projects
/
Pman.Core
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
DataObjects/Core_person.php
[Pman.Core]
/
DataObjects
/
Core_person.php
diff --git
a/DataObjects/Core_person.php
b/DataObjects/Core_person.php
index
05e6020
..
f2cb1fd
100644
(file)
--- a/
DataObjects/Core_person.php
+++ b/
DataObjects/Core_person.php
@@
-172,18
+172,13
@@
class Pman_Core_DataObjects_Core_person extends DB_DataObject
// h embeds images here..
$body = $mime->get();
$headers = $mime->headers($headers);
// h embeds images here..
$body = $mime->get();
$headers = $mime->headers($headers);
-
}
}
-
-
return array(
'recipients' => $recipents,
'headers' => $headers,
'body' => $body
);
return array(
'recipients' => $recipents,
'headers' => $headers,
'body' => $body
);
-
-
}
}
@@
-195,10
+190,8
@@
class Pman_Core_DataObjects_Core_person extends DB_DataObject
*/
function sendTemplate($templateFile, $args)
{
*/
function sendTemplate($templateFile, $args)
{
-
$ar = $this->buildMail($templateFile, $args);
$ar = $this->buildMail($templateFile, $args);
-
//print_r($recipents);exit;
$mailOptions = PEAR::getStaticProperty('Mail','options');
$mail = Mail::factory("SMTP",$mailOptions);
//print_r($recipents);exit;
$mailOptions = PEAR::getStaticProperty('Mail','options');
$mail = Mail::factory("SMTP",$mailOptions);
@@
-211,7
+204,6
@@
class Pman_Core_DataObjects_Core_person extends DB_DataObject
error_reporting($oe);
return $ret;
error_reporting($oe);
return $ret;
-
}
}
@@
-528,22
+520,24
@@
class Pman_Core_DataObjects_Core_person extends DB_DataObject
function checkTwoFactorAuthentication($val)
{
function checkTwoFactorAuthentication($val)
{
+ // also used in login
+
require_once 'System.php';
require_once 'System.php';
+ if(
+ empty($this->id) ||
+ empty($this->oath_key)
+ ) {
+ return false;
+ }
+
$oathtool = System::which('oathtool');
if (!$oathtool) {
return false;
}
$oathtool = System::which('oathtool');
if (!$oathtool) {
return false;
}
- if(!isset($this->oath_key)) {
- $au = $this->getAuthUser();
- $oath_key = $au->oath_key;
- } else {
- $oath_key = $this->oath_key;
- }
-
- $cmd = "{$oathtool} --totp --base32 {$oath_key}";
+ $cmd = "{$oathtool} --totp --base32 {$this->oath_key}";
$password = exec($cmd);
$password = exec($cmd);
@@
-679,6
+673,11
@@
class Pman_Core_DataObjects_Core_person extends DB_DataObject
$aur['oath_key_enable'] = !empty($this->oath_key);
$aur['oath_key_enable'] = !empty($this->oath_key);
+ $s = DB_DataObject::Factory('core_setting');
+ $oath_require = $s->lookup('core', 'two_factor_authentication_requirement');
+
+ $aur['disable_oath'] = (bool) ? 1 : 0;
+
return $aur;
}
return $aur;
}
@@
-769,15
+768,7
@@
class Pman_Core_DataObjects_Core_person extends DB_DataObject
function applyFilters($q, $au, $roo)
{
//DB_DataObject::DebugLevel(1);
function applyFilters($q, $au, $roo)
{
//DB_DataObject::DebugLevel(1);
- if(!empty($q['_generate_oath_key'])){
- $o = clone($this);
- $this->oath_key = $this->getOathKey();
- $this->update($o);
- $roo->jok('OK');
- }
-
if(!empty($q['_to_qr_code'])){
if(!empty($q['_to_qr_code'])){
-
$person = DB_DataObject::factory('Core_person');
$person->id = $q['id'];
$person = DB_DataObject::factory('Core_person');
$person->id = $q['id'];
@@
-785,12
+776,17
@@
class Pman_Core_DataObjects_Core_person extends DB_DataObject
$roo->jerr('_invalid_person');
}
$roo->jerr('_invalid_person');
}
- $hash = $this->ge
t
OathKey();
+ $hash = $this->ge
nerate
OathKey();
+ $_SESSION[__CLASS__] =
+ isset($_SESSION[__CLASS__]) ?
+ $_SESSION[__CLASS__] : array();
+ $_SESSION[__CLASS__]['oath'] =
+ isset($_SESSION[__CLASS__]['oath']) ?
+ $_SESSION[__CLASS__]['oath'] : array();
+
$_SESSION[__CLASS__]['oath'][$person->id] = $hash;
$_SESSION[__CLASS__]['oath'][$person->id] = $hash;
-
- print_r($_SESSION);exit;
-
+
$qrcode = $person->generateQRCode($hash);
if(empty($qrcode)){
$qrcode = $person->generateQRCode($hash);
if(empty($qrcode)){
@@
-801,15
+797,14
@@
class Pman_Core_DataObjects_Core_person extends DB_DataObject
}
if(!empty($q['two_factor_auth_code'])) {
}
if(!empty($q['two_factor_auth_code'])) {
-
- $person = $this;
-
- if(isset($q['id'])) {
- $person = DB_DataObject::factory('core_person');
- $person->get($q['id']);
- }
+ $person = DB_DataObject::factory('core_person');
+ $person->get($q['id']);
+ $o = clone($person);
+ $person->oath_key = $_SESSION[__CLASS__]['oath'][$person->id];
if($person->checkTwoFactorAuthentication($q['two_factor_auth_code'])) {
if($person->checkTwoFactorAuthentication($q['two_factor_auth_code'])) {
+ $person->update($o);
+ unset($_SESSION[__CLASS__]['oath'][$person->id]);
$roo->jok('DONE');
}
$roo->jok('DONE');
}
@@
-817,7
+812,6
@@
class Pman_Core_DataObjects_Core_person extends DB_DataObject
}
if(!empty($q['oath_key_disable'])) {
}
if(!empty($q['oath_key_disable'])) {
-
$person = DB_DataObject::factory('core_person');
$person->get($q['id']);
$person = DB_DataObject::factory('core_person');
$person->get($q['id']);
@@
-1118,7
+1112,7
@@
class Pman_Core_DataObjects_Core_person extends DB_DataObject
$this->setFrom($ar);
if(!empty($ar['_enable_oath_key'])){
$this->setFrom($ar);
if(!empty($ar['_enable_oath_key'])){
- $oath_key = $this->ge
t
OathKey();
+ $oath_key = $this->ge
nerate
OathKey();
}
if (!empty($ar['passwd1'])) {
}
if (!empty($ar['passwd1'])) {
@@
-1440,7
+1434,7
@@
class Pman_Core_DataObjects_Core_person extends DB_DataObject
$this->email = trim($this->email);
}
$this->email = trim($this->email);
}
- function ge
t
OathKey()
+ function ge
nerate
OathKey()
{
require 'Base32.php';
{
require 'Base32.php';
@@
-1453,7
+1447,7
@@
class Pman_Core_DataObjects_Core_person extends DB_DataObject
{
if(
empty($this->email) &&
{
if(
empty($this->email) &&
- empty($
this->oath_key
)
+ empty($
hash
)
){
return false;
}
){
return false;
}
@@
-1461,7
+1455,7
@@
class Pman_Core_DataObjects_Core_person extends DB_DataObject
$issuer = (empty($this->name)) ?
rawurlencode('ROOJS') : rawurlencode($this->name);
$issuer = (empty($this->name)) ?
rawurlencode('ROOJS') : rawurlencode($this->name);
- $uri = "otpauth://totp/{$issuer}:{$this->email}?secret={$
this->oath_key
}&issuer={$issuer}&algorithm=SHA1&digits=6&period=30";
+ $uri = "otpauth://totp/{$issuer}:{$this->email}?secret={$
hash
}&issuer={$issuer}&algorithm=SHA1&digits=6&period=30";
require_once 'Image/QRCode.php';
require_once 'Image/QRCode.php';