extern/2FAuth
1
0
Fork 0
mirror of https://github.com/Bubka/2FAuth.git synced 2024-11-25 01:34:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Return only essentials attributes when a token is requested to back-end

Browse Source
This commit is contained in:
Bubka 2020-11-21 21:46:31 +01:00
parent b4ce39e9d5
commit 7a32998b4c
4 changed files with 26 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
app/Http/Controllers/TwoFAccountController.php
View File

@ -164,13 +164,16 @@ public function preview(Request $request)
/** /**
* Generate a TOTP * Generate an OTP token
* *
* @param \Illuminate\Http\Request $request * @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response * @return \Illuminate\Http\Response
*/ */
public function generateOTP(Request $request) public function token(Request $request)
{ {
// When the method is called during the process of creating/editing an HOTP account the
// sensitive data have to be returned, because of the hotpCounter increment
$shouldResponseWithSensitiveData = false;
if( $request->id ) { if( $request->id ) {
@ -182,14 +185,20 @@ public function generateOTP(Request $request)
// The request data contain an uri // The request data contain an uri
$twofaccount = new TwoFAccount; $twofaccount = new TwoFAccount;
$twofaccount->uri = $request->otp['uri']; $twofaccount->uri = $request->otp['uri'];
$shouldResponseWithSensitiveData = true;
} }
else { else {
// The request data should contain all otp parameter // The request data should contain all otp parameter
$twofaccount = new TwoFAccount; $twofaccount = new TwoFAccount;
$twofaccount->populate($request->otp); $twofaccount->populate($request->otp);
$shouldResponseWithSensitiveData = true;
} }
$response = [
'token' => $twofaccount->token,
];
if( $twofaccount->otpType === 'hotp' ) { if( $twofaccount->otpType === 'hotp' ) {
// returned counter & uri will be updated // returned counter & uri will be updated
@ -199,13 +208,19 @@ public function generateOTP(Request $request)
if( $request->id ) { if( $request->id ) {
$twofaccount->save(); $twofaccount->save();
} }
if( $shouldResponseWithSensitiveData ) {
$response['hotpCounter'] = $twofaccount->hotpCounter;
$response['uri'] = $twofaccount->uri;
}
}
else {
$response['totpPeriod'] = $twofaccount->totpPeriod;
$response['totpTimestamp'] = $twofaccount->totpTimestamp;
} }
if( $request->id ) { return response()->json($response, 200);
return response()->json($twofaccount, 200);
}
return response()->json($twofaccount->makeVisible(['uri', 'secret', 'algorithm']), 200);
} }

2
app/TwoFAccount.php
View File

@ -49,7 +49,7 @@ class TwoFAccount extends Model implements Sortable
* *
* @var array * @var array
*/ */
protected $hidden = ['uri', 'secret', 'algorithm', 'created_at', 'updated_at']; protected $hidden = ['token', 'uri', 'secret', 'algorithm', 'created_at', 'updated_at'];
/** /**

4
resources/js/components/TokenDisplayer.vue
View File

@ -125,7 +125,7 @@
this.dotToDotCounter = 0 this.dotToDotCounter = 0
this.axios.post('/api/twofaccounts/otp', { id: this.id, otp: this.$props }).then(response => { this.axios.post('/api/twofaccounts/token', { id: this.id, otp: this.$props }).then(response => {
let spacePosition = Math.ceil(response.data.token.length / 2); let spacePosition = Math.ceil(response.data.token.length / 2);
@ -188,7 +188,7 @@
getHOTP: function() { getHOTP: function() {
this.axios.post('/api/twofaccounts/otp', { id: this.id, otp: this.$props }).then(response => { this.axios.post('/api/twofaccounts/token', { id: this.id, otp: this.$props }).then(response => {
let spacePosition = Math.ceil(response.data.token.length / 2); let spacePosition = Math.ceil(response.data.token.length / 2);
this.token = response.data.token.substr(0, spacePosition) + " " + response.data.token.substr(spacePosition) this.token = response.data.token.substr(0, spacePosition) + " " + response.data.token.substr(spacePosition)

2
routes/api.php
View File

@ -41,10 +41,10 @@
Route::post('twofaccounts/preview', 'TwoFAccountController@preview'); Route::post('twofaccounts/preview', 'TwoFAccountController@preview');
Route::get('twofaccounts/{twofaccount}/withSensitive', 'TwoFAccountController@showWithSensitive'); Route::get('twofaccounts/{twofaccount}/withSensitive', 'TwoFAccountController@showWithSensitive');
Route::get('twofaccounts/count', 'TwoFAccountController@count'); Route::get('twofaccounts/count', 'TwoFAccountController@count');
Route::post('twofaccounts/token', 'TwoFAccountController@token');
Route::apiResource('twofaccounts', 'TwoFAccountController'); Route::apiResource('twofaccounts', 'TwoFAccountController');
Route::patch('group/accounts', 'GroupController@associateAccounts'); Route::patch('group/accounts', 'GroupController@associateAccounts');
Route::apiResource('groups', 'GroupController'); Route::apiResource('groups', 'GroupController');
Route::post('twofaccounts/otp', 'TwoFAccountController@generateOTP')->name('twofaccounts.generateOTP');
Route::post('qrcode/decode', 'QrCodeController@decode'); Route::post('qrcode/decode', 'QrCodeController@decode');
Route::get('qrcode/{twofaccount}', 'QrCodeController@show'); Route::get('qrcode/{twofaccount}', 'QrCodeController@show');
Route::post('icon/upload', 'IconController@upload'); Route::post('icon/upload', 'IconController@upload');