1 files changed, 36 insertions, 22 deletions

diff --git a/perllib/FixMyStreet/App.pm b/perllib/FixMyStreet/App.pm
index 36f736cd2..6a41d93a9 100644
--- a/perllib/FixMyStreet/App.pm
+++ b/perllib/FixMyStreet/App.pm
@@ -13,6 +13,7 @@ use FixMyStreet::Email::Sender;
 use FixMyStreet::PhotoStorage;
 use Utils;
 
+use FixMyStreet::Auth::GoogleAuth;
 use Path::Tiny 'path';
 use Try::Tiny;
 use Text::CSV;
@@ -21,12 +22,12 @@ use URI::QueryParam;
 
 use Catalyst (
     'Static::Simple',
-    'Unicode::Encoding',
     'Session',
     'Session::Store::DBIC',
     'Session::State::Cookie',    # FIXME - we're using our own override atm
     'Authentication',
     'SmartURI',
+    'FixMyStreet::Session::RotateSession',
     'FixMyStreet::Session::StoreSessions',
 );
 
@@ -34,6 +35,12 @@ extends 'Catalyst';
 
 our $VERSION = '0.01';
 
+my $store = {         # Catalyst::Authentication::Store::DBIx::Class
+    class => 'DBIx::Class',
+    user_model => 'DB::User',
+    store_user_class => 'Catalyst::Authentication::Store::FixMyStreetUser',
+};
+
 __PACKAGE__->config(
 
     # Use REQUEST_URI, not PATH_INFO, to infer path. This fixes an issue
@@ -46,8 +53,6 @@ __PACKAGE__->config(
 
     name => 'FixMyStreet::App',
 
-    encoding => 'UTF-8',
-
     # Disable deprecated behavior needed by old applications
     disable_component_resolution_regex_fallback => 1,
 
@@ -83,20 +88,14 @@ __PACKAGE__->config(
                   },
                 ],
             },
-            store => {         # Catalyst::Authentication::Store::DBIx::Class
-                class      => 'DBIx::Class',
-                user_model => 'DB::User',
-            },
+            store => $store,
         },
         no_password => {       # use post confirm etc
             credential => {    # Catalyst::Authentication::Credential::Password
                 class         => 'Password',
                 password_type => 'none',
             },
-            store => {         # Catalyst::Authentication::Store::DBIx::Class
-                class      => 'DBIx::Class',
-                user_model => 'DB::User',
-            },
+            store => $store,
         },
         access_token => {
             use_session => 0,
@@ -106,10 +105,7 @@ __PACKAGE__->config(
                 # This means the token has to be 18 characters long (as generated by AuthToken)
                 token_lookup => { like => "%access_token,T18:TOKEN,%" },
             },
-            store => {
-                class => 'DBIx::Class',
-                user_model => 'DB::User',
-            },
+            store => $store,
         },
     },
 );
@@ -203,7 +199,7 @@ sub setup_request {
     my $cobrand = $c->cobrand;
     FixMyStreet::DB->schema->cobrand($cobrand);
 
-    $cobrand->call_hook('add_response_headers');
+    $cobrand->add_response_headers;
 
     # append the cobrand templates to the include path
     $c->stash->{additional_template_paths} = $cobrand->path_to_web_templates;
@@ -346,7 +342,7 @@ sub send_email {
     my $template           = shift;
     my $extra_stash_values = shift || {};
 
-    my $sender = $c->config->{DO_NOT_REPLY_EMAIL};
+    my $sender = $c->cobrand->do_not_reply_email;
     my $email = $c->construct_email($template, $extra_stash_values) or return;
 
     my $result = 0;
@@ -364,7 +360,7 @@ sub construct_email {
     my ($c, $template, $extra_stash_values) = @_;
     $extra_stash_values //= {};
 
-    my $sender = $c->config->{DO_NOT_REPLY_EMAIL};
+    my $sender = $c->cobrand->do_not_reply_email;
     my $sender_name = $c->cobrand->contact_name;
 
     # create the vars to pass to the email template
@@ -372,11 +368,12 @@ sub construct_email {
     my $vars = {
         from => [ $sender, _($sender_name) ],
         %{ $c->stash },
-        %$extra_stash_values,
         additional_template_paths => \@include_path,
+        %$extra_stash_values,
     };
-    $vars->{site_name} = Utils::trim_text($c->view('Email')->render($c, 'site-name.txt', $vars));
-    $vars->{signature} = $c->view('Email')->render($c, 'signature.txt', $vars);
+    $vars->{site_name} = Utils::trim_text($c->view('EmailText')->render($c, 'site-name.txt', $vars));
+    $vars->{signature} = $c->view('EmailText')->render($c, 'signature.txt', $vars);
+    $vars->{staging} = FixMyStreet->config('STAGING_SITE');
 
     return if FixMyStreet::Email::is_abuser($c->model('DB')->schema, $vars->{to});
 
@@ -390,7 +387,7 @@ sub construct_email {
     $c->log->debug("Error compiling HTML $template: $@") if $@;
 
     my $data = {
-        _body_ => $c->view('Email')->render( $c, $template, $vars ),
+        _body_ => $c->view('EmailText')->render( $c, $template, $vars ),
         _attachments_ => $extra_stash_values->{attachments},
         From => $vars->{from},
         To => $vars->{to},
@@ -522,6 +519,23 @@ sub set_param {
     $c->req->params->{$param} = $value;
 }
 
+=head2 check_2fa
+
+Given a user's secret, verifies a submitted code.
+
+=cut
+
+sub check_2fa {
+    my ($c, $secret32) = @_;
+
+    if (my $code = $c->get_param('2fa_code')) {
+        my $auth = FixMyStreet::Auth::GoogleAuth->new;
+        return 1 if $auth->verify($code, 2, $secret32);
+        $c->stash->{incorrect_code} = 1;
+    }
+    return 0;
+}
+
 =head1 SEE ALSO
 
 L<FixMyStreet::App::Controller::Root>, L<Catalyst>