Added TOTP generation view and started verification stage

Also updated MFA setup view to have settings-like listed interface to make it possible to extend with extra options in the future.
2025-07-28 17:02:04 +03:00 · 2021-06-29 22:06:49 +01:00
parent efb6a6b457
commit d25cd83d8e
5 changed files with 141 additions and 7 deletions
--- a/app/Http/Controllers/Auth/MfaController.php
+++ b/app/Http/Controllers/Auth/MfaController.php
@ -2,11 +2,24 @@

 namespace BookStack\Http\Controllers\Auth;

+use BaconQrCode\Renderer\Color\Rgb;
+use BaconQrCode\Renderer\Image\SvgImageBackEnd;
+use BaconQrCode\Renderer\ImageRenderer;
+use BaconQrCode\Renderer\RendererStyle\Fill;
+use BaconQrCode\Renderer\RendererStyle\RendererStyle;
+use BaconQrCode\Writer;
 use BookStack\Http\Controllers\Controller;
 use Illuminate\Http\Request;
+use Illuminate\Validation\ValidationException;
+use PragmaRX\Google2FA\Exceptions\IncompatibleWithGoogleAuthenticatorException;
+use PragmaRX\Google2FA\Exceptions\InvalidCharactersException;
+use PragmaRX\Google2FA\Exceptions\SecretKeyTooShortException;
+use PragmaRX\Google2FA\Google2FA;

 class MfaController extends Controller
 {
+    protected const TOTP_SETUP_SECRET_SESSION_KEY = 'mfa-setup-totp-secret';
+
    /**
     * Show the view to setup MFA for the current user.
     */
@ -17,13 +30,57 @@ class MfaController extends Controller
        return view('mfa.setup');
    }

-    public function generateQr()
+    /**
+     * Show a view that generates and displays a TOTP QR code.
+     * @throws IncompatibleWithGoogleAuthenticatorException
+     * @throws InvalidCharactersException
+     * @throws SecretKeyTooShortException
+     */
+    public function totpGenerate()
    {
-        // https://github.com/antonioribeiro/google2fa#how-to-generate-and-use-two-factor-authentication
+        // TODO - Ensure a QR code doesn't already exist? Or overwrite?
+        $google2fa = new Google2FA();
+        if (session()->has(static::TOTP_SETUP_SECRET_SESSION_KEY)) {
+            $totpSecret = decrypt(session()->get(static::TOTP_SETUP_SECRET_SESSION_KEY));
+        } else {
+            $totpSecret = $google2fa->generateSecretKey();
+            session()->put(static::TOTP_SETUP_SECRET_SESSION_KEY, encrypt($totpSecret));
+        }
+
+        $qrCodeUrl = $google2fa->getQRCodeUrl(
+            setting('app-name'),
+            user()->email,
+            $totpSecret
+        );
+
+        $color = Fill::uniformColor(new Rgb(255, 255, 255), new Rgb(32, 110, 167));
+        $svg = (new Writer(
+            new ImageRenderer(
+                new RendererStyle(192, 0, null, null, $color),
+                new SvgImageBackEnd
+            )
+        ))->writeString($qrCodeUrl);

-        // Generate secret key
-        // Store key in session?
        // Get user to verify setup via responding once.
        // If correct response, Save key against user
+        return view('mfa.totp-generate', [
+            'secret' => $totpSecret,
+            'svg' => $svg,
+        ]);
+    }
+
+    /**
+     * Confirm the setup of TOTP and save the auth method secret
+     * against the current user.
+     * @throws ValidationException
+     */
+    public function totpConfirm(Request $request)
+    {
+        $this->validate($request, [
+            'code' => 'required|max:12|min:4'
+        ]);
+
+        // TODO - Confirm code
+        dd($request->input('code'));
    }
 }