916a82616f
- Includes DB storage and code validation. - Extracted TOTP work to its own service file. - Still needs testing to cover this side of things.
38 lines
805 B
PHP
38 lines
805 B
PHP
<?php
|
|
|
|
namespace BookStack\Auth\Access\Mfa;
|
|
|
|
use Illuminate\Contracts\Validation\Rule;
|
|
|
|
class TotpValidationRule implements Rule
|
|
{
|
|
|
|
protected $secret;
|
|
protected $totpService;
|
|
|
|
/**
|
|
* Create a new rule instance.
|
|
* Takes the TOTP secret that must be system provided, not user provided.
|
|
*/
|
|
public function __construct(string $secret)
|
|
{
|
|
$this->secret = $secret;
|
|
$this->totpService = app()->make(TotpService::class);
|
|
}
|
|
|
|
/**
|
|
* Determine if the validation rule passes.
|
|
*/
|
|
public function passes($attribute, $value)
|
|
{
|
|
return $this->totpService->verifyCode($value, $this->secret);
|
|
}
|
|
|
|
/**
|
|
* Get the validation error message.
|
|
*/
|
|
public function message()
|
|
{
|
|
return trans('validation.totp');
|
|
}
|
|
}
|