Server : Apache System : Linux server2.corals.io 4.18.0-348.2.1.el8_5.x86_64 #1 SMP Mon Nov 15 09:17:08 EST 2021 x86_64 User : corals ( 1002) PHP Version : 7.4.33 Disable Function : exec,passthru,shell_exec,system Directory : /home/corals/old/vendor/magento/module-two-factor-auth/Controller/Adminhtml/Authy/ |
<?php
/**
* Copyright © Magento, Inc. All rights reserved.
* See COPYING.txt for license details.
*/
declare(strict_types=1);
namespace Magento\TwoFactorAuth\Controller\Adminhtml\Authy;
use Exception;
use Magento\Backend\Model\Auth\Session;
use Magento\Backend\App\Action;
use Magento\Framework\App\Action\HttpPostActionInterface;
use Magento\Framework\DataObjectFactory;
use Magento\Framework\Controller\Result\JsonFactory;
use Magento\TwoFactorAuth\Model\AlertInterface;
use Magento\TwoFactorAuth\Api\TfaInterface;
use Magento\TwoFactorAuth\Api\TfaSessionInterface;
use Magento\TwoFactorAuth\Controller\Adminhtml\AbstractAction;
use Magento\TwoFactorAuth\Model\Provider\Engine\Authy;
use Magento\User\Model\User;
/**
* @SuppressWarnings(PHPMD.CamelCaseMethodName)
*/
class Authpost extends AbstractAction implements HttpPostActionInterface
{
/**
* @var TfaInterface
*/
private $tfa;
/**
* @var Session
*/
private $session;
/**
* @var JsonFactory
*/
private $jsonFactory;
/**
* @var TfaSessionInterface
*/
private $tfaSession;
/**
* @var Authy
*/
private $authy;
/**
* @var DataObjectFactory
*/
private $dataObjectFactory;
/**
* @var AlertInterface
*/
private $alert;
/**
* @param Action\Context $context
* @param Session $session
* @param JsonFactory $jsonFactory
* @param Authy $authy
* @param TfaSessionInterface $tfaSession
* @param TfaInterface $tfa
* @param AlertInterface $alert
* @param DataObjectFactory $dataObjectFactory
*/
public function __construct(
Action\Context $context,
Session $session,
JsonFactory $jsonFactory,
Authy $authy,
TfaSessionInterface $tfaSession,
TfaInterface $tfa,
AlertInterface $alert,
DataObjectFactory $dataObjectFactory
) {
parent::__construct($context);
$this->tfa = $tfa;
$this->session = $session;
$this->jsonFactory = $jsonFactory;
$this->tfaSession = $tfaSession;
$this->authy = $authy;
$this->dataObjectFactory = $dataObjectFactory;
$this->alert = $alert;
}
/**
* Get current user
*
* @return User|null
*/
private function getUser(): ?User
{
return $this->session->getUser();
}
/**
* @inheritdoc
*/
public function execute()
{
$user = $this->getUser();
$result = $this->jsonFactory->create();
try {
$this->authy->verify($user, $this->dataObjectFactory->create([
'data' => $this->getRequest()->getParams(),
]));
$this->tfaSession->grantAccess();
$result->setData(['success' => true]);
} catch (Exception $e) {
$this->alert->event(
'Magento_TwoFactorAuth',
'Authy error',
AlertInterface::LEVEL_ERROR,
$this->getUser()->getUserName(),
$e->getMessage()
);
$result->setData(['success' => false, 'message' => $e->getMessage()]);
}
return $result;
}
/**
* @inheritdoc
*/
protected function _isAllowed()
{
$user = $this->getUser();
return
$user &&
$this->tfa->getProviderIsAllowed((int) $user->getId(), Authy::CODE) &&
$this->tfa->getProvider(Authy::CODE)->isActive((int) $user->getId());
}
}