mirror of
https://github.com/Bubka/2FAuth.git
synced 2024-12-23 23:49:53 +01:00
Check URI validity after QR code upload
This commit is contained in:
parent
93f7c4a709
commit
140cedccf3
@ -4,6 +4,7 @@
|
||||
|
||||
use OTPHP\TOTP;
|
||||
use OTPHP\Factory;
|
||||
use Assert\AssertionFailedException;
|
||||
|
||||
class TimedTOTP
|
||||
{
|
||||
@ -16,10 +17,11 @@ class TimedTOTP
|
||||
*/
|
||||
public static function get($uri)
|
||||
{
|
||||
|
||||
try {
|
||||
$otp = Factory::loadFromProvisioningUri($uri);
|
||||
}
|
||||
catch (InvalidArgumentException $exception) {
|
||||
catch (AssertionFailedException $exception) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -3,11 +3,11 @@
|
||||
namespace App\Http\Controllers;
|
||||
|
||||
use Validator;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Http\File;
|
||||
use Illuminate\Support\Facades\Storage;
|
||||
use Zxing\QrReader;
|
||||
use App\TwoFAccount;
|
||||
use App\Classes\TimedTOTP;
|
||||
use Illuminate\Http\File;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Storage;
|
||||
|
||||
class QrCodecontroller extends Controller
|
||||
{
|
||||
@ -39,6 +39,7 @@ public function decode(Request $request)
|
||||
$qrcode = new QrReader(storage_path('app/' . $path));
|
||||
$uri = urldecode($qrcode->text());
|
||||
|
||||
// delete uploaded file
|
||||
Storage::delete($path);
|
||||
|
||||
if( empty($uri) ) {
|
||||
@ -51,6 +52,17 @@ public function decode(Request $request)
|
||||
|
||||
}
|
||||
|
||||
// Check uri validity
|
||||
if( !TimedTOTP::get($uri) ) {
|
||||
|
||||
return response()->json([
|
||||
'error' => [
|
||||
'uri' => 'This uri do not return any TOTP code 😕'
|
||||
]
|
||||
], 400);
|
||||
|
||||
}
|
||||
|
||||
$uriChunks = explode('?', $uri);
|
||||
|
||||
foreach(explode('&', $uriChunks[1]) as $option) {
|
||||
|
Loading…
Reference in New Issue
Block a user