bifurqué depuis D3Public/oxtotp
make compatible to TOTP library v0.9, save password for decoding the seed
Cette révision appartient à :
Parent
0a528f993b
révision
ad2085c603
@ -27,6 +27,8 @@ use OxidEsales\Eshop\Core\Registry;
|
||||
|
||||
class d3totp extends BaseModel
|
||||
{
|
||||
const TOTP_SESSION_VARNAME = 'totp_auth';
|
||||
|
||||
public $tableName = 'd3totp';
|
||||
public $userId;
|
||||
public $totp;
|
||||
@ -89,6 +91,7 @@ class d3totp extends BaseModel
|
||||
public function getSavedSecret()
|
||||
{
|
||||
$secret = $this->getFieldData('seed');
|
||||
$sPwd = Registry::getSession()->getVariable('pwdTransmit');
|
||||
|
||||
if ($secret) {
|
||||
return $secret;
|
||||
@ -103,19 +106,38 @@ class d3totp extends BaseModel
|
||||
public function getTotp()
|
||||
{
|
||||
if (false == $this->totp) {
|
||||
$this->totp = oxNew(
|
||||
TOTP::class,
|
||||
$this->getUser()->getFieldData('oxusername')
|
||||
|
||||
if ($this->getTotpLibVersion() == 8) { // version 0.8 (< PHP 7.1)
|
||||
$this->totp = oxNew(
|
||||
TOTP::class,
|
||||
$this->getUser()->getFieldData('oxusername')
|
||||
? $this->getUser()->getFieldData('oxusername')
|
||||
: null,
|
||||
$this->getSavedSecret()
|
||||
);
|
||||
} else { // version 0.9 (>= PHP 7.1)
|
||||
$this->totp = TOTP::create($this->getSavedSecret());
|
||||
$this->totp->setLabel($this->getUser()->getFieldData('oxusername')
|
||||
? $this->getUser()->getFieldData('oxusername')
|
||||
: null,
|
||||
$this->getSavedSecret()
|
||||
);
|
||||
: null
|
||||
);
|
||||
}
|
||||
$this->totp->setIssuer(Registry::getConfig()->getActiveShop()->getFieldData('oxname'));
|
||||
}
|
||||
|
||||
return $this->totp;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return int
|
||||
*/
|
||||
public function getTotpLibVersion()
|
||||
{
|
||||
return method_exists(TOTP::class, 'create') ?
|
||||
9 :
|
||||
8;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return string
|
||||
*/
|
||||
|
@ -1,4 +1,5 @@
|
||||
[{if $request_totp}]
|
||||
<input autocomplete="false" name="hidden" type="text" style="display:none;">
|
||||
[{$oViewConf->getHiddenSid()}]
|
||||
|
||||
<input type="hidden" name="fnc" value="checklogin">
|
||||
|
@ -39,7 +39,7 @@ class d3_totp_LoginController extends d3_totp_LoginController_parent
|
||||
|
||||
if ($auth
|
||||
&& $totp->UserUseTotp()
|
||||
&& false == Registry::getSession()->getVariable("totp_auth")
|
||||
&& false == Registry::getSession()->getVariable(d3totp::TOTP_SESSION_VARNAME)
|
||||
) {
|
||||
// set auth as secured parameter;
|
||||
Registry::getSession()->setVariable("auth", $auth);
|
||||
@ -61,13 +61,17 @@ class d3_totp_LoginController extends d3_totp_LoginController_parent
|
||||
$totp = oxNew(d3totp::class);
|
||||
$totp->loadByUserId(Registry::getSession()->getVariable("auth"));
|
||||
|
||||
if (Registry::getRequest()->getRequestParameter('pwd')) {
|
||||
Registry::getSession()->setVariable('pwdTransmit', Registry::getRequest()->getRequestParameter('pwd'));
|
||||
}
|
||||
|
||||
$return = 'login';
|
||||
|
||||
try {
|
||||
if ($this->isNoTotpOrNoLogin($totp)) {
|
||||
$return = parent::checklogin();
|
||||
} elseif ($this->hasValidTotp($sTotp, $totp)) {
|
||||
Registry::getSession()->setVariable('totp_auth', $sTotp);
|
||||
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, $sTotp);
|
||||
$return = "admin_start";
|
||||
}
|
||||
} catch (d3totp_wrongOtpException $oEx) {
|
||||
@ -95,7 +99,7 @@ class d3_totp_LoginController extends d3_totp_LoginController_parent
|
||||
*/
|
||||
public function hasValidTotp($sTotp, $totp)
|
||||
{
|
||||
return Registry::getSession()->getVariable("totp_auth") ||
|
||||
return Registry::getSession()->getVariable(d3totp::TOTP_SESSION_VARNAME) ||
|
||||
(
|
||||
$sTotp && $totp->verify($sTotp)
|
||||
);
|
||||
|
@ -15,6 +15,7 @@
|
||||
|
||||
namespace D3\Totp\Modules\Application\Model;
|
||||
|
||||
use D3\Totp\Application\Model\d3totp;
|
||||
use OxidEsales\Eshop\Core\Registry;
|
||||
|
||||
class d3_totp_user extends d3_totp_user_parent
|
||||
@ -24,7 +25,7 @@ class d3_totp_user extends d3_totp_user_parent
|
||||
$return = parent::logout();
|
||||
|
||||
// deleting session info
|
||||
Registry::getSession()->deleteVariable('totp_auth');
|
||||
Registry::getSession()->deleteVariable(d3totp::TOTP_SESSION_VARNAME);
|
||||
|
||||
return $return;
|
||||
}
|
||||
|
@ -32,7 +32,7 @@ class d3_totp_utils extends d3_totp_utils_parent
|
||||
$blAuth = parent::checkAccessRights();
|
||||
|
||||
$userID = Registry::getSession()->getVariable("auth");
|
||||
$totpAuth = (bool) Registry::getSession()->getVariable("totp_auth");
|
||||
$totpAuth = (bool) Registry::getSession()->getVariable(d3totp::TOTP_SESSION_VARNAME);
|
||||
/** @var d3totp $totp */
|
||||
$totp = oxNew(d3totp::class);
|
||||
$totp->loadByUserId($userID);
|
||||
|
@ -81,7 +81,7 @@ $aModule = [
|
||||
// `OXID` CHAR(32) NOT NULL,
|
||||
// `OXUSERID` CHAR(32) NOT NULL,
|
||||
// `USETOTP` TINYINT(1) NOT NULL DEFAULT '0',
|
||||
// `SEED` VARCHAR(100) NOT NULL DEFAULT '0',
|
||||
// `SEED` VARCHAR(125) NOT NULL DEFAULT '0',
|
||||
// PRIMARY KEY (`OXID`),
|
||||
// UNIQUE INDEX `Schl<68>ssel 2` (`OXUSERID`)
|
||||
//)
|
||||
|
Chargement…
Référencer dans un nouveau ticket
Block a user