DataObjects/Core_person.php

[Pman.Core] / DataObjects / Core_person.php

diff --git a/DataObjects/Core_person.php b/DataObjects/Core_person.php
index 7b71f3c..629edd6 100644 (file)
--- a/DataObjects/Core_person.php
+++ b/DataObjects/Core_person.php
@@ -291,12 +291,12 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         }
         
         
-        // local auth - 
-        $default_admin = false;
-        if (!empty($ff->Pman['local_autoauth']) && 
-            ($ff->Pman['local_autoauth'] === true) &&
-            (!empty($_SERVER['SERVER_ADDR'])) &&
-            (
+        $auto_auth_allow = false;
+        if (!empty($ff->Pman['local_autoauth']) && $ff->Pman['local_autoauth'] === true) {
+            $auto_auth_allow  = true;
+        }
+        if  (
+                (!empty($_SERVER['SERVER_ADDR'])) &&
                 (
                     $_SERVER['SERVER_ADDR'] == '127.0.0.1' &&
                     $_SERVER['REMOTE_ADDR'] == '127.0.0.1'
@@ -306,8 +306,19 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
                     $_SERVER['SERVER_ADDR'] == '::1' &&
                     $_SERVER['REMOTE_ADDR'] == '::1'
                 )
-            )
-        ) {
+                
+            ){
+            $auto_auth_allow  = true;
+        }
+        
+        
+        if (empty($_SERVER['PATH_INFO']) || $_SERVER['PATH_INFO'] == '/Login') {
+            $auto_auth_allow  = false;
+        }
+        
+        // local auth - 
+        $default_admin = false;
+        if ($auto_auth_allow) {
             $group = DB_DataObject::factory('core_group');
             $group->get('name', 'Administrators');
             
@@ -329,7 +340,8 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         $u = DB_DataObject::factory($this->tableName());
         $ff = HTML_FlexyFramework::get();
         
-        if (!empty($ff->Pman['local_autoauth']) && 
+        if (!empty($ff->Pman['local_autoauth']) &&
+            ($ff->Pman['local_autoauth'] === true) &&
             (!empty($_SERVER['SERVER_ADDR'])) &&
             (
                 (
@@ -520,8 +532,9 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
     
     function checkTwoFactorAuthentication($val)
     {
-        // also used in login
         
+        
+        // also used in login
         require_once 'System.php';
         
         if(
@@ -537,7 +550,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
             return false;
         }
         
-        $cmd = "{$oathtool} --totp --base32 {$this->oath_key}";
+        $cmd = "{$oathtool} --totp --base32 " . escapeshellarg($this->oath_key);
         
         $password = exec($cmd);
         
@@ -672,9 +685,11 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         $aur['oath_key'] = '';
         
         $aur['oath_key_enable'] = !empty($this->oath_key);
+        $aur['require_oath'] = 1;
         
         $s = DB_DataObject::Factory('core_setting');
-        $aur['disable_oath'] = (bool) $s->lookup('core', 'two_factor_authentication') ? 1 : 0;
+        $oath_require = $s->lookup('core', 'two_factor_authentication_requirement');
+        $aur['require_oath'] = $oath_require ?  $oath_require->val : 0;
         
         return $aur;
     }
@@ -767,7 +782,6 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
     {
         //DB_DataObject::DebugLevel(1);
         if(!empty($q['_to_qr_code'])){
-            
             $person = DB_DataObject::factory('Core_person');
             $person->id = $q['id']; 
             
@@ -811,7 +825,6 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         }
         
         if(!empty($q['oath_key_disable'])) {
-            
             $person = DB_DataObject::factory('core_person');
             $person->get($q['id']);