mirror of
https://github.com/elyby/accounts.git
synced 2025-01-02 18:31:44 +05:30
Реализованы методы для включения\отключения двухфакторной аутентификации
This commit is contained in:
parent
3b9ef7ea70
commit
be4c7908b2
@ -7,6 +7,9 @@ return [
|
||||
'/accounts/change-email/submit-new-email' => 'accounts/change-email-submit-new-email',
|
||||
'/accounts/change-email/confirm-new-email' => 'accounts/change-email-confirm-new-email',
|
||||
|
||||
'POST /two-factor-auth' => 'two-factor-auth/activate',
|
||||
'DELETE /two-factor-auth' => 'two-factor-auth/disable',
|
||||
|
||||
'/oauth2/v1/<action>' => 'oauth/<action>',
|
||||
|
||||
'/account/v1/info' => 'identity-info/index',
|
||||
|
@ -34,4 +34,34 @@ class TwoFactorAuthController extends Controller {
|
||||
return $model->getCredentials();
|
||||
}
|
||||
|
||||
public function actionActivate() {
|
||||
$account = Yii::$app->user->identity;
|
||||
$model = new TwoFactorAuthForm($account, ['scenario' => TwoFactorAuthForm::SCENARIO_ACTIVATE]);
|
||||
if (!$model->activate()) {
|
||||
return [
|
||||
'success' => false,
|
||||
'errors' => $model->getFirstErrors(),
|
||||
];
|
||||
}
|
||||
|
||||
return [
|
||||
'success' => true,
|
||||
];
|
||||
}
|
||||
|
||||
public function actionDisable() {
|
||||
$account = Yii::$app->user->identity;
|
||||
$model = new TwoFactorAuthForm($account, ['scenario' => TwoFactorAuthForm::SCENARIO_DISABLE]);
|
||||
if (!$model->disable()) {
|
||||
return [
|
||||
'success' => false,
|
||||
'errors' => $model->getFirstErrors(),
|
||||
];
|
||||
}
|
||||
|
||||
return [
|
||||
'success' => true,
|
||||
];
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -18,7 +18,7 @@ use yii\base\ErrorException;
|
||||
|
||||
class TwoFactorAuthForm extends ApiForm {
|
||||
|
||||
const SCENARIO_ENABLE = 'enable';
|
||||
const SCENARIO_ACTIVATE = 'enable';
|
||||
const SCENARIO_DISABLE = 'disable';
|
||||
|
||||
public $token;
|
||||
@ -36,11 +36,13 @@ class TwoFactorAuthForm extends ApiForm {
|
||||
}
|
||||
|
||||
public function rules() {
|
||||
$on = [self::SCENARIO_ENABLE, self::SCENARIO_DISABLE];
|
||||
$bothScenarios = [self::SCENARIO_ACTIVATE, self::SCENARIO_DISABLE];
|
||||
return [
|
||||
['token', 'required', 'message' => E::OTP_TOKEN_REQUIRED, 'on' => $on],
|
||||
['token', TotpValidator::class, 'account' => $this->account, 'window' => 30, 'on' => $on],
|
||||
['password', PasswordRequiredValidator::class, 'account' => $this->account, 'on' => $on],
|
||||
['account', 'validateOtpDisabled', 'on' => self::SCENARIO_ACTIVATE],
|
||||
['account', 'validateOtpEnabled', 'on' => self::SCENARIO_DISABLE],
|
||||
['token', 'required', 'message' => E::OTP_TOKEN_REQUIRED, 'on' => $bothScenarios],
|
||||
['token', TotpValidator::class, 'account' => $this->account, 'window' => 30, 'on' => $bothScenarios],
|
||||
['password', PasswordRequiredValidator::class, 'account' => $this->account, 'on' => $bothScenarios],
|
||||
];
|
||||
}
|
||||
|
||||
@ -58,6 +60,47 @@ class TwoFactorAuthForm extends ApiForm {
|
||||
];
|
||||
}
|
||||
|
||||
public function activate(): bool {
|
||||
if (!$this->validate()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$account = $this->account;
|
||||
$account->is_otp_enabled = true;
|
||||
if (!$account->save()) {
|
||||
throw new ErrorException('Cannot enable otp for account');
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
public function disable(): bool {
|
||||
if (!$this->validate()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$account = $this->account;
|
||||
$account->is_otp_enabled = false;
|
||||
$account->otp_secret = null;
|
||||
if (!$account->save()) {
|
||||
throw new ErrorException('Cannot disable otp for account');
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
public function validateOtpDisabled($attribute) {
|
||||
if ($this->account->is_otp_enabled) {
|
||||
$this->addError($attribute, E::OTP_ALREADY_ENABLED);
|
||||
}
|
||||
}
|
||||
|
||||
public function validateOtpEnabled($attribute) {
|
||||
if (!$this->account->is_otp_enabled) {
|
||||
$this->addError($attribute, E::OTP_NOT_ENABLED);
|
||||
}
|
||||
}
|
||||
|
||||
public function getAccount(): Account {
|
||||
return $this->account;
|
||||
}
|
||||
|
@ -56,5 +56,7 @@ final class Error {
|
||||
|
||||
const OTP_TOKEN_REQUIRED = 'error.otp_token_required';
|
||||
const OTP_TOKEN_INCORRECT = 'error.otp_token_incorrect';
|
||||
const OTP_ALREADY_ENABLED = 'error.otp_already_enabled';
|
||||
const OTP_NOT_ENABLED = 'error.otp_not_enabled';
|
||||
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user