Upgrade to rc5

kirby/src/Cms/Auth/Challenge.php

@@ -0,0 +1,63 @@
+<?php
+
+namespace Kirby\Cms\Auth;
+
+use Kirby\Cms\User;
+
+/**
+ * Template class for authentication challenges
+ * that create and verify one-time auth codes
+ *
+ * @package   Kirby Cms
+ * @author    Lukas Bestle <lukas@getkirby.com>
+ * @link      https://getkirby.com
+ * @copyright Bastian Allgeier GmbH
+ * @license   https://getkirby.com/license
+ */
+abstract class Challenge
+{
+    /**
+     * Checks whether the challenge is available
+     * for the passed user and purpose
+     *
+     * @param \Kirby\Cms\User $user User the code will be generated for
+     * @param string $mode Purpose of the code ('login', 'reset' or '2fa')
+     * @return bool
+     */
+    abstract public static function isAvailable(User $user, string $mode): bool;
+
+    /**
+     * Generates a random one-time auth code and returns that code
+     * for later verification
+     *
+     * @param \Kirby\Cms\User $user User to generate the code for
+     * @param array $options Details of the challenge request:
+     *                       - 'mode': Purpose of the code ('login', 'reset' or '2fa')
+     *                       - 'timeout': Number of seconds the code will be valid for
+     * @return string|null The generated and sent code or `null` in case
+     *                     there was no code to generate by this algorithm
+     */
+    abstract public static function create(User $user, array $options): ?string;
+
+    /**
+     * Verifies the provided code against the created one;
+     * default implementation that checks the code that was
+     * returned from the `create()` method
+     *
+     * @param \Kirby\Cms\User $user User to check the code for
+     * @param string $code Code to verify
+     * @return bool
+     */
+    public static function verify(User $user, string $code): bool
+    {
+        $hash = $user->kirby()->session()->get('kirby.challenge.code');
+        if (is_string($hash) !== true) {
+            return false;
+        }
+
+        // normalize the formatting in the user-provided code
+        $code = str_replace(' ', '', $code);
+
+        return password_verify($code, $hash);
+    }
+}

kirby/src/Cms/Auth/EmailChallenge.php

@@ -0,0 +1,76 @@
+<?php
+
+namespace Kirby\Cms\Auth;
+
+use Kirby\Cms\User;
+use Kirby\Toolkit\I18n;
+use Kirby\Toolkit\Str;
+
+/**
+ * Creates and verifies one-time auth codes
+ * that are sent via email
+ *
+ * @package   Kirby Cms
+ * @author    Lukas Bestle <lukas@getkirby.com>
+ * @link      https://getkirby.com
+ * @copyright Bastian Allgeier GmbH
+ * @license   https://getkirby.com/license
+ */
+class EmailChallenge extends Challenge
+{
+    /**
+     * Checks whether the challenge is available
+     * for the passed user and purpose
+     *
+     * @param \Kirby\Cms\User $user User the code will be generated for
+     * @param string $mode Purpose of the code ('login', 'reset' or '2fa')
+     * @return bool
+     */
+    public static function isAvailable(User $user, string $mode): bool
+    {
+        return true;
+    }
+
+    /**
+     * Generates a random one-time auth code and returns that code
+     * for later verification
+     *
+     * @param \Kirby\Cms\User $user User to generate the code for
+     * @param array $options Details of the challenge request:
+     *                       - 'mode': Purpose of the code ('login', 'reset' or '2fa')
+     *                       - 'timeout': Number of seconds the code will be valid for
+     * @return string The generated and sent code
+     */
+    public static function create(User $user, array $options): string
+    {
+        $code = Str::random(6, 'num');
+
+        // insert a space in the middle for easier readability
+        $formatted = substr($code, 0, 3) . ' ' . substr($code, 3, 3);
+
+        // use the login templates for 2FA
+        $mode = $options['mode'];
+        if ($mode === '2fa') {
+            $mode = 'login';
+        }
+
+        $kirby = $user->kirby();
+        $kirby->email([
+            'from' => $kirby->option('auth.challenge.email.from', 'noreply@' . $kirby->system()->indexUrl()),
+            'fromName' => $kirby->option('auth.challenge.email.fromName', $kirby->site()->title()),
+            'to' => $user,
+            'subject' => $kirby->option(
+                'auth.challenge.email.subject',
+                I18n::translate('login.email.' . $mode . '.subject')
+            ),
+            'template' => 'auth/' . $mode,
+            'data' => [
+                'user'    => $user,
+                'code'    => $formatted,
+                'timeout' => round($options['timeout'] / 60)
+            ]
+        ]);
+
+        return $code;
+    }
+}