return false;
}
-
- // local auth -
+ // local auth -
$default_admin = false;
if (!empty($ff->Pman['local_autoauth']) &&
($ff->Pman['local_autoauth'] === true) &&
)
)
) {
+
$group = DB_DataObject::factory('core_group');
$group->get('name', 'Administrators');
{
require_once 'System.php';
- if(empty($this->id)) {
- return false;
- }
-
$oathtool = System::which('oathtool');
if (!$oathtool) {
return false;
}
- $oath_key = $_SESSION[__CLASS__]['oath'][$this->id];
-
- if(empty($oath_key)) {
-
+ if(empty($this->oath_key)) {
+ return true;
}
- $cmd = "{$oathtool} --totp --base32 {$oath_key}";
+ $cmd = "{$oathtool} --totp --base32 " . escapeshellarg($this->oath_key);
$password = exec($cmd);
//DB_DataObject::DebugLevel(1);
if(!empty($q['_generate_oath_key'])){
$o = clone($this);
- $this->oath_key = $this->getOathKey();
+ $this->generateOathKey();
$this->update($o);
$roo->jok('OK');
}
+ // missing id for core_person mgmt
if(!empty($q['_to_qr_code'])){
- $person = DB_DataObject::factory('Core_person');
- $person->id = $q['id'];
-
- if(!$person->find(true)) {
- $roo->jerr('_invalid_person');
+ if($q['id'] == 'is_auth') {
+ $person = $this->getAuthUser();
+ } else {
+ $person = DB_DataObject::factory('Core_person');
+ $person->get($q['id']);
}
- $hash = $this->getOathKey();
+ $o = clone($person);
- $_SESSION[__CLASS__]['oath'][$person->id] = $hash;
-
- $qrcode = $person->generateQRCode($hash);
+ $person->generateOathKey();
+
+ $person->update($o);
+
+ $qrcode = $person->generateQRCode();
if(empty($qrcode)){
$roo->jerr('Fail to generate QR Code');
if(!empty($q['two_factor_auth_code'])) {
- $person = DB_DataObject::factory('core_person');
- $person->get($q['id']);
+ $person = $this;
+
+ if(isset($q['id'])) {
+ $person = DB_DataObject::factory('core_person');
+ $person->get($q['id']);
+ }
if($person->checkTwoFactorAuthentication($q['two_factor_auth_code'])) {
$roo->jok('DONE');
if(!empty($q['oath_key_disable'])) {
- $person = DB_DataObject::factory('core_person');
- $person->get($q['id']);
+ $person = $this->getAuthUser();
+
+ if(!empty($q['id'])) {
+ $person = DB_DataObject::factory('core_person');
+ $person->get($q['id']);
+ }
+
+ if(empty($person)) {
+ $roo->jerr('Please login to the system');
+ }
$o = clone($person);
$person->oath_key = '';
+
$person->update($o);
$roo->jok('DONE');
$this->setFrom($ar);
if(!empty($ar['_enable_oath_key'])){
- $oath_key = $this->getOathKey();
+ $this->generateOathKey();
}
if (!empty($ar['passwd1'])) {
$this->email = trim($this->email);
}
- function getOathKey()
+ function generateOathKey()
{
+ $hex = bin2hex(openssl_random_pseudo_bytes(10));
+
require 'Base32.php';
$base32 = new Base32();
- return $base32->base32_encode(bin2hex(openssl_random_pseudo_bytes(10)));
+ $this->oath_key = $base32->base32_encode($hex);
+
+ return $this->oath_key;
}
- function generateQRCode($hash)
+ function generateQRCode()
{
if(
empty($this->email) &&
- empty($hash)
+ empty($this->oath_key)
){
return false;
}
$issuer = (empty($this->name)) ?
rawurlencode('ROOJS') : rawurlencode($this->name);
- $uri = "otpauth://totp/{$issuer}:{$this->email}?secret={$hash}&issuer={$issuer}&algorithm=SHA1&digits=6&period=30";
+ $uri = "otpauth://totp/{$issuer}:{$this->email}?secret={$this->oath_key}&issuer={$issuer}&algorithm=SHA1&digits=6&period=30";
require_once 'Image/QRCode.php';