app/Http/Middleware/VerifyTwoFactor.php

<?php

namespace App\Http\Middleware;

use App\Models\UserPref;
use Closure;
use Illuminate\Support\Str;
use LibreNMS\Config;

class VerifyTwoFactor
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request $request
     * @param  \Closure $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        // check twofactor
        if (Config::get('twofactor') === true) {
            // don't apply on 2fa checking routes
            if (Str::startsWith($request->route()->getName(), '2fa.')) {
                return $next($request);
            }

            $twofactor = $request->session()->get('twofactoradd', UserPref::getPref($request->user(), 'twofactor'));

            if (!empty($twofactor)) {
                // user has 2fa enabled
                if (!$request->session()->get('twofactor')) {
                    // verification is needed
                    return redirect('/2fa');
                }
            }
        }

        return $next($request);
    }
}
Use Laravel authentication (#8702) * Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql 2018-09-11 07:51:35 -05:00			`<?php`

			`namespace App\Http\Middleware;`

			`use App\Models\UserPref;`
			`use Closure;`
Remove Laravel helpers (#11428) * Remove Laravel helpers * Replace qualifier with import 2020-04-17 17:37:56 -05:00			`use Illuminate\Support\Str;`
Use Laravel authentication (#8702) * Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql 2018-09-11 07:51:35 -05:00			`use LibreNMS\Config;`

			`class VerifyTwoFactor`
			`{`
			`/**`
			`* Handle an incoming request.`
			`*`
			`* @param \Illuminate\Http\Request $request`
			`* @param \Closure $next`
			`* @return mixed`
			`*/`
			`public function handle($request, Closure $next)`
			`{`
			`// check twofactor`
			`if (Config::get('twofactor') === true) {`
			`// don't apply on 2fa checking routes`
Remove Laravel helpers (#11428) * Remove Laravel helpers * Replace qualifier with import 2020-04-17 17:37:56 -05:00			`if (Str::startsWith($request->route()->getName(), '2fa.')) {`
Use Laravel authentication (#8702) * Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql 2018-09-11 07:51:35 -05:00			`return $next($request);`
			`}`

			`$twofactor = $request->session()->get('twofactoradd', UserPref::getPref($request->user(), 'twofactor'));`

			`if (!empty($twofactor)) {`
			`// user has 2fa enabled`
			`if (!$request->session()->get('twofactor')) {`
			`// verification is needed`
			`return redirect('/2fa');`
			`}`
			`}`
			`}`

			`return $next($request);`
			`}`
			`}`