mirror of
https://github.com/BookStackApp/BookStack.git
synced 2024-12-04 06:43:38 +08:00
9b271e559f
- Restructured some of the route naming to be a little more consistent. - Moved the routes about to be more logically in one place. - Created a new middleware to handle the auth of people that should be allowed access to mfa setup routes, since these could be used by existing logged in users or by people needing to setup MFA on access. - Added testing to cover MFA setup required flow. - Added TTL and method tracking to session last-login tracking system.
61 lines
1.5 KiB
PHP
61 lines
1.5 KiB
PHP
<?php
|
|
|
|
namespace BookStack\Auth\Access\Mfa;
|
|
|
|
use BookStack\Auth\User;
|
|
|
|
class MfaSession
|
|
{
|
|
/**
|
|
* Check if MFA is required for the given user.
|
|
*/
|
|
public function isRequiredForUser(User $user): bool
|
|
{
|
|
// TODO - Test both these cases
|
|
return $user->mfaValues()->exists() || $this->userRoleEnforcesMfa($user);
|
|
}
|
|
|
|
/**
|
|
* Check if the given user is pending MFA setup.
|
|
* (MFA required but not yet configured).
|
|
*/
|
|
public function isPendingMfaSetup(User $user): bool
|
|
{
|
|
return $this->isRequiredForUser($user) && !$user->mfaValues()->exists();
|
|
}
|
|
|
|
/**
|
|
* Check if a role of the given user enforces MFA.
|
|
*/
|
|
protected function userRoleEnforcesMfa(User $user): bool
|
|
{
|
|
return $user->roles()
|
|
->where('mfa_enforced', '=', true)
|
|
->exists();
|
|
}
|
|
|
|
/**
|
|
* Check if the current MFA session has already been verified for the given user.
|
|
*/
|
|
public function isVerifiedForUser(User $user): bool
|
|
{
|
|
return session()->get($this->getMfaVerifiedSessionKey($user)) === 'true';
|
|
}
|
|
|
|
/**
|
|
* Mark the current session as MFA-verified.
|
|
*/
|
|
public function markVerifiedForUser(User $user): void
|
|
{
|
|
session()->put($this->getMfaVerifiedSessionKey($user), 'true');
|
|
}
|
|
|
|
/**
|
|
* Get the session key in which the MFA verification status is stored.
|
|
*/
|
|
protected function getMfaVerifiedSessionKey(User $user): string
|
|
{
|
|
return 'mfa-verification-passed:' . $user->id;
|
|
}
|
|
|
|
} |