Improve MFA integration

Cleanup the code. Add password validation and error messages.
2026-04-23 05:56:22 +05:30 · 2024-05-24 10:12:33 +07:00 · 2024-05-24 10:12:33 +07:00 · 505975e565
commit 505975e565
parent 6d92d7044b
4 changed files with 176 additions and 148 deletions
--- a/system/admin/views/edit-mfa.html.php
+++ b/system/admin/views/edit-mfa.html.php
@ -4,56 +4,61 @@ if (isset($_SESSION[site_url()]['user'])) {
    $user = $_SESSION[site_url()]['user'];
 }

-	use PragmaRX\Google2FA\Google2FA;
-	use BaconQrCode\Renderer\GDLibRenderer;
-	use BaconQrCode\Writer;
+use PragmaRX\Google2FA\Google2FA;
+use BaconQrCode\Renderer\GDLibRenderer;
+use BaconQrCode\Writer;

-if (user('mfa_secret', $user) == 'disabled') {
-	$google2fa = new Google2FA();
-	$mfasecret = $google2fa->generateSecretKey();
+$mfa_state = user('mfa_secret', $user);

-	$g2faUrl = $google2fa->getQRCodeUrl(
-		$user,
-		site_url(),
-		$mfasecret
-	);
+if (is_null($mfa_state) || $mfa_state == 'disabled') {
+    $google2fa = new Google2FA();
+    $mfasecret = $google2fa->generateSecretKey();

-	$renderer = new GDLibRenderer(400);
-	$writer = new Writer($renderer);
+    $g2faUrl = $google2fa->getQRCodeUrl(
+        $user,
+        site_url(),
+        $mfasecret
+    );

-	$qrcode_image = base64_encode($writer->writeString($g2faUrl));
+    $renderer = new GDLibRenderer(400);
+    $writer = new Writer($renderer);
+
+    $qrcode_image = base64_encode($writer->writeString($g2faUrl));
 }
 ?>
 <h2><?php echo i18n('config_mfa'); echo ': ' . $user; ?></h2>
 <br>
+<?php if (isset($error)) { ?>
+    <div class="error-message"><?php echo $error ?></div>
+<?php } ?>
 <form method="POST">
    <input type="hidden" name="csrf_token" value="<?php echo get_csrf(); ?>">
    <input type="hidden" name="username" value="<?php echo $user; ?>">
-	<?php if (user('mfa_secret', $user) == 'disabled') {
-		echo '<div style="text-align:center;width:100%;"><img style="margin:-10px auto;" src="data:image/png;base64, '.$qrcode_image.' "/></div>
-			<span style="text-align:center;width:100%;float:left;"><small>'.i18n('manualsetupkey').': '.$mfasecret.'</small></span>
-			<div class="form-group row">
-				<label for="site.url" class="col-sm-2 col-form-label">'.i18n('MFACode').'</label>
-				<div class="col-sm-10">
-				  <input type="text" name="mfacode" class="form-control" id="mfacode" value="" placeholder="'.i18n('verify_code').'">
-				</div>
-			</div>
-			<div class="form-group row">
-				<label for="site.url" class="col-sm-2 col-form-label">'.i18n('Password').'</label>
-				<div class="col-sm-10">
-				  <input type="password" name="password" class="form-control" id="password" value="" placeholder="'.i18n('verify_password').'">
-				</div>
-			</div>
-			<input type="hidden" name="mfa_secret" value="'.$mfasecret.'">
-			<input type="submit" class="btn btn-primary" style="width:100px;" value="'.i18n('Save').'">';
-	} else {
-		echo '<input type="hidden" name="mfa_secret" value="disabled">	
-			<div class="form-group row">
-				<label for="site.url" class="col-sm-2 col-form-label">'.i18n('Password').'</label>
-				<div class="col-sm-10">
-				  <input type="password" name="password" class="form-control" id="password" value="" placeholder="'.i18n('verify_password').'">
-				</div>
-			</div>
-			<input type="submit" class="btn btn-primary" style="width:100px;" value="'.i18n('disablemfa').'">';
-	} ?>	
-</form>
+    <?php if (is_null($mfa_state) || $mfa_state == 'disabled') {?>
+        <div style="text-align:center;width:100%;"><img style="margin:-10px auto;" src="data:image/png;base64, <?php echo $qrcode_image; ?>"/></div>
+            <span style="text-align:center;width:100%;float:left;"><small><?php echo i18n('manualsetupkey') . ': ' . $mfasecret; ?></small></span>
+            <div class="form-group row">
+                <label for="site.url" class="col-sm-2 col-form-label"><?php echo i18n('MFACode');?></label>
+                <div class="col-sm-10">
+                  <input type="text" name="mfacode" class="form-control" id="mfacode" value="" placeholder="<?php echo i18n('verify_code');?>">
+                </div>
+            </div>
+            <div class="form-group row">
+                <label for="site.url" class="col-sm-2 col-form-label"><?php echo i18n('Password');?></label>
+                <div class="col-sm-10">
+                  <input type="password" name="password" class="form-control" id="password" value="" placeholder="<?php echo i18n('verify_password');?>">
+                </div>
+            </div>
+            <input type="hidden" name="mfa_secret" value="<?php echo $mfasecret;?>">
+            <input type="submit" class="btn btn-primary" style="width:100px;" value="<?php echo i18n('Save');?>">'
+    <?php } else { ?>
+        <input type="hidden" name="mfa_secret" value="disabled">    
+            <div class="form-group row">
+                <label for="site.url" class="col-sm-2 col-form-label"><?php echo i18n('Password');?></label>
+                <div class="col-sm-10">
+                  <input type="password" name="password" class="form-control" id="password" value="" placeholder="<?php echo i18n('verify_password');?>">
+                </div>
+            </div>
+            <input type="submit" class="btn btn-primary" value="<?php echo i18n('disablemfa');?>">
+    <?php } ?>    
+</form>