2021-06-30 23:10:02 +02:00
|
|
|
<?php
|
|
|
|
|
|
|
|
namespace BookStack\Auth\Access\Mfa;
|
|
|
|
|
|
|
|
use BookStack\Auth\User;
|
|
|
|
use Carbon\Carbon;
|
|
|
|
use Illuminate\Database\Eloquent\Model;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @property int $id
|
|
|
|
* @property int $user_id
|
|
|
|
* @property string $method
|
|
|
|
* @property string $value
|
|
|
|
* @property Carbon $created_at
|
|
|
|
* @property Carbon $updated_at
|
|
|
|
*/
|
|
|
|
class MfaValue extends Model
|
|
|
|
{
|
|
|
|
protected static $unguarded = true;
|
|
|
|
|
|
|
|
const METHOD_TOTP = 'totp';
|
2021-07-02 21:53:33 +02:00
|
|
|
const METHOD_BACKUP_CODES = 'backup_codes';
|
2021-06-30 23:10:02 +02:00
|
|
|
|
2021-07-14 22:27:21 +02:00
|
|
|
/**
|
|
|
|
* Get all the MFA methods available.
|
|
|
|
*/
|
|
|
|
public static function allMethods(): array
|
|
|
|
{
|
|
|
|
return [self::METHOD_TOTP, self::METHOD_BACKUP_CODES];
|
|
|
|
}
|
|
|
|
|
2021-06-30 23:10:02 +02:00
|
|
|
/**
|
|
|
|
* Upsert a new MFA value for the given user and method
|
|
|
|
* using the provided value.
|
|
|
|
*/
|
|
|
|
public static function upsertWithValue(User $user, string $method, string $value): void
|
|
|
|
{
|
|
|
|
/** @var MfaValue $mfaVal */
|
|
|
|
$mfaVal = static::query()->firstOrNew([
|
|
|
|
'user_id' => $user->id,
|
|
|
|
'method' => $method
|
|
|
|
]);
|
|
|
|
$mfaVal->setValue($value);
|
|
|
|
$mfaVal->save();
|
|
|
|
}
|
|
|
|
|
2021-08-02 16:04:43 +02:00
|
|
|
/**
|
|
|
|
* Easily get the decrypted MFA value for the given user and method.
|
|
|
|
*/
|
|
|
|
public static function getValueForUser(User $user, string $method): ?string
|
|
|
|
{
|
|
|
|
/** @var MfaValue $mfaVal */
|
|
|
|
$mfaVal = static::query()
|
|
|
|
->where('user_id', '=', $user->id)
|
|
|
|
->where('method', '=', $method)
|
|
|
|
->first();
|
|
|
|
|
|
|
|
return $mfaVal ? $mfaVal->getValue() : null;
|
|
|
|
}
|
|
|
|
|
2021-08-02 17:35:37 +02:00
|
|
|
/**
|
|
|
|
* Delete any stored MFA values for the given user and method.
|
|
|
|
*/
|
|
|
|
public static function deleteValuesForUser(User $user, string $method): void
|
|
|
|
{
|
|
|
|
static::query()
|
|
|
|
->where('user_id', '=', $user->id)
|
|
|
|
->where('method', '=', $method)
|
|
|
|
->delete();
|
|
|
|
}
|
|
|
|
|
2021-06-30 23:10:02 +02:00
|
|
|
/**
|
|
|
|
* Decrypt the value attribute upon access.
|
|
|
|
*/
|
2021-08-02 16:04:43 +02:00
|
|
|
protected function getValue(): string
|
2021-06-30 23:10:02 +02:00
|
|
|
{
|
|
|
|
return decrypt($this->value);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Encrypt the value attribute upon access.
|
|
|
|
*/
|
2021-08-02 16:04:43 +02:00
|
|
|
protected function setValue($value): void
|
2021-06-30 23:10:02 +02:00
|
|
|
{
|
|
|
|
$this->value = encrypt($value);
|
|
|
|
}
|
|
|
|
}
|