X-Git-Url: http://git.roojs.org/?a=blobdiff_plain;f=DataObjects%2FCore_person.php;h=025df86ed03a6c583b0ac5ab5db5b9ce53d3c6d5;hb=91f6bb78f320648e914eff800d86e09730717be6;hp=6637d1cb1f641ab2ff60174ce36b9e0a4cbd35af;hpb=42a0fe37ac12b475ceae2faac59f178b86a227f7;p=Pman.Core

diff --git a/DataObjects/Core_person.php b/DataObjects/Core_person.php
index 6637d1cb..025df86e 100644
--- a/DataObjects/Core_person.php
+++ b/DataObjects/Core_person.php
@@ -172,18 +172,13 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
             // h embeds images here..
             $body = $mime->get();
             $headers = $mime->headers($headers);
-            
         }
         
-         
-        
         return array(
             'recipients' => $recipents,
             'headers'    => $headers,
             'body'      => $body
         );
-        
-        
     }
     
     
@@ -195,10 +190,8 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
      */
     function sendTemplate($templateFile, $args)
     {
-        
         $ar = $this->buildMail($templateFile, $args);
       
-        
         //print_r($recipents);exit;
         $mailOptions = PEAR::getStaticProperty('Mail','options');
         $mail = Mail::factory("SMTP",$mailOptions);
@@ -211,7 +204,6 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         error_reporting($oe);
        
         return $ret;
-    
     }
     
   
@@ -528,9 +520,16 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
     
     function checkTwoFactorAuthentication($val)
     {
+        // also used in login
+        
+        return true;
+        
         require_once 'System.php';
         
-        if(empty($this->id)) {
+        if(
+            empty($this->id) ||
+            empty($this->oath_key)
+        ) {
             return false;
         }
         
@@ -540,13 +539,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
             return false;
         }
         
-        $oath_key = $_SESSION[__CLASS__]['oath'][$this->id];
-        
-        if(empty($oath_key)) {
-            return false;
-        }
-        
-        $cmd = "{$oathtool} --totp --base32 {$oath_key}";
+        $cmd = "{$oathtool} --totp --base32 {$this->oath_key}";
         
         $password = exec($cmd);
         
@@ -680,7 +673,12 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         $aur['dailykey'] = '';
         $aur['oath_key'] = '';
         
-        $aur['oath_key_enable'] = !empty($this->oath_key);
+        $s = DB_DataObject::Factory('core_setting');
+        $oath_require = $s->lookup('core', 'two_factor_authentication_requirement');
+        if(empty($oath_require) || $oath_require == 1) {
+            $aur['oath_key_enable'] = !empty($this->oath_key);
+        }
+        $aur['require_oath'] =  ? 1 : 0;
         
         return $aur;
     }
@@ -772,15 +770,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
     function applyFilters($q, $au, $roo)
     {
         //DB_DataObject::DebugLevel(1);
-        if(!empty($q['_generate_oath_key'])){
-            $o = clone($this);
-            $this->oath_key = $this->getOathKey();
-            $this->update($o);
-            $roo->jok('OK');
-        }
-        
         if(!empty($q['_to_qr_code'])){
-            
             $person = DB_DataObject::factory('Core_person');
             $person->id = $q['id']; 
             
@@ -788,8 +778,15 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
                 $roo->jerr('_invalid_person');
             }
             
-            $hash = $this->getOathKey();
+            $hash = $this->generateOathKey();
             
+            $_SESSION[__CLASS__] = 
+                isset($_SESSION[__CLASS__]) ? 
+                    $_SESSION[__CLASS__] : array();
+            $_SESSION[__CLASS__]['oath'] = 
+                isset($_SESSION[__CLASS__]['oath']) ? 
+                    $_SESSION[__CLASS__]['oath'] : array();
+                
             $_SESSION[__CLASS__]['oath'][$person->id] = $hash;
 
             $qrcode = $person->generateQRCode($hash);
@@ -802,18 +799,14 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         }
         
         if(!empty($q['two_factor_auth_code'])) {
-            
             $person = DB_DataObject::factory('core_person');
             $person->get($q['id']);
+            $o = clone($person);
+            $person->oath_key = $_SESSION[__CLASS__]['oath'][$person->id];
             
             if($person->checkTwoFactorAuthentication($q['two_factor_auth_code'])) {
-                
-                $o = clone($person);
-                $person->oath_key = $_SESSION[__CLASS__]['oath'][$person->id];
                 $person->update($o);
-                
                 unset($_SESSION[__CLASS__]['oath'][$person->id]);
-                
                 $roo->jok('DONE');
             }
             
@@ -821,7 +814,6 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         }
         
         if(!empty($q['oath_key_disable'])) {
-            
             $person = DB_DataObject::factory('core_person');
             $person->get($q['id']);
             
@@ -1122,7 +1114,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         $this->setFrom($ar);
         
         if(!empty($ar['_enable_oath_key'])){
-            $oath_key = $this->getOathKey();
+            $oath_key = $this->generateOathKey();
         }
         
         if (!empty($ar['passwd1'])) {
@@ -1444,7 +1436,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         $this->email = trim($this->email);
     }
     
-    function getOathKey()
+    function generateOathKey()
     {
         require 'Base32.php';