Laravel 5.1使用MFA令牌登录
[英]Laravel 5.1 login with mfa token
问题描述
I'm trying to get the a login with mfa to work. 
我正在尝试使用MFA进行登录。 I'm using the https://github.com/antonioribeiro/google2fa package. 我正在使用https://github.com/antonioribeiro/google2fa软件包。
Basically the user-migration looks like this 基本上,用户迁移看起来像这样
class CreateUsersTable extends Migration {
/**
* Run the migrations.
*
* @return void
*/
public function up() {
Schema::create('users', function (Blueprint $table) {
$table->increments('id');
$table->string('name');
$table->string('email')->unique();
$table->string('password', 60);
$table->rememberToken();
$table->string('google2fa_secret');
$table->boolean('useMfa')->default(false);;
$table->timestamps();
});
}
...
If the user has not yet activated mfa I create a new secret every time the user opens the profile page. 如果用户尚未激活mfa,则每次用户打开个人资料页面时,我都会创建一个新密码。
if(!$user->useMfaToken()){
$google2fa = new Google2FA();
$user->google2fa_secret = $google2fa->generateSecretKey();
$user->save();
$google2fa_url = $google2fa->getQRCodeGoogleUrl(
'DatenPro.de',
$user->email,
$user->google2fa_secret
);
}
If the user enters the secret for finalizing the activation of mfa this will be executed: 如果用户输入用于完成mfa激活的密码,将执行以下命令:
public function saveMfa(){
$user = \Auth::user();
$secret = \Input::get('secret');
$google2fa = new Google2FA();
$valid = $google2fa->verifyKey($user->google2fa_secret, $secret);
if($valid){
$user->useMfa = true;
$user->save();
return redirect()->back()->withMessage('mfa sucessfully activated');
}
...
Now I'm working on the login with a mfa-token. 现在,我正在使用MFA令牌登录。 I want that the user has the option to enter the token at the login page, if he has already activated it, otherwise if the mfa-Checkbox is deselected the "secret" text-input is hidden. 我希望用户可以选择是否在登录页面上输入令牌,如果他已经将其激活的话,否则,如果取消选择了mfa-Checkbox,则“秘密”文本输入将被隐藏。
Email: __________
Password: __________
Use Mfa: [x]
Secret: __________
Where do I have to put the checks of the mfa token? 我必须将MFA令牌的支票放在哪里? I have read about it to check it through a middleware and a session-variable, but this seems kind of wrong. 我已经阅读了有关通过中间件和会话变量进行检查的信息,但这似乎是错误的。
1 个解决方案
解决方案1
0 已采纳 2015-10-07 21:08:00
Just figured it out before posting. 刚发布之前就想通了。
You can implement a "authenticated"-method in the AuthController. 您可以在AuthController中实现“经过身份验证”的方法。 This could look like this: 可能看起来像这样:
public function authenticated($request, $user){
if($user->useMfaToken()){
$secret = \Input::get('secret');
$google2fa = new Google2FA();
$validMfaToken = $google2fa->verifyKey($user->google2fa_secret, $secret);
}else{
$validMfaToken = true;
}
if($validMfaToken){
return redirect()->intended('dashboard');
}
Auth::logout();
return redirect($this->loginPath)
->withInput($request->only('email', 'remember'))
->withErrors([
'secret' => 'mfa token was not corret',
]);
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.