D3Public/oxtotp
8
0
Fork 1
Code Pull Requests Releases Activity

make compatible to TOTP library v0.9, save password for decoding the seed

Browse Source
This commit is contained in:
Daniel Seifert
2018-10-19 00:32:59 +02:00
parent 0a528f993b
commit ad2085c603
6 changed files with 40 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/Modules/Application/Controller/Admin/d3_totp_LoginController.php
View File

@ -39,7 +39,7 @@ class d3_totp_LoginController extends d3_totp_LoginController_parent
if ($auth
&& $totp->UserUseTotp()
&& false == Registry::getSession()->getVariable("totp_auth")
&& false == Registry::getSession()->getVariable(d3totp::TOTP_SESSION_VARNAME)
) {
// set auth as secured parameter;
Registry::getSession()->setVariable("auth", $auth);
@ -61,13 +61,17 @@ class d3_totp_LoginController extends d3_totp_LoginController_parent
$totp = oxNew(d3totp::class);
$totp->loadByUserId(Registry::getSession()->getVariable("auth"));
if (Registry::getRequest()->getRequestParameter('pwd')) {
Registry::getSession()->setVariable('pwdTransmit', Registry::getRequest()->getRequestParameter('pwd'));
}
$return = 'login';
try {
if ($this->isNoTotpOrNoLogin($totp)) {
$return = parent::checklogin();
} elseif ($this->hasValidTotp($sTotp, $totp)) {
Registry::getSession()->setVariable('totp_auth', $sTotp);
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, $sTotp);
$return = "admin_start";
}
} catch (d3totp_wrongOtpException $oEx) {
@ -95,7 +99,7 @@ class d3_totp_LoginController extends d3_totp_LoginController_parent
*/
public function hasValidTotp($sTotp, $totp)
{
return Registry::getSession()->getVariable("totp_auth") ||
return Registry::getSession()->getVariable(d3totp::TOTP_SESSION_VARNAME) ||
(
$sTotp && $totp->verify($sTotp)
);