Merge pull request #533 from pixelfed/frontend-ui-refactor

Update 2fa, logout user after two failed attempts
This commit is contained in:
daniel 2018-10-25 19:50:35 -06:00 committed by GitHub
commit 2d7e08e429
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 0 deletions

View file

@ -321,6 +321,12 @@ class AccountController extends Controller
$request->session()->push('2fa.session.active', true); $request->session()->push('2fa.session.active', true);
return redirect('/'); return redirect('/');
} else { } else {
if($request->session()->has('2fa.attempts')) {
$count = (int) $request->session()->has('2fa.attempts');
$request->session()->push('2fa.attempts', $count + 1);
} else {
$request->session()->push('2fa.attempts', 1);
}
return redirect()->back()->withErrors([ return redirect()->back()->withErrors([
'code' => 'Invalid code' 'code' => 'Invalid code'
]); ]);

View file

@ -24,6 +24,9 @@ class TwoFactorAuth
if($request->session()->has('2fa.session.active') !== true && !$request->is($checkpoint)) if($request->session()->has('2fa.session.active') !== true && !$request->is($checkpoint))
{ {
return redirect('/i/auth/checkpoint'); return redirect('/i/auth/checkpoint');
} elseif($request->session()->has('2fa.attempts') || (int) $request->session()->get('2fa.attempts') > 3) {
$request->session()->pull('2fa.attempts');
Auth::logout();
} }
} }
} }