2021-06-30 22:10:02 +01:00
|
|
|
<?php
|
|
|
|
|
2023-05-17 17:56:55 +01:00
|
|
|
namespace BookStack\Access\Mfa;
|
2021-06-30 22:10:02 +01:00
|
|
|
|
2023-05-17 17:56:55 +01:00
|
|
|
use BookStack\Users\Models\User;
|
2021-06-30 22:10:02 +01:00
|
|
|
use Carbon\Carbon;
|
|
|
|
use Illuminate\Database\Eloquent\Model;
|
|
|
|
|
|
|
|
/**
|
2021-08-21 14:49:40 +00:00
|
|
|
* @property int $id
|
|
|
|
* @property int $user_id
|
2021-06-30 22:10:02 +01:00
|
|
|
* @property string $method
|
|
|
|
* @property string $value
|
|
|
|
* @property Carbon $created_at
|
|
|
|
* @property Carbon $updated_at
|
|
|
|
*/
|
|
|
|
class MfaValue extends Model
|
|
|
|
{
|
|
|
|
protected static $unguarded = true;
|
|
|
|
|
|
|
|
const METHOD_TOTP = 'totp';
|
2021-07-02 20:53:33 +01:00
|
|
|
const METHOD_BACKUP_CODES = 'backup_codes';
|
2021-06-30 22:10:02 +01:00
|
|
|
|
2021-07-14 21:27:21 +01:00
|
|
|
/**
|
|
|
|
* Get all the MFA methods available.
|
|
|
|
*/
|
|
|
|
public static function allMethods(): array
|
|
|
|
{
|
|
|
|
return [self::METHOD_TOTP, self::METHOD_BACKUP_CODES];
|
|
|
|
}
|
|
|
|
|
2021-06-30 22:10:02 +01:00
|
|
|
/**
|
|
|
|
* Upsert a new MFA value for the given user and method
|
|
|
|
* using the provided value.
|
|
|
|
*/
|
|
|
|
public static function upsertWithValue(User $user, string $method, string $value): void
|
|
|
|
{
|
|
|
|
/** @var MfaValue $mfaVal */
|
|
|
|
$mfaVal = static::query()->firstOrNew([
|
|
|
|
'user_id' => $user->id,
|
2021-08-21 14:49:40 +00:00
|
|
|
'method' => $method,
|
2021-06-30 22:10:02 +01:00
|
|
|
]);
|
|
|
|
$mfaVal->setValue($value);
|
|
|
|
$mfaVal->save();
|
|
|
|
}
|
|
|
|
|
2021-08-02 15:04:43 +01:00
|
|
|
/**
|
|
|
|
* Easily get the decrypted MFA value for the given user and method.
|
|
|
|
*/
|
|
|
|
public static function getValueForUser(User $user, string $method): ?string
|
|
|
|
{
|
|
|
|
/** @var MfaValue $mfaVal */
|
|
|
|
$mfaVal = static::query()
|
|
|
|
->where('user_id', '=', $user->id)
|
|
|
|
->where('method', '=', $method)
|
|
|
|
->first();
|
|
|
|
|
|
|
|
return $mfaVal ? $mfaVal->getValue() : null;
|
|
|
|
}
|
|
|
|
|
2021-06-30 22:10:02 +01:00
|
|
|
/**
|
|
|
|
* Decrypt the value attribute upon access.
|
|
|
|
*/
|
2021-08-02 15:04:43 +01:00
|
|
|
protected function getValue(): string
|
2021-06-30 22:10:02 +01:00
|
|
|
{
|
|
|
|
return decrypt($this->value);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Encrypt the value attribute upon access.
|
|
|
|
*/
|
2021-08-02 15:04:43 +01:00
|
|
|
protected function setValue($value): void
|
2021-06-30 22:10:02 +01:00
|
|
|
{
|
|
|
|
$this->value = encrypt($value);
|
|
|
|
}
|
|
|
|
}
|