diff options
author | Mario <mario@mariovavti.com> | 2023-03-08 10:04:29 +0000 |
---|---|---|
committer | Mario <mario@mariovavti.com> | 2023-03-08 10:04:29 +0000 |
commit | 234bb6425021b72f0db71667191b2c36dc593791 (patch) | |
tree | 2966d68516cebae70d4a75aace9962a809532339 /Zotlabs | |
parent | d43a56614cd93982d19f4f82aae6e62f9ca533a9 (diff) | |
download | volse-hubzilla-234bb6425021b72f0db71667191b2c36dc593791.tar.gz volse-hubzilla-234bb6425021b72f0db71667191b2c36dc593791.tar.bz2 volse-hubzilla-234bb6425021b72f0db71667191b2c36dc593791.zip |
port totp mfa from streams with some adjustions
Diffstat (limited to 'Zotlabs')
-rw-r--r-- | Zotlabs/Module/Settings/Multifactor.php | 72 | ||||
-rw-r--r-- | Zotlabs/Module/Totp_check.php | 90 |
2 files changed, 162 insertions, 0 deletions
diff --git a/Zotlabs/Module/Settings/Multifactor.php b/Zotlabs/Module/Settings/Multifactor.php new file mode 100644 index 000000000..e1d8e1c97 --- /dev/null +++ b/Zotlabs/Module/Settings/Multifactor.php @@ -0,0 +1,72 @@ +<?php + +namespace Zotlabs\Module\Settings; + +use App; +use chillerlan\QRCode\QRCode; +use Zotlabs\Lib\AConfig; +use Zotlabs\Lib\System; +use OTPHP\TOTP; +use ParagonIE\ConstantTime\Base32; + + +class Multifactor { + public function post() { + $account = App::get_account(); + if (!$account) { + return; + } + $enable_mfa = isset($_POST['enable_mfa']) ? (int) $_POST['enable_mfa'] : false; + AConfig::Set($account['account_id'], 'system', 'mfa_enabled', $enable_mfa); + } + + public function get() { + $account = App::get_account(); + if (!$account) { + return ''; + } + + if (!$account['account_external']) { + $otp = TOTP::create(); + $otp->setLabel($account['account_email']); + // $otp->setLabel(rawurlencode(System::get_platform_name())); + $otp->setIssuer(rawurlencode(System::get_platform_name())); + + $mySecret = trim(Base32::encodeUpper(random_bytes(32)), '='); + $otp = TOTP::create($mySecret); + q("UPDATE account set account_external = '%s' where account_id = %d", + dbesc($otp->getSecret()), + intval($account['account_id']) + ); + $account['account_external'] = $otp->getSecret(); + } + + $otp = TOTP::create($account['account_external']); + $otp->setLabel($account['account_email']); + $otp->setIssuer(rawurlencode(System::get_platform_name())); + $uri = $otp->getProvisioningUri(); + return replace_macros(get_markup_template('totp_setup.tpl'), + [ + '$form_security_token' => get_form_security_token("settings_mfa"), + '$title' => t('Multifactor Settings'), + '$totp_setup_text' => t('Multi-Factor Authentication Setup'), + '$secret_text' => t('This is your generated secret. This may be used in some cases if the QR image cannot be read. Please save it.'), + '$test_title' => t('Please enter the code from your authenticator'), + '$qrcode' => (new QRCode())->render($uri), + '$uri' => $uri, + '$secret' => ($account['account_external'] ?? ''), + '$test_pass' => t("That code is correct."), + '$test_fail' => t("Incorrect code."), + '$enable_mfa' => [ + 'enable_mfa', + t('Enable Multi-factor Authentication'), + AConfig::Get($account['account_id'], 'system', 'mfa_enabled'), + '', + [t('No'), t('Yes')] + ], + '$submit' => t('Submit'), + '$test' => t('Test') + ] + ); + } +} diff --git a/Zotlabs/Module/Totp_check.php b/Zotlabs/Module/Totp_check.php new file mode 100644 index 000000000..3f6549382 --- /dev/null +++ b/Zotlabs/Module/Totp_check.php @@ -0,0 +1,90 @@ +<?php + +namespace Zotlabs\Module; + +use App; +use Zotlabs\Web\Controller; +use OTPHP\TOTP; + +class Totp_check extends Controller { + + public function post() { + $retval = ['status' => false]; + $static = $_POST['totp_code_static'] ?? false; + + if (!local_channel()) { + if ($static) { + goaway(z_root()); + } + + json_return_and_die($retval); + } + + $account = App::get_account(); + if (!$account) { + json_return_and_die($retval); + } + + $secret = $account['account_external']; + $input = (isset($_POST['totp_code'])) ? trim($_POST['totp_code']) : ''; + + if ($secret && $input) { + $otp = TOTP::create($secret); // create TOTP object from the secret. + if ($otp->verify($_POST['totp_code']) || $input === $secret ) { + logger('otp_success'); + $_SESSION['2FA_VERIFIED'] = true; + + if ($static) { + goaway(z_root()); + } + + $retval['status'] = true; + json_return_and_die($retval); + } + logger('otp_fail'); + } + + if ($static) { + if(empty($_SESSION['totp_try_count'])) { + $_SESSION['totp_try_count'] = 1; + } + + if ($_SESSION['totp_try_count'] > 2) { + goaway('logout'); + } + + $_SESSION['totp_try_count']++; + goaway(z_root()); + } + + json_return_and_die($retval); + } + + public function get() { + + if (!local_channel()) { + return; + } + + $account = App::get_account(); + if (!$account) { + return t('Account not found.'); + } + + $id = $account['account_email']; + + return replace_macros(get_markup_template('totp.tpl'), + [ + '$header' => t('Multifactor Verification'), + '$id' => $id, + '$desc' => t('Please enter the verification key from your authenticator app'), + //'$success' => t('Success!'), + //'$fail' => t('Invalid code, please try again.'), + //'$maxfails' => t('Too many invalid codes...'), + '$submit' => t('Verify'), + '$static' => $static + ] + ); + } +} + |