We use cookies to ensure you get the best experience on our website
Página inicial Explorar Ajuda
Registrar Entrar
0ct0pu5
/
anonaddy
1
0
Fork 0
Arquivos Issues 0 Pull Requests 0 Wiki
Tree: fd92e09e5e
Branches Tags
anonaddy
/
app
/
Http
/
Controllers
/
Auth
/
ApiAuthenticationController.php

ApiAuthenticationController.php 3.5 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100 
  1. <?php
    2. 

  2. 

  3. namespace App\Http\Controllers\Auth;
    4. 

  4. 

  5. use App\Facades\Webauthn;
    6. 

  6. use App\Http\Controllers\Controller;
    7. 

  7. use App\Http\Requests\ApiAuthenticationLoginRequest;
    8. 

  8. use App\Http\Requests\ApiAuthenticationMfaRequest;
    9. 

  9. use App\Models\User;
    10. 

  10. use App\Models\Username;
    11. 

  11. use Illuminate\Contracts\Encryption\DecryptException;
    12. 

  12. use Illuminate\Support\Carbon;
    13. 

  13. use Illuminate\Support\Facades\Cache;
    14. 

  14. use Illuminate\Support\Facades\Crypt;
    15. 

  15. use Illuminate\Support\Facades\Hash;
    16. 

  16. use PragmaRX\Google2FA\Google2FA;
    17. 

  17. 

  18. class ApiAuthenticationController extends Controller
    19. 

  19. {
    20. 

  20.     public function __construct()
    21. 

  21.     {
    22. 

  22.         $this->middleware('throttle:3,1');
    23. 

  23.     }
    24. 

  24. 

  25.     public function login(ApiAuthenticationLoginRequest $request)
    26. 

  26.     {
    27. 

  27.         $user = Username::firstWhere('username', $request->username)?->user;
    28. 

  28. 

  29.         if (! $user || ! Hash::check($request->password, $user->password)) {
    30. 

  30.             return response()->json([
    31. 

  31.                 'error' => 'The provided credentials are incorrect',
    32. 

  32.             ], 401);
    33. 

  33.         }
    34. 

  34. 

  35.         // Check if user has 2FA enabled, if needs OTP then return mfa_key
    36. 

  36.         if ($user->two_factor_enabled) {
    37. 

  37.             return response()->json([
    38. 

  38.                 'message' => "OTP required, please make a request to /api/auth/mfa with the 'mfa_key', 'otp' and 'device_name' including a 'X-CSRF-TOKEN' header",
    39. 

  39.                 'mfa_key' => Crypt::encryptString($user->id.'|'.config('anonaddy.secret').'|'.Carbon::now()->addMinutes(5)->getTimestamp()),
    40. 

  40.                 'csrf_token' => csrf_token(),
    41. 

  41.             ], 422);
    42. 

  42.         } elseif (Webauthn::enabled($user)) {
    43. 

  43.             // If WebAuthn is enabled then return currently unsupported message
    44. 

  44.             return response()->json([
    45. 

  45.                 'error' => 'WebAuthn authentication is not currently supported from the extension or mobile apps, please use an API key to login instead',
    46. 

  46.             ], 403);
    47. 

  47.         }
    48. 

  48. 

  49.         // If the user doesn't use 2FA then return the new API key
    50. 

  50.         return response()->json([
    51. 

  51.             'api_key' => explode('|', $user->createToken($request->device_name)->plainTextToken, 2)[1],
    52. 

  52.         ]);
    53. 

  53.     }
    54. 

  54. 

  55.     public function mfa(ApiAuthenticationMfaRequest $request)
    56. 

  56.     {
    57. 

  57.         try {
    58. 

  58.             $mfaKey = Crypt::decryptString($request->mfa_key);
    59. 

  59.         } catch (DecryptException $e) {
    60. 

  60.             return response()->json([
    61. 

  61.                 'error' => 'Invalid mfa_key',
    62. 

  62.             ], 401);
    63. 

  63.         }
    64. 

  64.         $parts = explode('|', $mfaKey, 3);
    65. 

  65. 

  66.         $user = User::find($parts[0]);
    67. 

  67. 

  68.         if (! $user || $parts[1] !== config('anonaddy.secret')) {
    69. 

  69.             return response()->json([
    70. 

  70.                 'error' => 'Invalid mfa_key',
    71. 

  71.             ], 401);
    72. 

  72.         }
    73. 

  73. 

  74.         // Check if the mfa_key has expired
    75. 

  75.         if (Carbon::now()->getTimestamp() > $parts[2]) {
    76. 

  76.             return response()->json([
    77. 

  77.                 'error' => 'mfa_key expired, please request a new one at /api/auth/login',
    78. 

  78.             ], 401);
    79. 

  79.         }
    80. 

  80. 

  81.         $google2fa = new Google2FA();
    82. 

  82.         $lastTimeStamp = Cache::get('2fa_ts:'.$user->id);
    83. 

  83. 

  84.         $timestamp = $google2fa->verifyKeyNewer($user->two_factor_secret, $request->otp, $lastTimeStamp);
    85. 

  85. 

  86.         if (! $timestamp) {
    87. 

  87.             return response()->json([
    88. 

  88.                 'error' => 'The \'One Time Password\' typed was wrong',
    89. 

  89.             ], 401);
    90. 

  90.         }
    91. 

  91. 

  92.         if (is_int($timestamp)) {
    93. 

  93.             Cache::put('2fa_ts:'.$user->id, $timestamp, now()->addMinutes(5));
    94. 

  94.         }
    95. 

  95. 

  96.         return response()->json([
    97. 

  97.             'api_key' => explode('|', $user->createToken($request->device_name)->plainTextToken, 2)[1],
    98. 

  98.         ]);
    99. 

  99.     }
    100. 

  100. }
    101.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5