extern/2FAuth
1
0
Fork 0
mirror of https://github.com/Bubka/2FAuth.git synced 2025-04-10 01:39:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

Check URI validity after QR code upload

Browse Source
This commit is contained in:
Bubka 2020-01-09 17:32:27 +01:00
parent 93f7c4a709
commit 140cedccf3
2 changed files with 19 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Classes/TimedTOTP.php
View File

@ -4,6 +4,7 @@
use OTPHP\TOTP; use OTPHP\TOTP;
use OTPHP\Factory; use OTPHP\Factory;
use Assert\AssertionFailedException;
class TimedTOTP class TimedTOTP
{ {
@ -16,10 +17,11 @@ class TimedTOTP
*/ */
public static function get($uri) public static function get($uri)
{ {
try { try {
$otp = Factory::loadFromProvisioningUri($uri); $otp = Factory::loadFromProvisioningUri($uri);
} }
catch (InvalidArgumentException $exception) { catch (AssertionFailedException $exception) {
return false; return false;
} }

20
app/Http/Controllers/QrCodeController.php
View File

@ -3,11 +3,11 @@
namespace App\Http\Controllers; namespace App\Http\Controllers;
use Validator; use Validator;
use Illuminate\Http\Request;
use Illuminate\Http\File;
use Illuminate\Support\Facades\Storage;
use Zxing\QrReader; use Zxing\QrReader;
use App\TwoFAccount; use App\Classes\TimedTOTP;
use Illuminate\Http\File;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Storage;
class QrCodecontroller extends Controller class QrCodecontroller extends Controller
{ {
@ -39,6 +39,7 @@ public function decode(Request $request)
$qrcode = new QrReader(storage_path('app/' . $path)); $qrcode = new QrReader(storage_path('app/' . $path));
$uri = urldecode($qrcode->text()); $uri = urldecode($qrcode->text());
// delete uploaded file
Storage::delete($path); Storage::delete($path);
if( empty($uri) ) { if( empty($uri) ) {
@ -51,6 +52,17 @@ public function decode(Request $request)
} }
// Check uri validity
if( !TimedTOTP::get($uri) ) {
return response()->json([
'error' => [
'uri' => 'This uri do not return any TOTP code 😕'
]
], 400);
}
$uriChunks = explode('?', $uri); $uriChunks = explode('?', $uri);
foreach(explode('&', $uriChunks[1]) as $option) { foreach(explode('&', $uriChunks[1]) as $option) {