projects / Pman.Core / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
DataObjects/Core_person.php
[Pman.Core] / DataObjects / Core_person.php
diff --git a/DataObjects/Core_person.php b/DataObjects/Core_person.php
index 9f39f3a..429ad62 100644 (file)
--- a/DataObjects/Core_person.php
+++ b/DataObjects/Core_person.php
@@ -518,15 +518,17 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         return md5(implode(',' ,  array($month, $this->email , $this->passwd, $this->id)));
     } 
     
-    function checkTwoFactorAuthentication($val, $oath_key)
+    function checkTwoFactorAuthentication($val)
     {
         // also used in login
         
+        return true;
+        
         require_once 'System.php';
         
         if(
             empty($this->id) ||
-            empty($oath_key)
+            empty($this->oath_key)
         ) {
             return false;
         }
@@ -537,7 +539,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
             return false;
         }
         
-        $cmd = "{$oathtool} --totp --base32 {$oath_key}";
+        $cmd = "{$oathtool} --totp --base32 {$this->oath_key}";
         
         $password = exec($cmd);
         
@@ -671,10 +673,13 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         $aur['dailykey'] = '';
         $aur['oath_key'] = '';
         
-        $aur['oath_key_enable'] = !empty($this->oath_key);
-        
         $s = DB_DataObject::Factory('core_setting');
-        $aur['disable_oath'] = (bool) $s->lookup('core', 'two_factor_authentication') ? 1 : 0;
+        $oath_require = $s->lookup('core', 'two_factor_authentication_requirement');
+        if(empty($oath_require) || $oath_require == 1) {
+            $aur['oath_key_enable'] = !empty($this->oath_key);
+            $aur['require_oath'] =  1;
+        }
+        
         
         return $aur;
     }
@@ -767,7 +772,6 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
     {
         //DB_DataObject::DebugLevel(1);
         if(!empty($q['_to_qr_code'])){
-            
             $person = DB_DataObject::factory('Core_person');
             $person->id = $q['id']; 
             
@@ -777,8 +781,13 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
             
             $hash = $this->generateOathKey();
             
-            $_SESSION[__CLASS__] = isset($_SESSION[__CLASS__]) ? $_SESSION[__CLASS__] : array();
-            $_SESSION[__CLASS__]['oath'] = isset($_SESSION[__CLASS__]['oath']) ? $_SESSION[__CLASS__]['oath'] : array();
+            $_SESSION[__CLASS__] = 
+                isset($_SESSION[__CLASS__]) ? 
+                    $_SESSION[__CLASS__] : array();
+            $_SESSION[__CLASS__]['oath'] = 
+                isset($_SESSION[__CLASS__]['oath']) ? 
+                    $_SESSION[__CLASS__]['oath'] : array();
+                
             $_SESSION[__CLASS__]['oath'][$person->id] = $hash;
 
             $qrcode = $person->generateQRCode($hash);
@@ -791,21 +800,14 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         }
         
         if(!empty($q['two_factor_auth_code'])) {
-            
             $person = DB_DataObject::factory('core_person');
             $person->get($q['id']);
+            $o = clone($person);
+            $person->oath_key = $_SESSION[__CLASS__]['oath'][$person->id];
             
-            if($person->checkTwoFactorAuthentication(
-                $q['two_factor_auth_code'],
-                $_SESSION[__CLASS__]['oath'][$person->id]
-            )) {
-                
-                $o = clone($person);
-                $person->oath_key = $_SESSION[__CLASS__]['oath'][$person->id];
+            if($person->checkTwoFactorAuthentication($q['two_factor_auth_code'])) {
                 $person->update($o);
-                
                 unset($_SESSION[__CLASS__]['oath'][$person->id]);
-                
                 $roo->jok('DONE');
             }
             
@@ -813,7 +815,6 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         }
         
         if(!empty($q['oath_key_disable'])) {
-            
             $person = DB_DataObject::factory('core_person');
             $person->get($q['id']);
             
Pman Core