aiden
/
pixelfed
mirror of https://github.com/pixelfed/pixelfed
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge 6d0f93dc9e into eecf460e9e

Browse Source
Shlee 5 days ago committed by GitHub
parent eecf460e9e 6d0f93dc9e
commit cc0f83c3ed
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
15 changed files with 85 additions and 51 deletions
Show Stats Download Patch File Download Diff File

14
app/Console/Commands/UserToggle2FA.php
Unescape Escape View File

@ -30,7 +30,7 @@ class UserToggle2FA extends Command implements PromptsForMissingInput
protected function promptForMissingArgumentsUsing() protected function promptForMissingArgumentsUsing()
{ {
return [ return [
'username' => 'Which username should we disable 2FA for?', 'username' => 'Which username should we disable MFA for?',
]; ];
} }
@ -46,16 +46,16 @@ class UserToggle2FA extends Command implements PromptsForMissingInput
exit; exit;
} }
if(!$user->{'2fa_enabled'}) { if(!$user->mfa_enabled) {
$this->info('User did not have 2FA enabled!'); $this->info('User did not have MFA enabled!');
return; return;
} }
$user->{'2fa_enabled'} = false; $user->mfa_enabled = false;
$user->{'2fa_secret'} = null; $user->mfa_secret = null;
$user->{'2fa_backup_codes'} = null; $user->mfa_backup_codes = null;
$user->save(); $user->save();
$this->info('Successfully disabled 2FA on this account!'); $this->info('Successfully disabled MFA on this account!');
} }
} }

6
app/Http/Controllers/AccountController.php
Unescape Escape View File

@ -533,7 +533,7 @@ class AccountController extends Controller
$user = Auth::user(); $user = Auth::user();
$code = $request->input('code'); $code = $request->input('code');
$google2fa = new Google2FA; $google2fa = new Google2FA;
$verify = $google2fa->verifyKey($user->{'2fa_secret'}, $code); $verify = $google2fa->verifyKey($user->mfa_secret, $code);
if ($verify) { if ($verify) {
$request->session()->push('2fa.session.active', true); $request->session()->push('2fa.session.active', true);
@ -564,13 +564,13 @@ class AccountController extends Controller
protected function twoFactorBackupCheck($request, $code, User $user) protected function twoFactorBackupCheck($request, $code, User $user)
{ {
$backupCodes = $user->{'2fa_backup_codes'}; $backupCodes = $user->mfa_backup_codes;
if ($backupCodes) { if ($backupCodes) {
$codes = json_decode($backupCodes, true); $codes = json_decode($backupCodes, true);
foreach ($codes as $c) { foreach ($codes as $c) {
if (hash_equals($c, $code)) { if (hash_equals($c, $code)) {
$codes = array_flatten(array_diff($codes, [$code])); $codes = array_flatten(array_diff($codes, [$code]));
$user->{'2fa_backup_codes'} = json_encode($codes); $user->mfa_backup_codes = json_encode($codes);
$user->save(); $user->save();
$request->session()->push('2fa.session.active', true); $request->session()->push('2fa.session.active', true);

2
app/Http/Controllers/Admin/AdminDirectoryController.php
Unescape Escape View File

@ -30,7 +30,7 @@ trait AdminDirectoryController
$res['countries'] = collect((new ISO3166)->all())->pluck('name'); $res['countries'] = collect((new ISO3166)->all())->pluck('name');
$res['admins'] = User::whereIsAdmin(true) $res['admins'] = User::whereIsAdmin(true)
->where('2fa_enabled', true) ->where('mfa_enabled', true)
->get()->map(function ($user) { ->get()->map(function ($user) {
return [ return [
'uid' => (string) $user->id, 'uid' => (string) $user->id,

4
app/Http/Controllers/Api/ApiV1Dot1Controller.php
Unescape Escape View File

@ -388,8 +388,8 @@ class ApiV1Dot1Controller extends Controller
} }
$res = [ $res = [
'active' => (bool) $user->{'2fa_enabled'}, 'active' => (bool) $user->mfa_enabled,
'setup_at' => $user->{'2fa_setup_at'}, 'setup_at' => $user->mfa_setup_at,
]; ];
return $this->json($res); return $this->json($res);

36
app/Http/Controllers/Settings/SecuritySettings.php
Unescape Escape View File

@ -43,7 +43,7 @@ trait SecuritySettings
public function securityTwoFactorSetup(Request $request) public function securityTwoFactorSetup(Request $request)
{ {
$user = Auth::user(); $user = Auth::user();
if($user->{'2fa_enabled'} && $user->{'2fa_secret'}) { if($user->mfa_enabled && $user->mfa_secret) {
return redirect(route('account.security')); return redirect(route('account.security'));
} }
$backups = $this->generateBackupCodes(); $backups = $this->generateBackupCodes();
@ -65,8 +65,8 @@ trait SecuritySettings
) )
); );
$qrcode = $writer->writeString($qrcode); $qrcode = $writer->writeString($qrcode);
$user->{'2fa_secret'} = $key; $user->mfa_secret = $key;
$user->{'2fa_backup_codes'} = json_encode($backups); $user->mfa_backup_codes = json_encode($backups);
$user->save(); $user->save();
return view('settings.security.2fa.setup', compact('user', 'qrcode', 'backups')); return view('settings.security.2fa.setup', compact('user', 'qrcode', 'backups'));
} }
@ -84,7 +84,7 @@ trait SecuritySettings
public function securityTwoFactorSetupStore(Request $request) public function securityTwoFactorSetupStore(Request $request)
{ {
$user = Auth::user(); $user = Auth::user();
if($user->{'2fa_enabled'} && $user->{'2fa_secret'}) { if($user->mfa_enabled && $user->mfa_secret) {
abort(403, 'Two factor auth is already setup.'); abort(403, 'Two factor auth is already setup.');
} }
$this->validate($request, [ $this->validate($request, [
@ -92,10 +92,10 @@ trait SecuritySettings
]); ]);
$code = $request->input('code'); $code = $request->input('code');
$google2fa = new Google2FA(); $google2fa = new Google2FA();
$verify = $google2fa->verifyKey($user->{'2fa_secret'}, $code); $verify = $google2fa->verifyKey($user->mfa_secret, $code);
if($verify) { if($verify) {
$user->{'2fa_enabled'} = true; $user->mfa_enabled = true;
$user->{'2fa_setup_at'} = Carbon::now(); $user->mfa_setup_at = Carbon::now();
$user->save(); $user->save();
return response()->json(['msg'=>'success']); return response()->json(['msg'=>'success']);
} else { } else {
@ -107,7 +107,7 @@ trait SecuritySettings
{ {
$user = Auth::user(); $user = Auth::user();
if(!$user->{'2fa_enabled'} || !$user->{'2fa_secret'}) { if(!$user->mfa_enabled || !$user->mfa_secret) {
abort(403); abort(403);
} }
@ -118,10 +118,10 @@ trait SecuritySettings
{ {
$user = Auth::user(); $user = Auth::user();
if(!$user->{'2fa_enabled'} || !$user->{'2fa_secret'} || !$user->{'2fa_backup_codes'}) { if(!$user->mfa_enabled || !$user->mfa_secret || !$user->mfa_backup_codes) {
abort(403); abort(403);
} }
$codes = json_decode($user->{'2fa_backup_codes'}, true); $codes = json_decode($user->mfa_backup_codes, true);
return view('settings.security.2fa.recovery-codes', compact('user', 'codes')); return view('settings.security.2fa.recovery-codes', compact('user', 'codes'));
} }
@ -129,11 +129,11 @@ trait SecuritySettings
{ {
$user = Auth::user(); $user = Auth::user();
if(!$user->{'2fa_enabled'} || !$user->{'2fa_secret'}) { if(!$user->mfa_enabled || !$user->mfa_secret) {
abort(403); abort(403);
} }
$backups = $this->generateBackupCodes(); $backups = $this->generateBackupCodes();
$user->{'2fa_backup_codes'} = json_encode($backups); $user->mfa_backup_codes = json_encode($backups);
$user->save(); $user->save();
return redirect(route('settings.security.2fa.recovery')); return redirect(route('settings.security.2fa.recovery'));
} }
@ -142,7 +142,7 @@ trait SecuritySettings
{ {
$user = Auth::user(); $user = Auth::user();
if(!$user->{'2fa_enabled'} || !$user->{'2fa_secret'} || !$user->{'2fa_backup_codes'}) { if(!$user->mfa_enabled || !$user->mfa_secret || !$user->mfa_backup_codes) {
abort(403); abort(403);
} }
@ -154,14 +154,14 @@ trait SecuritySettings
abort(403); abort(403);
} }
$user->{'2fa_enabled'} = false; $user->mfa_enabled = false;
$user->{'2fa_secret'} = null; $user->mfa_secret = null;
$user->{'2fa_backup_codes'} = null; $user->mfa_backup_codes = null;
$user->{'2fa_setup_at'} = null; $user->mfa_setup_at = null;
$user->save(); $user->save();
return response()->json([ return response()->json([
'msg' => 'Successfully removed 2fa device' 'msg' => 'Successfully removed MFA device'
], 200); ], 200);
} }
} }

2
app/Http/Middleware/TwoFactorAuth.php
Unescape Escape View File

@ -18,7 +18,7 @@ class TwoFactorAuth
{ {
if($request->user()) { if($request->user()) {
$user = $request->user(); $user = $request->user();
$enabled = (bool) $user->{'2fa_enabled'}; $enabled = (bool) $user->mfa_enabled;
if($enabled != false) { if($enabled != false) {
$checkpoint = 'i/auth/checkpoint'; $checkpoint = 'i/auth/checkpoint';
if($request->session()->has('2fa.session.active') !== true && !$request->is($checkpoint) && !$request->is('logout')) if($request->session()->has('2fa.session.active') !== true && !$request->is($checkpoint) && !$request->is('logout'))

2
app/Http/Resources/AdminUser.php
Unescape Escape View File

@ -25,7 +25,7 @@ class AdminUser extends JsonResource
'is_admin' => (bool) $this->is_admin, 'is_admin' => (bool) $this->is_admin,
'email' => $this->email, 'email' => $this->email,
'email_verified_at' => $this->email_verified_at, 'email_verified_at' => $this->email_verified_at,
'two_factor_enabled' => (bool) $this->{'2fa_enabled'}, 'two_factor_enabled' => (bool) $this->mfa_enabled,
'register_source' => $this->register_source, 'register_source' => $this->register_source,
'app_register_ip' => $this->app_register_ip, 'app_register_ip' => $this->app_register_ip,
'has_interstitial' => (bool) $this->has_interstitial, 'has_interstitial' => (bool) $this->has_interstitial,

8
app/Jobs/DeletePipeline/DeleteAccountPipeline.php
Unescape Escape View File

@ -219,10 +219,10 @@ class DeleteAccountPipeline implements ShouldQueue
$user->remember_token = null; $user->remember_token = null;
$user->is_admin = false; $user->is_admin = false;
$user->expo_token = null; $user->expo_token = null;
$user->{'2fa_enabled'} = false; $user->mfa_enabled = false;
$user->{'2fa_secret'} = null; $user->mfa_secret = null;
$user->{'2fa_backup_codes'} = null; $user->mfa_backup_codes = null;
$user->{'2fa_setup_at'} = null; $user->mfa_setup_at = null;
$user->save(); $user->save();
}); });
} }

6
app/User.php
Unescape Escape View File

@ -26,7 +26,7 @@ class User extends Authenticatable
return [ return [
'deleted_at' => 'datetime', 'deleted_at' => 'datetime',
'email_verified_at' => 'datetime', 'email_verified_at' => 'datetime',
'2fa_setup_at' => 'datetime', 'mfa_setup_at' => 'datetime',
'last_active_at' => 'datetime', 'last_active_at' => 'datetime',
]; ];
} }
@ -60,8 +60,8 @@ class User extends Authenticatable
*/ */
protected $hidden = [ protected $hidden = [
'email', 'password', 'is_admin', 'remember_token', 'email', 'password', 'is_admin', 'remember_token',
'email_verified_at', '2fa_enabled', '2fa_secret', 'email_verified_at', 'mfa_enabled', 'mfa_secret',
'2fa_backup_codes', '2fa_setup_at', 'deleted_at', 'mfa_backup_codes', 'mfa_setup_at', 'deleted_at',
'updated_at', 'updated_at',
]; ];

34
database/migrations/2025_11_13_012725_rename_2fa_columns_to_mfa_in_users_table.php
Unescape Escape View File

@ -0,0 +1,34 @@
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
return new class extends Migration
{
/**
* Run the migrations.
*/
public function up(): void
{
Schema::table('users', function (Blueprint $table) {
$table->renameColumn('2fa_enabled', 'mfa_enabled');
$table->renameColumn('2fa_secret', 'mfa_secret');
$table->renameColumn('2fa_backup_codes', 'mfa_backup_codes');
$table->renameColumn('2fa_setup_at', 'mfa_setup_at');
});
}
/**
* Reverse the migrations.
*/
public function down(): void
{
Schema::table('users', function (Blueprint $table) {
$table->renameColumn('mfa_enabled', '2fa_enabled');
$table->renameColumn('mfa_secret', '2fa_secret');
$table->renameColumn('mfa_backup_codes', '2fa_backup_codes');
$table->renameColumn('mfa_setup_at', '2fa_setup_at');
});
}
};

4
resources/assets/components/admin/AdminDirectory.vue
Unescape Escape View File

@ -337,7 +337,7 @@
<p class="lead font-weight-bold text-danger">No admin(s) found</p> <p class="lead font-weight-bold text-danger">No admin(s) found</p>
<ul class="text-danger"> <ul class="text-danger">
<li>Admins must be active</li> <li>Admins must be active</li>
<li>Admins must have 2FA setup and enabled</li> <li>Admins must have MFA setup and enabled</li>
</ul> </ul>
</div> </div>
</div> </div>
@ -506,7 +506,7 @@
<li>No analytics or 3rd party trackers*</li> <li>No analytics or 3rd party trackers*</li>
<li>User data is not sold to any 3rd parties</li> <li>User data is not sold to any 3rd parties</li>
<li>Data is stored securely in accordance with industry standards</li> <li>Data is stored securely in accordance with industry standards</li>
<li>Admin accounts are protected with 2FA</li> <li>Admin accounts are protected with MFA</li>
<li>Follow strict support procedures to keep your accounts safe</li> <li>Follow strict support procedures to keep your accounts safe</li>
<li>Give at least 6 months warning in the event we shut down</li> <li>Give at least 6 months warning in the event we shut down</li>
</ul> </ul>

8
resources/views/auth/checkpoint.blade.php
Unescape Escape View File

@ -14,12 +14,12 @@
<a href="/"> <a href="/">
<img src="/img/pixelfed-icon-white.svg" height="60px"> <img src="/img/pixelfed-icon-white.svg" height="60px">
</a> </a>
<h1 class="pt-4 pb-1">2FA Checkpoint</h1> <h1 class="pt-4 pb-1">MFA Checkpoint</h1>
<p class="font-weight-light lead"> <p class="font-weight-light lead">
Enter the 2FA code from your device. Enter the MFA code from your device.
</p> </p>
<p class="text-muted small pb-3"> <p class="text-muted small pb-3">
If you lose access to your 2FA device, contact the admins. If you lose access to your MFA device, contact the admins.
</p> </p>
</div> </div>
<div class="card bg-glass"> <div class="card bg-glass">
@ -30,7 +30,7 @@
<div class="form-group row"> <div class="form-group row">
<div class="col-md-12"> <div class="col-md-12">
<label class="font-weight-bold small text-muted">2FA Code</label> <label class="font-weight-bold small text-muted">MFA Code</label>
<input <input
id="code" id="code"
type="text" type="text"

4
resources/views/settings/security.blade.php
Unescape Escape View File

@ -11,12 +11,12 @@
<div class="mb-4 pb-4"> <div class="mb-4 pb-4">
<div class="d-flex justify-content-between align-items-center"> <div class="d-flex justify-content-between align-items-center">
<h4 class="font-weight-bold mb-0">{{__('settings.security.two_factor_authentication')}}</h4> <h4 class="font-weight-bold mb-0">{{__('settings.security.two_factor_authentication')}}</h4>
@if($user->{'2fa_enabled'}) @if($user->mfa_enabled)
<a class="btn btn-success btn-sm font-weight-bold" href="#">{{__('settings.security.enabled')}}</a> <a class="btn btn-success btn-sm font-weight-bold" href="#">{{__('settings.security.enabled')}}</a>
@endif @endif
</div> </div>
<hr> <hr>
@if($user->{'2fa_enabled'}) @if($user->mfa_enabled)
@include('settings.security.2fa.partial.edit-panel') @include('settings.security.2fa.partial.edit-panel')
@else @else
@include('settings.security.2fa.partial.disabled-panel') @include('settings.security.2fa.partial.disabled-panel')

2
resources/views/settings/security/2fa/edit.blade.php
Unescape Escape View File

@ -24,7 +24,7 @@
<div class="card-body d-flex justify-content-between align-items-center"> <div class="card-body d-flex justify-content-between align-items-center">
<i class="fas fa-lock fa-3x text-success"></i> <i class="fas fa-lock fa-3x text-success"></i>
<p class="font-weight-bold mb-0"> <p class="font-weight-bold mb-0">
Added {{$user->{'2fa_setup_at'}->diffForHumans()}} Added {{$user->mfa_setup_at->diffForHumans()}}
</p> </p>
</div> </div>
<div class="card-footer bg-white text-right"> <div class="card-footer bg-white text-right">

4
resources/views/settings/security/2fa/setup.blade.php
Unescape Escape View File

@ -54,7 +54,7 @@
</div> </div>
<div> <div>
<p class="font-weight-bold">OTP Secret</p> <p class="font-weight-bold">OTP Secret</p>
<input type="text" class="form-control" value="{{ $user->{'2fa_secret'} }}" disabled> <input type="text" class="form-control" value="{{ $user->mfa_secret }}" disabled>
</div> </div>
</div> </div>
<div class="card-body"> <div class="card-body">
@ -76,7 +76,7 @@
</div> </div>
<hr> <hr>
<div class="collapse" id="step3"> <div class="collapse" id="step3">
<p>Please store the following codes in a safe place, each backup code can be used only once if you do not have access to your 2FA mobile app.</p> <p>Please store the following codes in a safe place, each backup code can be used only once if you do not have access to your MFA mobile app.</p>
<code> <code>
@foreach($backups as $code) @foreach($backups as $code)

Write Preview
Loading…
Cancel
Save