From 234bb6425021b72f0db71667191b2c36dc593791 Mon Sep 17 00:00:00 2001
From: Mario <mario@mariovavti.com>
Date: Wed, 8 Mar 2023 10:04:29 +0000
Subject: port totp mfa from streams with some adjustions

---
 Zotlabs/Module/Settings/Multifactor.php | 72 +++++++++++++++++++++++++++++++++
 1 file changed, 72 insertions(+)
 create mode 100644 Zotlabs/Module/Settings/Multifactor.php

(limited to 'Zotlabs/Module/Settings/Multifactor.php')

diff --git a/Zotlabs/Module/Settings/Multifactor.php b/Zotlabs/Module/Settings/Multifactor.php
new file mode 100644
index 000000000..e1d8e1c97
--- /dev/null
+++ b/Zotlabs/Module/Settings/Multifactor.php
@@ -0,0 +1,72 @@
+<?php
+
+namespace Zotlabs\Module\Settings;
+
+use App;
+use chillerlan\QRCode\QRCode;
+use Zotlabs\Lib\AConfig;
+use Zotlabs\Lib\System;
+use OTPHP\TOTP;
+use ParagonIE\ConstantTime\Base32;
+
+
+class Multifactor {
+	public function post() {
+		$account = App::get_account();
+		if (!$account) {
+			return;
+		}
+		$enable_mfa = isset($_POST['enable_mfa']) ? (int) $_POST['enable_mfa'] : false;
+		AConfig::Set($account['account_id'], 'system', 'mfa_enabled', $enable_mfa);
+	}
+
+	public function get() {
+		$account = App::get_account();
+		if (!$account) {
+			return '';
+		}
+
+		if (!$account['account_external']) {
+			$otp = TOTP::create();
+			$otp->setLabel($account['account_email']);
+			// $otp->setLabel(rawurlencode(System::get_platform_name()));
+			$otp->setIssuer(rawurlencode(System::get_platform_name()));
+
+			$mySecret = trim(Base32::encodeUpper(random_bytes(32)), '=');
+			$otp = TOTP::create($mySecret);
+			q("UPDATE account set account_external = '%s' where account_id = %d",
+				dbesc($otp->getSecret()),
+				intval($account['account_id'])
+			);
+			$account['account_external'] = $otp->getSecret();
+		}
+
+		$otp = TOTP::create($account['account_external']);
+		$otp->setLabel($account['account_email']);
+		$otp->setIssuer(rawurlencode(System::get_platform_name()));
+		$uri = $otp->getProvisioningUri();
+		return replace_macros(get_markup_template('totp_setup.tpl'),
+			[
+				'$form_security_token' => get_form_security_token("settings_mfa"),
+				'$title' => t('Multifactor Settings'),
+				'$totp_setup_text' => t('Multi-Factor Authentication Setup'),
+				'$secret_text' => t('This is your generated secret. This may be used in some cases if the QR image cannot be read. Please save it.'),
+				'$test_title' => t('Please enter the code from your authenticator'),
+				'$qrcode' => (new QRCode())->render($uri),
+				'$uri' => $uri,
+				'$secret' => ($account['account_external'] ?? ''),
+				'$test_pass' => t("That code is correct."),
+				'$test_fail' => t("Incorrect code."),
+				'$enable_mfa' => [
+					'enable_mfa',
+					t('Enable Multi-factor Authentication'),
+					AConfig::Get($account['account_id'], 'system', 'mfa_enabled'),
+					'',
+					[t('No'), t('Yes')]
+				],
+				'$submit' => t('Submit'),
+				'$test' => t('Test')
+			]
+		);
+	}
+}
-- 
cgit v1.2.3