fediport/pixelfed
2
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge pull request #533 from pixelfed/frontend-ui-refactor

Browse source 
Update 2fa, logout user after two failed attempts
This commit is contained in:
daniel 2018-10-25 19:50:35 -06:00 committed by GitHub
parent dce17deb13 ef3edc185d
commit 2d7e08e429
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
app/Http/Controllers/AccountController.php
View file

@ -321,6 +321,12 @@ class AccountController extends Controller
$request->session()->push('2fa.session.active', true);
return redirect('/');
} else {
if($request->session()->has('2fa.attempts')) {
$count = (int) $request->session()->has('2fa.attempts');
$request->session()->push('2fa.attempts', $count + 1);
} else {
$request->session()->push('2fa.attempts', 1);
}
return redirect()->back()->withErrors([
'code' => 'Invalid code'
]);

3
app/Http/Middleware/TwoFactorAuth.php
View file

@ -24,6 +24,9 @@ class TwoFactorAuth
if($request->session()->has('2fa.session.active') !== true && !$request->is($checkpoint))
{
return redirect('/i/auth/checkpoint');
} elseif($request->session()->has('2fa.attempts') || (int) $request->session()->get('2fa.attempts') > 3) {
$request->session()->pull('2fa.attempts');
Auth::logout();
}
}
}