projects
/
Pman.Core
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
DataObjects/Core_person.php
[Pman.Core]
/
DataObjects
/
Core_person.php
diff --git
a/DataObjects/Core_person.php
b/DataObjects/Core_person.php
index
15c86c6
..
0b1fbd4
100644
(file)
--- a/
DataObjects/Core_person.php
+++ b/
DataObjects/Core_person.php
@@
-295,6
+295,7
@@
class Pman_Core_DataObjects_Core_person extends DB_DataObject
$default_admin = false;
if (!empty($ff->Pman['local_autoauth']) &&
($ff->Pman['local_autoauth'] === true) &&
$default_admin = false;
if (!empty($ff->Pman['local_autoauth']) &&
($ff->Pman['local_autoauth'] === true) &&
+ ($_SERVER['PATH_INFO'] != '') && // auto-auth is disabled for home page
(!empty($_SERVER['SERVER_ADDR'])) &&
(
(
(!empty($_SERVER['SERVER_ADDR'])) &&
(
(
@@
-306,6
+307,7
@@
class Pman_Core_DataObjects_Core_person extends DB_DataObject
$_SERVER['SERVER_ADDR'] == '::1' &&
$_SERVER['REMOTE_ADDR'] == '::1'
)
$_SERVER['SERVER_ADDR'] == '::1' &&
$_SERVER['REMOTE_ADDR'] == '::1'
)
+
)
) {
$group = DB_DataObject::factory('core_group');
)
) {
$group = DB_DataObject::factory('core_group');
@@
-518,15
+520,16
@@
class Pman_Core_DataObjects_Core_person extends DB_DataObject
return md5(implode(',' , array($month, $this->email , $this->passwd, $this->id)));
}
return md5(implode(',' , array($month, $this->email , $this->passwd, $this->id)));
}
- function checkTwoFactorAuthentication($val
, $oath_key
)
+ function checkTwoFactorAuthentication($val)
{
{
- // also used in login
+
+ // also used in login
require_once 'System.php';
if(
empty($this->id) ||
require_once 'System.php';
if(
empty($this->id) ||
- empty($oath_key)
+ empty($
this->
oath_key)
) {
return false;
}
) {
return false;
}
@@
-537,7
+540,7
@@
class Pman_Core_DataObjects_Core_person extends DB_DataObject
return false;
}
return false;
}
- $cmd = "{$oathtool} --totp --base32
{$oath_key}"
;
+ $cmd = "{$oathtool} --totp --base32
" . escapeshellarg($this->oath_key)
;
$password = exec($cmd);
$password = exec($cmd);
@@
-672,9
+675,11
@@
class Pman_Core_DataObjects_Core_person extends DB_DataObject
$aur['oath_key'] = '';
$aur['oath_key_enable'] = !empty($this->oath_key);
$aur['oath_key'] = '';
$aur['oath_key_enable'] = !empty($this->oath_key);
+ $aur['require_oath'] = 1;
$s = DB_DataObject::Factory('core_setting');
$s = DB_DataObject::Factory('core_setting');
- $aur['disable_oath'] = empty($s->lookup('core', 'two_factor_authentication')) ? 0 : 1;
+ $oath_require = $s->lookup('core', 'two_factor_authentication_requirement');
+ $aur['require_oath'] = $oath_require ? $oath_require->val : 0;
return $aur;
}
return $aur;
}
@@
-766,15
+771,7
@@
class Pman_Core_DataObjects_Core_person extends DB_DataObject
function applyFilters($q, $au, $roo)
{
//DB_DataObject::DebugLevel(1);
function applyFilters($q, $au, $roo)
{
//DB_DataObject::DebugLevel(1);
- if(!empty($q['_generate_oath_key'])){
- $o = clone($this);
- $this->oath_key = $this->getOathKey();
- $this->update($o);
- $roo->jok('OK');
- }
-
if(!empty($q['_to_qr_code'])){
if(!empty($q['_to_qr_code'])){
-
$person = DB_DataObject::factory('Core_person');
$person->id = $q['id'];
$person = DB_DataObject::factory('Core_person');
$person->id = $q['id'];
@@
-782,8
+779,15
@@
class Pman_Core_DataObjects_Core_person extends DB_DataObject
$roo->jerr('_invalid_person');
}
$roo->jerr('_invalid_person');
}
- $hash = $this->ge
t
OathKey();
+ $hash = $this->ge
nerate
OathKey();
+ $_SESSION[__CLASS__] =
+ isset($_SESSION[__CLASS__]) ?
+ $_SESSION[__CLASS__] : array();
+ $_SESSION[__CLASS__]['oath'] =
+ isset($_SESSION[__CLASS__]['oath']) ?
+ $_SESSION[__CLASS__]['oath'] : array();
+
$_SESSION[__CLASS__]['oath'][$person->id] = $hash;
$qrcode = $person->generateQRCode($hash);
$_SESSION[__CLASS__]['oath'][$person->id] = $hash;
$qrcode = $person->generateQRCode($hash);
@@
-796,21
+800,14
@@
class Pman_Core_DataObjects_Core_person extends DB_DataObject
}
if(!empty($q['two_factor_auth_code'])) {
}
if(!empty($q['two_factor_auth_code'])) {
-
$person = DB_DataObject::factory('core_person');
$person->get($q['id']);
$person = DB_DataObject::factory('core_person');
$person->get($q['id']);
+ $o = clone($person);
+ $person->oath_key = $_SESSION[__CLASS__]['oath'][$person->id];
- if($person->checkTwoFactorAuthentication(
- $q['two_factor_auth_code'],
- $_SESSION[__CLASS__]['oath'][$person->id]
- )) {
-
- $o = clone($person);
- $person->oath_key = $_SESSION[__CLASS__]['oath'][$person->id];
+ if($person->checkTwoFactorAuthentication($q['two_factor_auth_code'])) {
$person->update($o);
$person->update($o);
-
unset($_SESSION[__CLASS__]['oath'][$person->id]);
unset($_SESSION[__CLASS__]['oath'][$person->id]);
-
$roo->jok('DONE');
}
$roo->jok('DONE');
}
@@
-818,7
+815,6
@@
class Pman_Core_DataObjects_Core_person extends DB_DataObject
}
if(!empty($q['oath_key_disable'])) {
}
if(!empty($q['oath_key_disable'])) {
-
$person = DB_DataObject::factory('core_person');
$person->get($q['id']);
$person = DB_DataObject::factory('core_person');
$person->get($q['id']);
@@
-1119,7
+1115,7
@@
class Pman_Core_DataObjects_Core_person extends DB_DataObject
$this->setFrom($ar);
if(!empty($ar['_enable_oath_key'])){
$this->setFrom($ar);
if(!empty($ar['_enable_oath_key'])){
- $oath_key = $this->ge
t
OathKey();
+ $oath_key = $this->ge
nerate
OathKey();
}
if (!empty($ar['passwd1'])) {
}
if (!empty($ar['passwd1'])) {
@@
-1441,7
+1437,7
@@
class Pman_Core_DataObjects_Core_person extends DB_DataObject
$this->email = trim($this->email);
}
$this->email = trim($this->email);
}
- function ge
t
OathKey()
+ function ge
nerate
OathKey()
{
require 'Base32.php';
{
require 'Base32.php';