实现恢复代码登录账户功能
*目前的安全策略是使用过的恢复代码将会失效 *其实想做的是在恢复后自动关掉二步验证:)
This commit is contained in:
parent
dd23efda5b
commit
220b1abff6
@ -183,18 +183,40 @@ class UserController extends Controller
|
|||||||
|
|
||||||
if ($model->load(Yii::$app->request->post())) {
|
if ($model->load(Yii::$app->request->post())) {
|
||||||
// 验证二步验证代码
|
// 验证二步验证代码
|
||||||
$otp = TOTP::createFromSecret($user->otp_secret);
|
if(!is_null($model->totp_input)){
|
||||||
if ($otp->verify($model->totp_input)) {
|
$otp = TOTP::createFromSecret($user->otp_secret);
|
||||||
$user->last_login = date('Y-m-d H:i:s');
|
if ($otp->verify($model->totp_input)) {
|
||||||
$user->last_login_ip = Yii::$app->request->userIP;
|
$user->last_login = date('Y-m-d H:i:s');
|
||||||
if (!$user->save(false)) {
|
$user->last_login_ip = Yii::$app->request->userIP;
|
||||||
Yii::$app->session->setFlash('error', '登陆成功,但出现了内部错误');
|
if (!$user->save(false)) {
|
||||||
|
Yii::$app->session->setFlash('error', '登陆成功,但出现了内部错误');
|
||||||
|
}
|
||||||
|
Yii::$app->user->login($user, $model->rememberMe ? 3600 * 24 * 30 : 0);
|
||||||
|
Yii::$app->session->remove('login_verification');
|
||||||
|
return $this->goHome();
|
||||||
|
} else {
|
||||||
|
Yii::$app->session->setFlash('error', '二步验证代码错误');
|
||||||
}
|
}
|
||||||
Yii::$app->user->login($user, $model->rememberMe ? 3600 * 24 * 30 : 0);
|
}elseif (!is_null($model->recoveryCode_input)) {
|
||||||
Yii::$app->session->remove('login_verification');
|
$recoveryCodes = explode(',', $user->recovery_codes);
|
||||||
return $this->goHome();
|
if (in_array($model->recoveryCode_input, $recoveryCodes)) {
|
||||||
} else {
|
//remove the used recovery code
|
||||||
Yii::$app->session->setFlash('error', '二步验证代码错误');
|
$recoveryCodes = array_diff($recoveryCodes, [$model->recoveryCode_input]);
|
||||||
|
$user->recovery_codes = implode(',', $recoveryCodes);
|
||||||
|
$user->last_login = date('Y-m-d H:i:s');
|
||||||
|
$user->last_login_ip = Yii::$app->request->userIP;
|
||||||
|
if (!$user->save(false)) {
|
||||||
|
Yii::$app->session->setFlash('error', '登陆成功,但出现了内部错误');
|
||||||
|
}
|
||||||
|
Yii::$app->session->setFlash('success', '登陆成功,但请注意已经使用的恢复代码已失效');
|
||||||
|
Yii::$app->user->login($user, $model->rememberMe ? 3600 * 24 * 30 : 0);
|
||||||
|
Yii::$app->session->remove('login_verification');
|
||||||
|
return $this->goHome();
|
||||||
|
} else {
|
||||||
|
Yii::$app->session->setFlash('error', '恢复代码错误');
|
||||||
|
}
|
||||||
|
}else{
|
||||||
|
Yii::$app->session->setFlash('error', '请输入二步验证代码或恢复代码');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -42,6 +42,7 @@ class User extends ActiveRecord implements IdentityInterface
|
|||||||
public $newPassword; // 新密码 修改密码用
|
public $newPassword; // 新密码 修改密码用
|
||||||
public $newPasswordRepeat; // 重复新密码 修改密码用
|
public $newPasswordRepeat; // 重复新密码 修改密码用
|
||||||
public $totp_input; // otp用户输入值
|
public $totp_input; // otp用户输入值
|
||||||
|
public $recoveryCode_input; // 恢复代码用户输入
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* {@inheritdoc}
|
* {@inheritdoc}
|
||||||
@ -59,7 +60,7 @@ class User extends ActiveRecord implements IdentityInterface
|
|||||||
return [
|
return [
|
||||||
[['status', 'is_encryption_enabled', 'is_otp_enabled','dark_mode'], 'integer'],
|
[['status', 'is_encryption_enabled', 'is_otp_enabled','dark_mode'], 'integer'],
|
||||||
[['created_at', 'last_login'], 'safe'],
|
[['created_at', 'last_login'], 'safe'],
|
||||||
[['bio', 'totp_input'], 'string'],
|
[['bio', 'totp_input','recoveryCode_input'], 'string'],
|
||||||
[['encryption_key', 'otp_secret', 'recovery_codes'], 'string', 'max' => 255],
|
[['encryption_key', 'otp_secret', 'recovery_codes'], 'string', 'max' => 255],
|
||||||
[['last_login_ip'], 'string', 'max' => 45],
|
[['last_login_ip'], 'string', 'max' => 45],
|
||||||
[['username', 'password'], 'required', 'on' => 'login'],
|
[['username', 'password'], 'required', 'on' => 'login'],
|
||||||
|
@ -23,6 +23,13 @@ $this->params['breadcrumbs'][] = $this->title;
|
|||||||
<?= Html::submitButton('提交', ['class' => 'btn btn-primary']) ?>
|
<?= Html::submitButton('提交', ['class' => 'btn btn-primary']) ?>
|
||||||
</div>
|
</div>
|
||||||
<?php ActiveForm::end(); ?>
|
<?php ActiveForm::end(); ?>
|
||||||
|
<hr>
|
||||||
|
<?php $form = ActiveForm::begin(); ?>
|
||||||
|
<?= $form->field($model, 'recoveryCode_input')->textInput()->label('丢失所有验证设备? 使用恢复代码') ?>
|
||||||
|
<div class="form-group">
|
||||||
|
<?= Html::submitButton('恢复账户', ['class' => 'btn btn-primary']) ?>
|
||||||
|
</div>
|
||||||
|
<?php ActiveForm::end(); ?>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div><!-- user-login-2fa -->
|
</div><!-- user-login-2fa -->
|
||||||
|
Loading…
Reference in New Issue
Block a user