('settings.security.enabled')}}</a>
@endif
</div>
<hr>
@if($user->{'2fa_enabled'})
@if($user->mfa_enabled)
@include('settings.security.2fa.partial.edit-panel')
@else
@include('settings.security.2fa.partial.disabled-panel')

2
resources/views/settings/security/2fa/edit.blade.php
Unescape Escape View File

@ -24,7 +24,7 @@
<div class="card-body d-flex justify-content-between align-items-center">
<i class="fas fa-lock fa-3x text-success"></i>
<p class="font-weight-bold mb-0">
Added {{$user->{'2fa_setup_at'}->diffForHumans()}}
Added {{$user->mfa_setup_at->diffForHumans()}}
</p>
</div>
<div class="card-footer bg-white text-right">

4
resources/views/settings/security/2fa/setup.blade.php
Unescape Escape View File

@ -54,7 +54,7 @@
</div>
<div>
<p class="font-weight-bold">OTP Secret</p>
<input type="text" class="form-control" value="{{ $user->{'2fa_secret'} }}" disabled>
<input type="text" class="form-control" value="{{ $user->mfa_secret }}" disabled>
</div>
</div>
<div class="card-body">
@ -76,7 +76,7 @@
</div>
<hr>
<div class="collapse" id="step3">
<p>Please store the following codes in a safe place, each backup code can be used only once if you do not have access to your 2FA mobile app.</p>
<p>Please store the following codes in a safe place, each backup code can be used only once if you do not have access to your MFA mobile app.</p>
<code>
@foreach($backups as $code)

Write Preview
Loading…
Cancel
Save