kenmirrors/firefly-iii
1
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2026-01-06 22:21:42 +00:00
Code Issues Projects Releases Wiki Activity

Make 2FA code + validation more robust. Thanks to @jtmoss3991, @timaschew and @Ottega.

Browse Source
This commit is contained in:
James Cole
2022-09-04 13:32:59 +02:00
parent 8659c7efbd
commit 06b7f18d55
5 changed files with 37 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
app/Validation/FireflyValidator.php
View File

@@ -35,6 +35,7 @@ use FireflyIII\Repositories\Bill\BillRepositoryInterface;
use FireflyIII\Repositories\Budget\BudgetRepositoryInterface;
use FireflyIII\Repositories\PiggyBank\PiggyBankRepositoryInterface;
use FireflyIII\Services\Password\Verifier;
use FireflyIII\Support\Facades\Preferences;
use FireflyIII\Support\ParseDateString;
use FireflyIII\TransactionRules\Triggers\TriggerInterface;
use FireflyIII\User;
@@ -68,8 +69,13 @@ class FireflyValidator extends Validator
if (null === $value || !is_string($value) || 6 !== strlen($value)) {
return false;
}
$secret = session('two-factor-secret');
$user = auth()->user();
if (null === $user) {
Log::error('No user during validate2faCode');
return false;
}
$secretPreference = Preferences::get('temp-mfa-secret');
$secret = $secretPreference?->data ?? '';
return Google2FA::verifyKey($secret, $value);
}