return false;
}
-
- // local auth -
+ // local auth -
$default_admin = false;
if (!empty($ff->Pman['local_autoauth']) &&
($ff->Pman['local_autoauth'] === true) &&
)
)
) {
+
$group = DB_DataObject::factory('core_group');
$group->get('name', 'Administrators');
return false;
}
- if(!isset($this->oath_key)) {
- $au = $this->getAuthUser();
- $oath_key = $au->oath_key;
- } else {
- $oath_key = $this->oath_key;
+ if(empty($this->oath_key)) {
+ return true;
}
- $cmd = "{$oathtool} --totp --base32 {$oath_key}";
+ $cmd = "{$oathtool} --totp --base32 " . escapeshellarg($this->oath_key);
$password = exec($cmd);
//DB_DataObject::DebugLevel(1);
if(!empty($q['_generate_oath_key'])){
$o = clone($this);
- $this->oath_key = $this->getOathKey();
+ $this->generateOathKey();
$this->update($o);
$roo->jok('OK');
}
+ // missing id for core_person mgmt
if(!empty($q['_to_qr_code'])){
if($q['id'] == 'is_auth') {
$o = clone($person);
- $person->oath_key = $this->getOathKey();
+ $person->generateOathKey();
$person->update($o);
if(!empty($q['oath_key_disable'])) {
- $person = DB_DataObject::factory('Core_person');
+ $person = $this->getAuthUser();
+
+ if(!empty($q['id'])) {
+ $person = DB_DataObject::factory('core_person');
+ $person->get($q['id']);
+ }
- $person->get($q['id']);
+ if(empty($person)) {
+ $roo->jerr('Please login to the system');
+ }
$o = clone($person);
$this->setFrom($ar);
if(!empty($ar['_enable_oath_key'])){
- $oath_key = $this->getOathKey();
+ $this->generateOathKey();
}
if (!empty($ar['passwd1'])) {
$this->email = trim($this->email);
}
- function getOathKey()
+ function generateOathKey()
{
+ $hex = bin2hex(openssl_random_pseudo_bytes(10));
+
require 'Base32.php';
$base32 = new Base32();
- return $base32->base32_encode(bin2hex(openssl_random_pseudo_bytes(10)));
+ $this->oath_key = $base32->base32_encode($hex);
+
+ return $this->oath_key;
}
function generateQRCode()