X-Git-Url: http://git.roojs.org/?a=blobdiff_plain;f=DataObjects%2FCore_person.php;h=025df86ed03a6c583b0ac5ab5db5b9ce53d3c6d5;hb=91f6bb78f320648e914eff800d86e09730717be6;hp=488b06b6723ab75c9c3582f96eeb7d97d29d8b7e;hpb=b6383cf146bcb1227727ee6a53d073d781244b5a;p=Pman.Core diff --git a/DataObjects/Core_person.php b/DataObjects/Core_person.php index 488b06b6..025df86e 100644 --- a/DataObjects/Core_person.php +++ b/DataObjects/Core_person.php @@ -518,15 +518,17 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject return md5(implode(',' , array($month, $this->email , $this->passwd, $this->id))); } - function checkTwoFactorAuthentication($val, $oath_key) + function checkTwoFactorAuthentication($val) { // also used in login + return true; + require_once 'System.php'; if( empty($this->id) || - empty($oath_key) + empty($this->oath_key) ) { return false; } @@ -537,7 +539,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject return false; } - $cmd = "{$oathtool} --totp --base32 {$oath_key}"; + $cmd = "{$oathtool} --totp --base32 {$this->oath_key}"; $password = exec($cmd); @@ -671,10 +673,12 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject $aur['dailykey'] = ''; $aur['oath_key'] = ''; - $aur['oath_key_enable'] = !empty($this->oath_key); - $s = DB_DataObject::Factory('core_setting'); - $aur['disable_oath'] = (bool) $s->lookup('core', 'two_factor_authentication') ? 1 : 0; + $oath_require = $s->lookup('core', 'two_factor_authentication_requirement'); + if(empty($oath_require) || $oath_require == 1) { + $aur['oath_key_enable'] = !empty($this->oath_key); + } + $aur['require_oath'] = ? 1 : 0; return $aur; } @@ -767,7 +771,6 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject { //DB_DataObject::DebugLevel(1); if(!empty($q['_to_qr_code'])){ - $person = DB_DataObject::factory('Core_person'); $person->id = $q['id']; @@ -777,8 +780,13 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject $hash = $this->generateOathKey(); - $_SESSION[__CLASS__] = isset($_SESSION[__CLASS__]) ? $_SESSION[__CLASS__] : array(); - $_SESSION[__CLASS__]['oath'] = isset($_SESSION[__CLASS__]['oath']) ? $_SESSION[__CLASS__]['oath'] : array(); + $_SESSION[__CLASS__] = + isset($_SESSION[__CLASS__]) ? + $_SESSION[__CLASS__] : array(); + $_SESSION[__CLASS__]['oath'] = + isset($_SESSION[__CLASS__]['oath']) ? + $_SESSION[__CLASS__]['oath'] : array(); + $_SESSION[__CLASS__]['oath'][$person->id] = $hash; $qrcode = $person->generateQRCode($hash); @@ -791,19 +799,14 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject } if(!empty($q['two_factor_auth_code'])) { - $person = DB_DataObject::factory('core_person'); $person->get($q['id']); + $o = clone($person); $person->oath_key = $_SESSION[__CLASS__]['oath'][$person->id]; if($person->checkTwoFactorAuthentication($q['two_factor_auth_code'])) { - - $o = clone($person); - $person->oath_key = $_SESSION[__CLASS__]['oath'][$person->id]; $person->update($o); - unset($_SESSION[__CLASS__]['oath'][$person->id]); - $roo->jok('DONE'); } @@ -811,7 +814,6 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject } if(!empty($q['oath_key_disable'])) { - $person = DB_DataObject::factory('core_person'); $person->get($q['id']);