geolba/tethys.backend
geolba/tethys.backend
2
0
Fork 2
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

- added 2fa authentication during login. see resources/js/Pages/Auth/login.vue
All checks were successful
CI Pipeline / japa-tests (push) Successful in 1m2s
Details

Browse source 
- added validate() method inside app/Srvices/TwoFactorProvider.ts
- added twoFactorChallenge() method inside app/Controllers/Http/Auth/AuthController.ts for logging in via 2fa-code
This commit is contained in:
Kaimbacher 2024-02-16 15:32:47 +01:00
parent b2dce0259a
commit f828ca4491
7 changed files with 233 additions and 84 deletions
Download patch file Download diff file Expand all files Collapse all files

64
app/Controllers/Http/Auth/AuthController.ts
View file

@ -1,9 +1,13 @@
import type { HttpContextContract } from '@ioc:Adonis/Core/HttpContext';
// import User from 'App/Models/User';
import User from 'App/Models/User';
// import Hash from '@ioc:Adonis/Core/Hash';
// import InvalidCredentialException from 'App/Exceptions/InvalidCredentialException';
import AuthValidator from 'App/Validators/AuthValidator';
import TwoFactorAuthProvider from 'App/Services/TwoFactorAuthProvider';
// import { LoginState } from 'Contracts/enums';
// import { StatusCodes } from 'http-status-codes';
export default class AuthController {
// login function
public async login({ request, response, auth, session }: HttpContextContract) {
@ -12,24 +16,30 @@ export default class AuthController {
// });
await request.validate(AuthValidator);
const plainPassword = await request.input('password');
const email = await request.input('email');
// const plainPassword = await request.input('password');
// const email = await request.input('email');
// grab uid and password values off request body
// const { email, password } = request.only(['email', 'password'])
const { email, password } = request.only(['email', 'password']);
try {
// attempt to verify credential and login user
await auth.use('web').attempt(email, plainPassword);
// // attempt to verify credential and login user
// await auth.use('web').attempt(email, plainPassword);
// const user = await auth.use('web').verifyCredentials(email, plainPassword);
// if (user.isTwoFactorEnabled) {
// // session.put("login.id", user.id);
// // return view.render("pages/two-factor-challenge");
// }
const user = await auth.use('web').verifyCredentials(email, password);
if (user.isTwoFactorEnabled) {
// session.put("login.id", user.id);
// return view.render("pages/two-factor-challenge");
// session.forget('login.id');
// session.regenerate();
// await auth.login(user);
session.flash('user_id', user.id);
return response.redirect().back();
// let state = LoginState.STATE_VALIDATED;
// return response.status(StatusCodes.OK).json({
// state: state,
// new_user_id: user.id,
// });
}
await auth.login(user);
} catch (error) {
// if login fails, return vague form message and redirect back
session.flash('message', 'Your username, email, or password is incorrect');
@ -40,6 +50,32 @@ export default class AuthController {
response.redirect('/apps/dashboard');
}
public async twoFactorChallenge({ request, session, auth, response }) {
const { code, recoveryCode, login_id } = request.only(['code', 'recoveryCode', 'login_id']);
// const user = await User.query().where('id', session.get('login.id')).firstOrFail();
const user = await User.query().where('id', login_id).firstOrFail();
if (code) {
const isValid = await TwoFactorAuthProvider.validate(user, code);
if (isValid) {
// login user and redirect to dashboard
await auth.login(user);
response.redirect('/apps/dashboard');
} else {
session.flash('message', 'Your tow factor code is incorrect');
return response.redirect().back();
}
} else if (recoveryCode) {
const codes = user?.twoFactorRecoveryCodes ?? [];
if (codes.includes(recoveryCode)) {
user.twoFactorRecoveryCodes = codes.filter((c) => c !== recoveryCode);
await user.save();
await auth.login(user);
response.redirect('/apps/dashboard');
}
}
}
// logout function
public async logout({ auth, response }: HttpContextContract) {
// await auth.logout();