DataObjects/Core_person.php

[Pman.Core] / DataObjects / Core_person.php
diff --git a/DataObjects/Core_person.php b/DataObjects/Core_person.php

index 7f2e994..02d42ea 100644 (file)
--- a/DataObjects/Core_person.php
+++ b/DataObjects/Core_person.php
@@ -298,8 +298,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
              return false;
          }
          
-        
-        // local auth - 
+         // local auth - 
          $default_admin = false;
          if (!empty($ff->Pman['local_autoauth']) && 
              ($ff->Pman['local_autoauth'] === true) &&
@@ -316,6 +315,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
                  )
              )
          ) {
+            
              $group = DB_DataObject::factory('core_group');
              $group->get('name', 'Administrators');
              
@@ -536,14 +536,11 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
              return false;
          }
          
-        if(!isset($this->oath_key)) {
-            $au = $this->getAuthUser();
-            $oath_key = $au->oath_key;
-        } else {
-            $oath_key = $this->oath_key;
+        if(empty($this->oath_key)) {
+            return true;
          }
          
-        $cmd = "{$oathtool} --totp --base32 {$oath_key}";
+        $cmd = "{$oathtool} --totp --base32 " . escapeshellarg($this->oath_key);
          
          $password = exec($cmd);
          
@@ -771,25 +768,28 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
          //DB_DataObject::DebugLevel(1);
          if(!empty($q['_generate_oath_key'])){
              $o = clone($this);
-            $this->oath_key = $this->getOathKey();
+            $this->generateOathKey();
              $this->update($o);
              $roo->jok('OK');
          }
          
+        // missing id for core_person mgmt
          if(!empty($q['_to_qr_code'])){
              
-            $person = DB_DataObject::factory('Core_person');
-            $person->id = $q['id']; 
-            
-            if(!$person->find(true)) {
-                $roo->jerr('_invalid_person');
+            if($q['id'] == 'is_auth') {
+                $person = $this->getAuthUser();
+            } else {
+                $person = DB_DataObject::factory('Core_person');
+                $person->get($q['id']);
              }
              
-            $hash = $this->getOathKey();
+            $o = clone($person);
+            
+            $person->generateOathKey();
              
-            $_SESSION[] = $hash;
+            $person->update($o);
              
-            $qrcode = $person->generateQRCode($hash);
+            $qrcode = $person->generateQRCode();
              
              if(empty($qrcode)){
                  $roo->jerr('Fail to generate QR Code');
@@ -816,12 +816,21 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
          
          if(!empty($q['oath_key_disable'])) {
              
-            $person = DB_DataObject::factory('core_person');
-            $person->get($q['id']);
+            $person = $this->getAuthUser();
+            
+            if(!empty($q['id'])) {
+                $person = DB_DataObject::factory('core_person');
+                $person->get($q['id']);
+            }
+            
+            if(empty($person)) {
+                $roo->jerr('Please login to the system');
+            }
              
              $o = clone($person);
              
              $person->oath_key = '';
+            
              $person->update($o);
              
              $roo->jok('DONE');
@@ -1116,7 +1125,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
          $this->setFrom($ar);
          
          if(!empty($ar['_enable_oath_key'])){
-            $oath_key = $this->getOathKey();
+            $this->generateOathKey();
          }
          
          if (!empty($ar['passwd1'])) {
@@ -1438,13 +1447,17 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
          $this->email = trim($this->email);
      }
      
-    function getOathKey()
+    function generateOathKey()
      {
+        $hex = bin2hex(openssl_random_pseudo_bytes(10));
+        
          require 'Base32.php';
          
          $base32 = new Base32();
          
-        return $base32->base32_encode(bin2hex(openssl_random_pseudo_bytes(10)));
+        $this->oath_key = $base32->base32_encode($hex);
+        
+        return $this->oath_key;
      }
      
      function generateQRCode()