aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2023-03-08 10:04:29 +0000
committerMario <mario@mariovavti.com>2023-03-08 10:04:29 +0000
commit234bb6425021b72f0db71667191b2c36dc593791 (patch)
tree2966d68516cebae70d4a75aace9962a809532339 /Zotlabs
parentd43a56614cd93982d19f4f82aae6e62f9ca533a9 (diff)
downloadvolse-hubzilla-234bb6425021b72f0db71667191b2c36dc593791.tar.gz
volse-hubzilla-234bb6425021b72f0db71667191b2c36dc593791.tar.bz2
volse-hubzilla-234bb6425021b72f0db71667191b2c36dc593791.zip
port totp mfa from streams with some adjustions
Diffstat (limited to 'Zotlabs')
-rw-r--r--Zotlabs/Module/Settings/Multifactor.php72
-rw-r--r--Zotlabs/Module/Totp_check.php90
2 files changed, 162 insertions, 0 deletions
diff --git a/Zotlabs/Module/Settings/Multifactor.php b/Zotlabs/Module/Settings/Multifactor.php
new file mode 100644
index 000000000..e1d8e1c97
--- /dev/null
+++ b/Zotlabs/Module/Settings/Multifactor.php
@@ -0,0 +1,72 @@
+<?php
+
+namespace Zotlabs\Module\Settings;
+
+use App;
+use chillerlan\QRCode\QRCode;
+use Zotlabs\Lib\AConfig;
+use Zotlabs\Lib\System;
+use OTPHP\TOTP;
+use ParagonIE\ConstantTime\Base32;
+
+
+class Multifactor {
+ public function post() {
+ $account = App::get_account();
+ if (!$account) {
+ return;
+ }
+ $enable_mfa = isset($_POST['enable_mfa']) ? (int) $_POST['enable_mfa'] : false;
+ AConfig::Set($account['account_id'], 'system', 'mfa_enabled', $enable_mfa);
+ }
+
+ public function get() {
+ $account = App::get_account();
+ if (!$account) {
+ return '';
+ }
+
+ if (!$account['account_external']) {
+ $otp = TOTP::create();
+ $otp->setLabel($account['account_email']);
+ // $otp->setLabel(rawurlencode(System::get_platform_name()));
+ $otp->setIssuer(rawurlencode(System::get_platform_name()));
+
+ $mySecret = trim(Base32::encodeUpper(random_bytes(32)), '=');
+ $otp = TOTP::create($mySecret);
+ q("UPDATE account set account_external = '%s' where account_id = %d",
+ dbesc($otp->getSecret()),
+ intval($account['account_id'])
+ );
+ $account['account_external'] = $otp->getSecret();
+ }
+
+ $otp = TOTP::create($account['account_external']);
+ $otp->setLabel($account['account_email']);
+ $otp->setIssuer(rawurlencode(System::get_platform_name()));
+ $uri = $otp->getProvisioningUri();
+ return replace_macros(get_markup_template('totp_setup.tpl'),
+ [
+ '$form_security_token' => get_form_security_token("settings_mfa"),
+ '$title' => t('Multifactor Settings'),
+ '$totp_setup_text' => t('Multi-Factor Authentication Setup'),
+ '$secret_text' => t('This is your generated secret. This may be used in some cases if the QR image cannot be read. Please save it.'),
+ '$test_title' => t('Please enter the code from your authenticator'),
+ '$qrcode' => (new QRCode())->render($uri),
+ '$uri' => $uri,
+ '$secret' => ($account['account_external'] ?? ''),
+ '$test_pass' => t("That code is correct."),
+ '$test_fail' => t("Incorrect code."),
+ '$enable_mfa' => [
+ 'enable_mfa',
+ t('Enable Multi-factor Authentication'),
+ AConfig::Get($account['account_id'], 'system', 'mfa_enabled'),
+ '',
+ [t('No'), t('Yes')]
+ ],
+ '$submit' => t('Submit'),
+ '$test' => t('Test')
+ ]
+ );
+ }
+}
diff --git a/Zotlabs/Module/Totp_check.php b/Zotlabs/Module/Totp_check.php
new file mode 100644
index 000000000..3f6549382
--- /dev/null
+++ b/Zotlabs/Module/Totp_check.php
@@ -0,0 +1,90 @@
+<?php
+
+namespace Zotlabs\Module;
+
+use App;
+use Zotlabs\Web\Controller;
+use OTPHP\TOTP;
+
+class Totp_check extends Controller {
+
+ public function post() {
+ $retval = ['status' => false];
+ $static = $_POST['totp_code_static'] ?? false;
+
+ if (!local_channel()) {
+ if ($static) {
+ goaway(z_root());
+ }
+
+ json_return_and_die($retval);
+ }
+
+ $account = App::get_account();
+ if (!$account) {
+ json_return_and_die($retval);
+ }
+
+ $secret = $account['account_external'];
+ $input = (isset($_POST['totp_code'])) ? trim($_POST['totp_code']) : '';
+
+ if ($secret && $input) {
+ $otp = TOTP::create($secret); // create TOTP object from the secret.
+ if ($otp->verify($_POST['totp_code']) || $input === $secret ) {
+ logger('otp_success');
+ $_SESSION['2FA_VERIFIED'] = true;
+
+ if ($static) {
+ goaway(z_root());
+ }
+
+ $retval['status'] = true;
+ json_return_and_die($retval);
+ }
+ logger('otp_fail');
+ }
+
+ if ($static) {
+ if(empty($_SESSION['totp_try_count'])) {
+ $_SESSION['totp_try_count'] = 1;
+ }
+
+ if ($_SESSION['totp_try_count'] > 2) {
+ goaway('logout');
+ }
+
+ $_SESSION['totp_try_count']++;
+ goaway(z_root());
+ }
+
+ json_return_and_die($retval);
+ }
+
+ public function get() {
+
+ if (!local_channel()) {
+ return;
+ }
+
+ $account = App::get_account();
+ if (!$account) {
+ return t('Account not found.');
+ }
+
+ $id = $account['account_email'];
+
+ return replace_macros(get_markup_template('totp.tpl'),
+ [
+ '$header' => t('Multifactor Verification'),
+ '$id' => $id,
+ '$desc' => t('Please enter the verification key from your authenticator app'),
+ //'$success' => t('Success!'),
+ //'$fail' => t('Invalid code, please try again.'),
+ //'$maxfails' => t('Too many invalid codes...'),
+ '$submit' => t('Verify'),
+ '$static' => $static
+ ]
+ );
+ }
+}
+