mirror
/
pixelfed
mirror of https://github.com/pixelfed/pixelfed.git
1
0
Fork 1
Code Issues Releases Wiki Activity

Update 2fa, logout user after two failed attempts

This commit is contained in:
Daniel Supernault 2018-10-25 19:49:35 -06:00
parent 3e9b75545d
commit ef3edc185d
No known key found for this signature in database
GPG Key ID: 0DEF1C662C9033F7
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/Http/Controllers/AccountController.php
View File

@ -321,6 +321,12 @@ class AccountController extends Controller
$request->session()->push('2fa.session.active', true);
return redirect('/');
} else {
if($request->session()->has('2fa.attempts')) {
$count = (int) $request->session()->has('2fa.attempts');
$request->session()->push('2fa.attempts', $count + 1);
} else {
$request->session()->push('2fa.attempts', 1);
}
return redirect()->back()->withErrors([
'code' => 'Invalid code'
]);

3
app/Http/Middleware/TwoFactorAuth.php
View File

@ -24,6 +24,9 @@ class TwoFactorAuth
if($request->session()->has('2fa.session.active') !== true && !$request->is($checkpoint))
{
return redirect('/i/auth/checkpoint');
} elseif($request->session()->has('2fa.attempts') || (int) $request->session()->get('2fa.attempts') > 3) {
$request->session()->pull('2fa.attempts');
Auth::logout();
}
}
}