custom/plugins/BartCTwoFactorAuth/src/Api/Controller/TfaController.php line 117

Open in your IDE?
  1. <?php declare(strict_types=1);
  3. namespace BartCTwoFactorAuth\Api\Controller;
  5. use BartCTwoFactorAuth\Extension\System\User\UserExtensionEntity;
  6. use PragmaRX\Google2FA\Google2FA;
  7. use Shopware\Core\Framework\Api\Context\AdminApiSource;
  8. use Shopware\Core\Framework\Api\Response\ResponseFactoryInterface;
  9. use Shopware\Core\Framework\Context;
  10. use Shopware\Core\Framework\DataAbstractionLayer\EntityRepositoryInterface;
  11. use Shopware\Core\Framework\DataAbstractionLayer\Search\Criteria;
  12. use Shopware\Core\Framework\DataAbstractionLayer\Search\Filter\EqualsFilter;
  13. use Shopware\Core\Framework\Routing\Annotation\Since;
  14. use Shopware\Storefront\Controller\StorefrontController;
  15. use Symfony\Component\HttpFoundation\JsonResponse;
  16. use Symfony\Component\HttpFoundation\Request;
  17. use Symfony\Component\Routing\Annotation\Route;
  18. use Symfony\Component\Security\Csrf\TokenGenerator\TokenGeneratorInterface;
  20. /**
  21.  * @Route(defaults={"_routeScope"={"api"}})
  22.  */
  23. class TfaController extends StorefrontController
  24. {
  25.     private EntityRepositoryInterface $tfaRepository;
  28.     public function __construct(
  29.         EntityRepositoryInterface $tfaRepository,
  30.         TokenGeneratorInterface $tokenGenerator
  31.     ) {
  32.         $this->tfaRepository $tfaRepository;
  33.     }
  35.     /**
  36.      * @Since("6.0.0.0")
  37.      * @Route("/api/tfa/checkifenabled", name="api.tfa.checkifenabled", methods={"GET"})
  38.      */
  39.     public function checkIfEnabled(Context $contextRequest $requestResponseFactoryInterface $responseFactory): JsonResponse
  40.     {
  41.         $tfaEnabled false;
  42.         $userId $request->get('userId');
  44.         $criteria = new Criteria();
  45.         $criteria->addFilter(new EqualsFilter('userId'$userId));
  46.         $tfa $this->tfaRepository->search($criteria$context)->first();
  48.         if ($tfa !== null) {
  49.             $tfaEnabled $tfa->getTfaStatus();
  50.         }
  52.         return $this->json([
  53.             'tfaEnabled' => $tfaEnabled
  54.         ]);
  55.     }
  57.     /**
  58.      * @Since("6.0.0.0")
  59.      * @Route("/api/tfa/checkcode", name="api.tfa.check", methods={"GET"})
  60.      */
  61.     public function checkCode(Context $contextRequest $requestResponseFactoryInterface $responseFactory): JsonResponse
  62.     {
  63.         $tfaSecret $request->get('tfaSecret');
  64.         $tfaUserCode $request->get('tfaUserCode''');
  65.         $valid false;
  66.         $token '';
  67.         $user $this->getUserWithTfa($request$context);
  69.         if ($user) {
  70.             if (!$tfaSecret) {
  71.                 $tfaSecret $user->getTfaSecret();
  72.             }
  74.             $google2fa = new Google2FA();
  76.             $valid $google2fa->verifyKey(
  77.                 $tfaSecret,
  78.                 $tfaUserCode,
  79.                 8
  80.             );
  82.             if (!$valid && $tfaUserCode !== '' && $user->getBackupCode() !== null) {
  83.                 $valid $tfaUserCode === $user->getBackupCode();
  85.                 if ($valid) {
  86.                     $this->tfaRepository->update([
  87.                         [
  88.                             'id' => $user->getId(),
  89.                             'backupCode' => null
  90.                         ]
  91.                     ], $context);
  92.                 }
  93.             }
  95.             if ($valid) {
  96.                 $token $this->generateToken();
  97.                 $this->tfaRepository->update([
  98.                     [
  99.                         'id' => $user->getId(),
  100.                         'tfaToken' => $token,
  101.                         'tfaTokenCreated' => (new \DateTime())
  102.                     ]
  103.                 ], $context);
  104.             }
  105.         }
  107.         return $this->json([
  108.             'valid' => $valid,
  109.             'token' => $token
  110.         ]);
  111.     }
  113.     /**
  114.      * @Since("6.0.0.0")
  115.      * @Route("/api/tfa/checktfatoken", name="api.tfa.checktfatoken", methods={"GET"})
  116.      */
  117.     public function checkTfaToken(Context $contextRequest $requestResponseFactoryInterface $responseFactory): JsonResponse
  118.     {
  119.         $valid false;
  120.         $tfaToken $request->get('tfaToken');
  121.         $user $this->getUserWithTfa($request$context);
  123.         if ($user) {
  124.             $tfaTokenCreated $user->getTfaTokenCreated();
  126.             if ($tfaTokenCreated->diff(new \DateTime())->days 7) {
  127.                 $valid $tfaToken === $user->getTfaToken();
  128.             } else {
  129.                 $this->tfaRepository->update([
  130.                     [
  131.                         'id' => $user->getId(),
  132.                         'tfaToken' => null,
  133.                         'tfaTokenCreated' => null
  134.                     ]
  135.                 ], $context);
  136.             }
  137.         }
  139.         return $this->json([
  140.             'valid' => $valid
  141.         ]);
  142.     }
  144.     /**
  145.      * @Route("api/tfa/generate", name="frontend.tfa.generate", methods={"GET"})
  146.      */
  147.     public function generate(): JsonResponse
  148.     {
  149.         $google2fa = new Google2FA();
  150.         $secret $google2fa->generateSecretKey();
  152.         $text $google2fa->getQRCodeUrl(
  153.             'Compmany',
  154.             'Holder',
  155.             $secret
  156.         );
  158.         $json file_get_contents('https://scintillating-paprenjak-462850.netlify.app/.netlify/functions/qrGenerator?data=' .
  159.             urlencode(utf8_encode($text)));
  161.         $data json_decode($jsontrue);
  163.         if ($data === null || !isset($data['imageUrl'])) {
  164.             return $this->json([
  165.                 'error' => 'Could not generate QR code'
  166.             ]);
  167.         }
  169.         return $this->json([
  170.             'tfaQrCode' => $data['imageUrl'],
  171.             'tfaSecret' => $secret,
  172.         ]);
  173.     }
  175.     private function generateToken(): string
  176.     {
  177.         $bytes random_bytes(256 8);
  179.         return rtrim(strtr(base64_encode($bytes), '+/''-_'), '=');
  180.     }
  182.     private function getUserWithTfa(Request $requestContext $context): ?UserExtensionEntity
  183.     {
  184.         $userId $request->get('userId');
  186.         $adminApiSource $context->getSource();
  187.         if ($userId === null && $adminApiSource instanceof AdminApiSource) {
  188.             $userId $adminApiSource->getUserId();
  189.         }
  191.         $criteria = new Criteria();
  192.         $criteria->addFilter(new EqualsFilter('userId'$userId));
  194.         return $this->tfaRepository->search($criteria$context)->first();
  195.     }
  196. }