allow backup codes fot TOTP login

This commit is contained in:
Daniel Seifert 2019-07-28 00:07:16 +02:00
parent c3ba0c28b1
commit 2e9fca06c0
2 changed files with 24 additions and 24 deletions

View File

@ -121,14 +121,21 @@ class d3totp extends BaseModel
/** /**
* @return array * @return array
* @throws DatabaseConnectionException
*/ */
public function generateBackupCodes() public function generateBackupCodes()
{ {
$factory = new Factory(); $factory = new Factory();
$generator = $factory->getLowStrengthGenerator(); $generator = $factory->getLowStrengthGenerator();
for ($i = 0; $i < 10; $i++) { for ($i = 1; $i <= 10; $i++) {
$this->_backupCodes[] = $generator->generateString(6, Generator::CHAR_DIGITS); $sCode = $generator->generateString(6, Generator::CHAR_DIGITS);
$this->_backupCodes[] = $sCode;
$this->assign(
array(
'bc'.$i => $this->d3EncodeBC($sCode)
)
);
} }
return $this->_backupCodes; return $this->_backupCodes;
@ -213,39 +220,31 @@ class d3totp extends BaseModel
return $oDb->getOne($sSelect); return $oDb->getOne($sSelect);
} }
public function save()
{
$this->assign(
array(
'bc1' => $this->d3EncodeBC($this->_backupCodes[0]),
'bc2' => $this->d3EncodeBC($this->_backupCodes[1]),
'bc3' => $this->d3EncodeBC($this->_backupCodes[2]),
'bc4' => $this->d3EncodeBC($this->_backupCodes[3]),
'bc5' => $this->d3EncodeBC($this->_backupCodes[4]),
'bc6' => $this->d3EncodeBC($this->_backupCodes[5]),
'bc7' => $this->d3EncodeBC($this->_backupCodes[6]),
'bc8' => $this->d3EncodeBC($this->_backupCodes[7]),
'bc9' => $this->d3EncodeBC($this->_backupCodes[8]),
'bc10' => $this->d3EncodeBC($this->_backupCodes[9]),
)
);
return parent::save();
}
/** /**
* @param $totp * @param $totp
* @param $seed * @param $seed
* @return string * @return string
* @throws DatabaseConnectionException
* @throws d3totp_wrongOtpException * @throws d3totp_wrongOtpException
*/ */
public function verify($totp, $seed = null) public function verify($totp, $seed = null)
{ {
$blVerify = $this->getTotp($seed)->verify($totp, null, $this->timeWindow); $blVerify = $this->getTotp($seed)->verify($totp, null, $this->timeWindow);
if (false == $blVerify) {
$oDb = DatabaseProvider::getDb();
$aFields = array('bc1', 'bc2', 'bc3', 'bc4', 'bc5', 'bc6', 'bc7', 'bc8', 'bc9', 'bc10');
$query = "SELECT 1 FROM ".$this->getViewName().
" WHERE ".$oDb->quote($this->d3EncodeBC($totp))." IN (".implode(', ', array_map([$oDb, 'quoteIdentifier'], $aFields)).") AND ".
$oDb->quoteIdentifier("oxuserid") ." = ".$oDb->quote($this->getUser()->getId());
$blVerify = (bool) $oDb->getOne($query);
if (false == $blVerify) { if (false == $blVerify) {
$oException = oxNew(d3totp_wrongOtpException::class); $oException = oxNew(d3totp_wrongOtpException::class);
throw $oException; throw $oException;
} }
}
return $blVerify; return $blVerify;
} }

View File

@ -92,6 +92,7 @@ class d3_totp_LoginController extends d3_totp_LoginController_parent
* @param string $sTotp * @param string $sTotp
* @param d3totp $totp * @param d3totp $totp
* @return bool * @return bool
* @throws DatabaseConnectionException
* @throws d3totp_wrongOtpException * @throws d3totp_wrongOtpException
*/ */
public function hasValidTotp($sTotp, $totp) public function hasValidTotp($sTotp, $totp)