X-Git-Url: http://git.roojs.org/?p=Pman.Core;a=blobdiff_plain;f=DataObjects%2FCore_person.php;h=0b1fbd4811712774341529cda7fcacee8b37a9b6;hp=4ad1289b0d30c5281e4d950555ffd986ada81da1;hb=3ba9134bf920dec152031a2ea6f75a572c4efe95;hpb=6d7d7a7170de349ebefccf2f958ce247dd8e1b48 diff --git a/DataObjects/Core_person.php b/DataObjects/Core_person.php index 4ad1289b..0b1fbd48 100644 --- a/DataObjects/Core_person.php +++ b/DataObjects/Core_person.php @@ -172,18 +172,13 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject // h embeds images here.. $body = $mime->get(); $headers = $mime->headers($headers); - } - - return array( 'recipients' => $recipents, 'headers' => $headers, 'body' => $body ); - - } @@ -195,10 +190,8 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject */ function sendTemplate($templateFile, $args) { - $ar = $this->buildMail($templateFile, $args); - //print_r($recipents);exit; $mailOptions = PEAR::getStaticProperty('Mail','options'); $mail = Mail::factory("SMTP",$mailOptions); @@ -211,7 +204,6 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject error_reporting($oe); return $ret; - } @@ -303,6 +295,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject $default_admin = false; if (!empty($ff->Pman['local_autoauth']) && ($ff->Pman['local_autoauth'] === true) && + ($_SERVER['PATH_INFO'] != '') && // auto-auth is disabled for home page (!empty($_SERVER['SERVER_ADDR'])) && ( ( @@ -314,6 +307,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject $_SERVER['SERVER_ADDR'] == '::1' && $_SERVER['REMOTE_ADDR'] == '::1' ) + ) ) { $group = DB_DataObject::factory('core_group'); @@ -528,9 +522,15 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject function checkTwoFactorAuthentication($val) { + + + // also used in login require_once 'System.php'; - if(empty($this->id)) { + if( + empty($this->id) || + empty($this->oath_key) + ) { return false; } @@ -540,13 +540,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject return false; } - $oath_key = $_SESSION[__CLASS__]['oath'][$this->id]; - - if(empty($oath_key)) { - return false; - } - - $cmd = "{$oathtool} --totp --base32 {$oath_key}"; + $cmd = "{$oathtool} --totp --base32 " . escapeshellarg($this->oath_key); $password = exec($cmd); @@ -681,9 +675,11 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject $aur['oath_key'] = ''; $aur['oath_key_enable'] = !empty($this->oath_key); + $aur['require_oath'] = 1; $s = DB_DataObject::Factory('core_setting'); - $aur['disable_oath'] = empty($s->lookup('core', 'two_factor_authentication')) ? 0 : 1; + $oath_require = $s->lookup('core', 'two_factor_authentication_requirement'); + $aur['require_oath'] = $oath_require ? $oath_require->val : 0; return $aur; } @@ -775,15 +771,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject function applyFilters($q, $au, $roo) { //DB_DataObject::DebugLevel(1); - if(!empty($q['_generate_oath_key'])){ - $o = clone($this); - $this->oath_key = $this->getOathKey(); - $this->update($o); - $roo->jok('OK'); - } - if(!empty($q['_to_qr_code'])){ - $person = DB_DataObject::factory('Core_person'); $person->id = $q['id']; @@ -791,8 +779,15 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject $roo->jerr('_invalid_person'); } - $hash = $this->getOathKey(); + $hash = $this->generateOathKey(); + $_SESSION[__CLASS__] = + isset($_SESSION[__CLASS__]) ? + $_SESSION[__CLASS__] : array(); + $_SESSION[__CLASS__]['oath'] = + isset($_SESSION[__CLASS__]['oath']) ? + $_SESSION[__CLASS__]['oath'] : array(); + $_SESSION[__CLASS__]['oath'][$person->id] = $hash; $qrcode = $person->generateQRCode($hash); @@ -805,21 +800,14 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject } if(!empty($q['two_factor_auth_code'])) { - $person = DB_DataObject::factory('core_person'); $person->get($q['id']); + $o = clone($person); + $person->oath_key = $_SESSION[__CLASS__]['oath'][$person->id]; - if($person->checkTwoFactorAuthentication( - $q['two_factor_auth_code'], - $oath_key - )) { - - $o = clone($person); - $person->oath_key = $_SESSION[__CLASS__]['oath'][$person->id]; + if($person->checkTwoFactorAuthentication($q['two_factor_auth_code'])) { $person->update($o); - unset($_SESSION[__CLASS__]['oath'][$person->id]); - $roo->jok('DONE'); } @@ -827,7 +815,6 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject } if(!empty($q['oath_key_disable'])) { - $person = DB_DataObject::factory('core_person'); $person->get($q['id']); @@ -1128,7 +1115,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject $this->setFrom($ar); if(!empty($ar['_enable_oath_key'])){ - $oath_key = $this->getOathKey(); + $oath_key = $this->generateOathKey(); } if (!empty($ar['passwd1'])) { @@ -1450,7 +1437,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject $this->email = trim($this->email); } - function getOathKey() + function generateOathKey() { require 'Base32.php';