refactor: migrated 2FA logic (#3834)

Author: thorsten

phpmyfaq/.htaccess

@@ -112,6 +112,7 @@ Header set Access-Control-Allow-Headers "Content-Type, Authorization"
     RewriteRule ^(search|open-questions|glossary|overview|login|privacy|contact)\.html$ index.php?action=$1 [L,QSA]
     RewriteRule ^404\.html$ index.php [L,QSA]
     RewriteRule ^(login) index.php?action=login [L,QSA]
+    RewriteRule ^(authenticate|check|logout|token) index.php [L,QSA]
     # start page
     RewriteRule ^index.html$ index.php [L,QSA]
     # a solution ID page
@@ -144,7 +145,7 @@ Header set Access-Control-Allow-Headers "Content-Type, Authorization"
     # Authentication services
     RewriteRule ^services/webauthn(.*) index.php [L,QSA]
     # User pages
-    RewriteRule ^user/(ucp|bookmarks|request-removal|logout|register)/?$ index.php?action=$1 [L,QSA]
+    RewriteRule ^user/(ucp|bookmarks|request-removal|register)/?$ index.php?action=$1 [L,QSA]
     # Administration API
     RewriteRule ^admin/api/(.*) admin/api/index.php [L,QSA]
     # Administration pages

phpmyfaq/assets/src/frontend.ts

@@ -97,7 +97,7 @@ document.addEventListener('DOMContentLoaded', (): void => {
   handleRegister();
   handleWebAuthn();
 
-  // Masonry on the startpage
+  // Masonry on the start page
   const masonryElement: HTMLElement | null = document.querySelector('.masonry-grid');
   if (masonryElement) {
     new Masonry(masonryElement, { columnWidth: 0 });

phpmyfaq/assets/templates/default/index.twig

@@ -95,7 +95,7 @@
               {% endif %}
               <li><a class="dropdown-item" href="./user/request-removal">{{ msgUserRemoval }}</a></li>
               <li><hr class="dropdown-divider"></li>
-              <li><a class="dropdown-item" href="./user/logout?csrf={{ csrfLogout }}">{{ msgLogoutUser }}</a></li>
+              <li><a class="dropdown-item" href="./logout?csrf={{ csrfLogout }}">{{ msgLogoutUser }}</a></li>
             {% endif %}
           </ul>
         </li>

phpmyfaq/assets/templates/default/login.twig

@@ -23,8 +23,7 @@
                   <h2 class="text-center font-weight-light my-4">phpMyFAQ Login</h2>
                 </div>
                 <div class="card-body">
-                  <form action="{{ writeLoginPath|raw }}" method="post" accept-charset="utf-8" role="form">
-                    <input type="hidden" name="redirect-action" value="{{ action }}" />
+                  <form action="./authenticate" method="post" accept-charset="utf-8" role="form">
                     <div class="form-floating mb-3">
                       <input
                         class="form-control"

phpmyfaq/assets/templates/default/twofactor.twig

@@ -2,7 +2,9 @@
 
 {% block content %}
   <div class="col-12">
-    {{ loginMessage }}
+    {% if errorMessage %}
+      <div class="alert alert-danger" role="alert">{{ errorMessage }}</div>
+    {% endif %}
     <div class="container py-5">
       <div class="row">
         <div class="col-lg-12">
@@ -13,8 +15,8 @@
                   <h3 class="mb-0">{{ msgTwofactorEnabled }}</h3>
                 </div>
                 <div class="card-body">
-                  <form action="{{ writeLoginPath }}" method="post" accept-charset="utf-8" role="form" class="form">
-                    <input type="hidden" id="userid" name="userid" value="{{ userid }}">
+                  <form action="./check" method="post" accept-charset="utf-8" role="form" class="form">
+                    <input type="hidden" id="user-id" name="user-id" value="{{ userId }}">
                     <div class="row mb-2">
                       <label for="token">{{ msgEnterTwofactorToken }}</label>
                       <div class="col-4 mx-auto my-2">