From 4ab39747753c0543104526563df9563a69e8a210 Mon Sep 17 00:00:00 2001
From: Andrii Vasyliev <sol@hiqdev.com>
Date: Fri, 6 Jan 2017 16:30:00 +0000
Subject: [PATCH] added redirecting for totp enable/disable/toggle

---
 src/controllers/TotpController.php | 31 ++++++++++++++++++++++--------
 src/messages/ru/mfa.php            |  3 ++-
 src/views/totp/_check.php          |  2 +-
 src/views/totp/_enable.php         |  3 +--
 src/views/totp/enable.php          |  1 +
 src/views/totp/redirect.php        | 17 ++++++++++++++++
 6 files changed, 45 insertions(+), 12 deletions(-)
 create mode 100644 src/views/totp/redirect.php

diff --git a/src/controllers/TotpController.php b/src/controllers/TotpController.php
index 18094aa..8f3fc9d 100644
--- a/src/controllers/TotpController.php
+++ b/src/controllers/TotpController.php
@@ -12,6 +12,7 @@
 
 use hiqdev\yii2\mfa\forms\InputForm;
 use Yii;
+use yii\helpers\Url;
 use yii\filters\AccessControl;
 
 /**
@@ -35,7 +36,7 @@ public function behaviors()
                     ],
                     // @ - authenticated
                     [
-                        'actions' => ['enable', 'disable'],
+                        'actions' => ['enable', 'disable', 'toggle'],
                         'roles' => ['@'],
                         'allow' => true,
                     ],
@@ -49,13 +50,13 @@ public function denyCallback()
         return $this->goHome();
     }
 
-    public function actionEnable()
+    public function actionEnable($back = null)
     {
         $user = Yii::$app->user->identity;
         if ($user->totp_secret) {
             Yii::$app->session->setFlash('error', Yii::t('mfa', 'Two-factor authentication is already enabled. Disable first.'));
 
-            return $this->goHome();
+            return empty($back) ? $this->goHome() : $this->deferredRedirect($back);
         }
 
         $model = new InputForm();
@@ -64,14 +65,15 @@ public function actionEnable()
         if ($model->load(Yii::$app->request->post()) && $model->validate()) {
             if ($this->module->getTotp()->verifyCode($secret, $model->code)) {
                 $user->totp_secret = $secret;
+                $this->module->getTotp()->setIsVerified(true);
                 if ($user->save() && Yii::$app->user->login($user)) {
                     Yii::$app->session->setFlash('success', Yii::t('mfa', 'Two-factor authentication successfully enabled.'));
 
-                    return $this->goBack();
+                    return empty($back) ? $this->goBack() : $this->deferredRedirect($back);
                 } else {
                     Yii::$app->session->setFlash('error', Yii::t('mfa', 'Sorry, we have failed to enable two-factor authentication.'));
 
-                    return $this->goHome();
+                    return empty($back) ? $this->goHome() : $this->deferredRedirect($back);
                 }
             } else {
                 $model->addError('code', Yii::t('mfa', 'Wrong verification code. Please verify your secret and try again.'));
@@ -83,20 +85,33 @@ public function actionEnable()
         return $this->render('enable', compact('model', 'secret', 'qrcode'));
     }
 
-    public function actionDisable()
+    public function actionDisable($back = null)
     {
+        $this->module->getTotp()->removeSecret();
         $user = Yii::$app->user->identity;
         $user->totp_secret = '';
         if ($user->save()) {
             Yii::$app->session->setFlash('success', Yii::t('mfa', 'Two-factor authentication successfully disabled.'));
         }
 
-        return $this->goBack();
+        return empty($back) ? $this->goBack() : $this->deferredRedirect($back);
+    }
+
+    public function deferredRedirect($url = null)
+    {
+        return $this->render('redirect', compact('url'));
+    }
+
+    public function actionToggle($back = null)
+    {
+        $user = Yii::$app->user->identity;
+
+        return empty($user->totp_secret) ? $this->actionEnable($back) : $this->actionDisable($back);
     }
 
     public function actionCheck()
     {
-        $user = Yii::$app->user->getHalfUser();
+        $user = $this->module->getHalfUser();
         $model = new InputForm();
 
         if ($model->load(Yii::$app->request->post()) && $model->validate()) {
diff --git a/src/messages/ru/mfa.php b/src/messages/ru/mfa.php
index bfb5e1d..c9d4ae1 100644
--- a/src/messages/ru/mfa.php
+++ b/src/messages/ru/mfa.php
@@ -17,9 +17,10 @@
     'Enter the six-digit code from your app' => 'Введите шестизначный код из вашего приложения',
     'Follow the link below to allow the IP address {ip}:' => 'Перейдите по ссылке ниже чтобы разрешить IP-адрес {ip}:',
     'Hello {name}' => 'Здравствуйте {name}',
-    'If you can\'t use a QR-code {link}' => 'Если вы не можете использовать QR-код',
+    'If you can\'t use a QR-code' => 'Если вы не можете использовать QR-код',
     'Not allowed IP' => 'Неразрешённый IP',
     'Now you are allowed to login from {ip}.' => 'Теперь Вам разрешён логин с {ip}',
+    'Redirecting...' => 'Переходим...',
     'Scan the image below with the two-factor authentication app on your mobile device.' => 'Сканируйте изображение ниже с помощью приложения двухфакторной аутентификации на вашем мобильном устройстве',
     'Scan this QR-code with your app' => 'Сканируйте этот QR-код вашим приложением',
     'Sorry, we are unable to add allowed IP for the user.' => 'Извините, мы не можем разрешить IP этому пользователю.',
diff --git a/src/views/totp/_check.php b/src/views/totp/_check.php
index 0dbdf7d..6d84b30 100644
--- a/src/views/totp/_check.php
+++ b/src/views/totp/_check.php
@@ -5,7 +5,7 @@
         <p>
             <?= Yii::t('mfa', 'Use your two-factor authentication app to find the authentication code for:') ?>
             <br/>
-            <?= $issuer ?> / <?= $username ?>
+            <b class="text-primary"><?= $issuer ?> (<?= $username ?>)</b>
         </p>
     </div>
 </div>
diff --git a/src/views/totp/_enable.php b/src/views/totp/_enable.php
index 750149b..c86994b 100644
--- a/src/views/totp/_enable.php
+++ b/src/views/totp/_enable.php
@@ -8,9 +8,8 @@
 
 <p><?= Yii::t('mfa', 'Scan the image below with the two-factor authentication app on your mobile device.') ?></p>
 
-<p><?= Yii::t('mfa', 'If you can\'t use a QR-code {link}', ['link' => Html::a(Yii::t('mfa', 'enter this text code instead'), '#')]) ?>: <?= $secret ?></p>
+<p><?= Yii::t('mfa', "If you can't use a QR-code") . ' ' . Yii::t('mfa', 'enter this text code instead') ?>: <?= $secret ?></p>
 
 <p align="center"><?= Html::img($qrcode, ['class' => 'img-thumbnail']) ?></p>
 
 <h3><?= Yii::t('mfa', 'Enter the six-digit code from your app') ?></h3>
-
diff --git a/src/views/totp/enable.php b/src/views/totp/enable.php
index fd27f7b..d89dbbf 100644
--- a/src/views/totp/enable.php
+++ b/src/views/totp/enable.php
@@ -5,6 +5,7 @@
 /** @var yii\web\View $this */
 $this->title = Yii::t('mfa', 'Enable two-factor authentication');
 $this->params['breadcrumbs'][] = $this->title;
+
 ?>
 
 <?= LoginForm::widget([
diff --git a/src/views/totp/redirect.php b/src/views/totp/redirect.php
new file mode 100644
index 0000000..5c0ce06
--- /dev/null
+++ b/src/views/totp/redirect.php
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+        <title><?= Yii::t('mfa', 'Redirecting...') ?></title>
+    </head>
+    <body onload="setTimeout(go, 1000);">
+        <script language="javascript">
+            function go() {
+                window.location = "<?= htmlspecialchars($url) ?>";
+            }
+        </script>
+        <div class="center" width="100%">
+            <a href="<?= htmlspecialchars($url) ?>"><?= Yii::t('mfa', 'Redirecting...') ?></a>
+        </div>
+    </body>
+</html>