Check URI validity after QR code upload

This commit is contained in:
Bubka 2020-01-09 17:32:27 +01:00
parent 93f7c4a709
commit 140cedccf3
2 changed files with 19 additions and 5 deletions

View File

@ -4,6 +4,7 @@
use OTPHP\TOTP;
use OTPHP\Factory;
use Assert\AssertionFailedException;
class TimedTOTP
{
@ -16,10 +17,11 @@ class TimedTOTP
*/
public static function get($uri)
{
try {
$otp = Factory::loadFromProvisioningUri($uri);
}
catch (InvalidArgumentException $exception) {
catch (AssertionFailedException $exception) {
return false;
}

View File

@ -3,11 +3,11 @@
namespace App\Http\Controllers;
use Validator;
use Illuminate\Http\Request;
use Illuminate\Http\File;
use Illuminate\Support\Facades\Storage;
use Zxing\QrReader;
use App\TwoFAccount;
use App\Classes\TimedTOTP;
use Illuminate\Http\File;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Storage;
class QrCodecontroller extends Controller
{
@ -39,6 +39,7 @@ public function decode(Request $request)
$qrcode = new QrReader(storage_path('app/' . $path));
$uri = urldecode($qrcode->text());
// delete uploaded file
Storage::delete($path);
if( empty($uri) ) {
@ -51,6 +52,17 @@ public function decode(Request $request)
}
// Check uri validity
if( !TimedTOTP::get($uri) ) {
return response()->json([
'error' => [
'uri' => 'This uri do not return any TOTP code 😕'
]
], 400);
}
$uriChunks = explode('?', $uri);
foreach(explode('&', $uriChunks[1]) as $option) {