Mirrors/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2024-11-09 12:42:36 +01:00
Code Issues Releases Activity

2FA check for mobile app

Browse Source
This commit is contained in:
Hillel Coren 2018-08-20 20:52:54 +03:00
parent a739de0230
commit 0dce4fc843
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
app/Http/Controllers/AccountApiController.php
View File

@ -69,6 +69,15 @@ class AccountApiController extends BaseAPIController
}
if (Auth::attempt(['email' => $request->email, 'password' => $request->password])) {
// TODO remove token_name check once legacy apps are deactivated
if ($user->google_2fa_secret && strpos($request->token_name, 'invoice-ninja-') !== false) {
$secret = \Crypt::decrypt($user->google_2fa_secret);
if (! $request->one_time_password) {
return $this->errorResponse(['message' => 'OTP_REQUIRED'], 401);
} elseif (! \Google2FA::verifyKey($secret, $request->one_time_password)) {
return $this->errorResponse(['message' => 'Invalid one time password'], 401);
}
}
if ($user && $user->failed_logins > 0) {
$user->failed_logins = 0;
$user->save();