pixelfed/app/Http/Middleware/TwoFactorAuth.php
2018-10-25 19:49:35 -06:00

35 lines
1,000 B
PHP

<?php
namespace App\Http\Middleware;
use Auth;
use Closure;
class TwoFactorAuth
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if($request->user()) {
$user = $request->user();
$enabled = (bool) $user->{'2fa_enabled'};
if($enabled != false) {
$checkpoint = 'i/auth/checkpoint';
if($request->session()->has('2fa.session.active') !== true && !$request->is($checkpoint))
{
return redirect('/i/auth/checkpoint');
} elseif($request->session()->has('2fa.attempts') || (int) $request->session()->get('2fa.attempts') > 3) {
$request->session()->pull('2fa.attempts');
Auth::logout();
}
}
}
return $next($request);
}
}