make compatible to TOTP library v0.9, save password for decoding the seed

This commit is contained in:
Daniel Seifert 2018-10-19 00:32:59 +02:00
bovenliggende 0a528f993b
commit ad2085c603
6 gewijzigde bestanden met toevoegingen van 40 en 12 verwijderingen

Bestand weergeven

@ -27,6 +27,8 @@ use OxidEsales\Eshop\Core\Registry;
class d3totp extends BaseModel
{
const TOTP_SESSION_VARNAME = 'totp_auth';
public $tableName = 'd3totp';
public $userId;
public $totp;
@ -89,6 +91,7 @@ class d3totp extends BaseModel
public function getSavedSecret()
{
$secret = $this->getFieldData('seed');
$sPwd = Registry::getSession()->getVariable('pwdTransmit');
if ($secret) {
return $secret;
@ -103,19 +106,38 @@ class d3totp extends BaseModel
public function getTotp()
{
if (false == $this->totp) {
$this->totp = oxNew(
TOTP::class,
$this->getUser()->getFieldData('oxusername')
if ($this->getTotpLibVersion() == 8) { // version 0.8 (< PHP 7.1)
$this->totp = oxNew(
TOTP::class,
$this->getUser()->getFieldData('oxusername')
? $this->getUser()->getFieldData('oxusername')
: null,
$this->getSavedSecret()
);
} else { // version 0.9 (>= PHP 7.1)
$this->totp = TOTP::create($this->getSavedSecret());
$this->totp->setLabel($this->getUser()->getFieldData('oxusername')
? $this->getUser()->getFieldData('oxusername')
: null,
$this->getSavedSecret()
);
: null
);
}
$this->totp->setIssuer(Registry::getConfig()->getActiveShop()->getFieldData('oxname'));
}
return $this->totp;
}
/**
* @return int
*/
public function getTotpLibVersion()
{
return method_exists(TOTP::class, 'create') ?
9 :
8;
}
/**
* @return string
*/

Bestand weergeven

@ -1,4 +1,5 @@
[{if $request_totp}]
<input autocomplete="false" name="hidden" type="text" style="display:none;">
[{$oViewConf->getHiddenSid()}]
<input type="hidden" name="fnc" value="checklogin">

Bestand weergeven

@ -39,7 +39,7 @@ class d3_totp_LoginController extends d3_totp_LoginController_parent
if ($auth
&& $totp->UserUseTotp()
&& false == Registry::getSession()->getVariable("totp_auth")
&& false == Registry::getSession()->getVariable(d3totp::TOTP_SESSION_VARNAME)
) {
// set auth as secured parameter;
Registry::getSession()->setVariable("auth", $auth);
@ -61,13 +61,17 @@ class d3_totp_LoginController extends d3_totp_LoginController_parent
$totp = oxNew(d3totp::class);
$totp->loadByUserId(Registry::getSession()->getVariable("auth"));
if (Registry::getRequest()->getRequestParameter('pwd')) {
Registry::getSession()->setVariable('pwdTransmit', Registry::getRequest()->getRequestParameter('pwd'));
}
$return = 'login';
try {
if ($this->isNoTotpOrNoLogin($totp)) {
$return = parent::checklogin();
} elseif ($this->hasValidTotp($sTotp, $totp)) {
Registry::getSession()->setVariable('totp_auth', $sTotp);
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, $sTotp);
$return = "admin_start";
}
} catch (d3totp_wrongOtpException $oEx) {
@ -95,7 +99,7 @@ class d3_totp_LoginController extends d3_totp_LoginController_parent
*/
public function hasValidTotp($sTotp, $totp)
{
return Registry::getSession()->getVariable("totp_auth") ||
return Registry::getSession()->getVariable(d3totp::TOTP_SESSION_VARNAME) ||
(
$sTotp && $totp->verify($sTotp)
);

Bestand weergeven

@ -15,6 +15,7 @@
namespace D3\Totp\Modules\Application\Model;
use D3\Totp\Application\Model\d3totp;
use OxidEsales\Eshop\Core\Registry;
class d3_totp_user extends d3_totp_user_parent
@ -24,7 +25,7 @@ class d3_totp_user extends d3_totp_user_parent
$return = parent::logout();
// deleting session info
Registry::getSession()->deleteVariable('totp_auth');
Registry::getSession()->deleteVariable(d3totp::TOTP_SESSION_VARNAME);
return $return;
}

Bestand weergeven

@ -32,7 +32,7 @@ class d3_totp_utils extends d3_totp_utils_parent
$blAuth = parent::checkAccessRights();
$userID = Registry::getSession()->getVariable("auth");
$totpAuth = (bool) Registry::getSession()->getVariable("totp_auth");
$totpAuth = (bool) Registry::getSession()->getVariable(d3totp::TOTP_SESSION_VARNAME);
/** @var d3totp $totp */
$totp = oxNew(d3totp::class);
$totp->loadByUserId($userID);

Bestand weergeven

@ -81,7 +81,7 @@ $aModule = [
// `OXID` CHAR(32) NOT NULL,
// `OXUSERID` CHAR(32) NOT NULL,
// `USETOTP` TINYINT(1) NOT NULL DEFAULT '0',
// `SEED` VARCHAR(100) NOT NULL DEFAULT '0',
// `SEED` VARCHAR(125) NOT NULL DEFAULT '0',
// PRIMARY KEY (`OXID`),
// UNIQUE INDEX `Schl<68>ssel 2` (`OXUSERID`)
//)