From: Alan Knowles Date: Fri, 12 Oct 2018 02:28:33 +0000 (+0800) Subject: Revert "DataObjects/Core_person.php" X-Git-Url: http://git.roojs.org/?p=Pman.Core;a=commitdiff_plain;h=e44ecdfc0138e3faaba30d90579175092eef0c92 Revert "DataObjects/Core_person.php" This reverts commit 87e1e363bb54a2af01f83a62e0623bc700913e53. --- diff --git a/DataObjects/Core_person.php b/DataObjects/Core_person.php index 02d42ea4..db086ddf 100644 --- a/DataObjects/Core_person.php +++ b/DataObjects/Core_person.php @@ -172,18 +172,13 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject // h embeds images here.. $body = $mime->get(); $headers = $mime->headers($headers); - } - - return array( 'recipients' => $recipents, 'headers' => $headers, 'body' => $body ); - - } @@ -195,10 +190,8 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject */ function sendTemplate($templateFile, $args) { - $ar = $this->buildMail($templateFile, $args); - //print_r($recipents);exit; $mailOptions = PEAR::getStaticProperty('Mail','options'); $mail = Mail::factory("SMTP",$mailOptions); @@ -211,7 +204,6 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject error_reporting($oe); return $ret; - } @@ -298,7 +290,8 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject return false; } - // local auth - + + // local auth - $default_admin = false; if (!empty($ff->Pman['local_autoauth']) && ($ff->Pman['local_autoauth'] === true) && @@ -315,7 +308,6 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject ) ) ) { - $group = DB_DataObject::factory('core_group'); $group->get('name', 'Administrators'); @@ -528,19 +520,23 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject function checkTwoFactorAuthentication($val) { + // also used in login require_once 'System.php'; + if( + empty($this->id) || + empty($this->oath_key) + ) { + return false; + } + $oathtool = System::which('oathtool'); if (!$oathtool) { return false; } - if(empty($this->oath_key)) { - return true; - } - - $cmd = "{$oathtool} --totp --base32 " . escapeshellarg($this->oath_key); + $cmd = "{$oathtool} --totp --base32 {$this->oath_key}"; $password = exec($cmd); @@ -675,6 +671,16 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject $aur['oath_key'] = ''; $aur['oath_key_enable'] = !empty($this->oath_key); + $aur['require_oath'] = 1; + + $s = DB_DataObject::Factory('core_setting'); + $oath_require = $s->lookup('core', 'two_factor_authentication_requirement'); + + if(!empty($oath_require)) { + if($oath_require->val == 0) { + $aur['require_oath'] = 0; + } + } return $aur; } @@ -766,30 +772,26 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject function applyFilters($q, $au, $roo) { //DB_DataObject::DebugLevel(1); - if(!empty($q['_generate_oath_key'])){ - $o = clone($this); - $this->generateOathKey(); - $this->update($o); - $roo->jok('OK'); - } - - // missing id for core_person mgmt if(!empty($q['_to_qr_code'])){ + $person = DB_DataObject::factory('Core_person'); + $person->id = $q['id']; - if($q['id'] == 'is_auth') { - $person = $this->getAuthUser(); - } else { - $person = DB_DataObject::factory('Core_person'); - $person->get($q['id']); + if(!$person->find(true)) { + $roo->jerr('_invalid_person'); } - $o = clone($person); - - $person->generateOathKey(); + $hash = $this->generateOathKey(); - $person->update($o); - - $qrcode = $person->generateQRCode(); + $_SESSION[__CLASS__] = + isset($_SESSION[__CLASS__]) ? + $_SESSION[__CLASS__] : array(); + $_SESSION[__CLASS__]['oath'] = + isset($_SESSION[__CLASS__]['oath']) ? + $_SESSION[__CLASS__]['oath'] : array(); + + $_SESSION[__CLASS__]['oath'][$person->id] = $hash; + + $qrcode = $person->generateQRCode($hash); if(empty($qrcode)){ $roo->jerr('Fail to generate QR Code'); @@ -799,15 +801,14 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject } if(!empty($q['two_factor_auth_code'])) { - - $person = $this; - - if(isset($q['id'])) { - $person = DB_DataObject::factory('core_person'); - $person->get($q['id']); - } + $person = DB_DataObject::factory('core_person'); + $person->get($q['id']); + $o = clone($person); + $person->oath_key = $_SESSION[__CLASS__]['oath'][$person->id]; if($person->checkTwoFactorAuthentication($q['two_factor_auth_code'])) { + $person->update($o); + unset($_SESSION[__CLASS__]['oath'][$person->id]); $roo->jok('DONE'); } @@ -815,22 +816,12 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject } if(!empty($q['oath_key_disable'])) { - - $person = $this->getAuthUser(); - - if(!empty($q['id'])) { - $person = DB_DataObject::factory('core_person'); - $person->get($q['id']); - } - - if(empty($person)) { - $roo->jerr('Please login to the system'); - } + $person = DB_DataObject::factory('core_person'); + $person->get($q['id']); $o = clone($person); $person->oath_key = ''; - $person->update($o); $roo->jok('DONE'); @@ -1125,7 +1116,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject $this->setFrom($ar); if(!empty($ar['_enable_oath_key'])){ - $this->generateOathKey(); + $oath_key = $this->generateOathKey(); } if (!empty($ar['passwd1'])) { @@ -1449,22 +1440,18 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject function generateOathKey() { - $hex = bin2hex(openssl_random_pseudo_bytes(10)); - require 'Base32.php'; $base32 = new Base32(); - $this->oath_key = $base32->base32_encode($hex); - - return $this->oath_key; + return $base32->base32_encode(bin2hex(openssl_random_pseudo_bytes(10))); } - function generateQRCode() + function generateQRCode($hash) { if( empty($this->email) && - empty($this->oath_key) + empty($hash) ){ return false; } @@ -1472,7 +1459,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject $issuer = (empty($this->name)) ? rawurlencode('ROOJS') : rawurlencode($this->name); - $uri = "otpauth://totp/{$issuer}:{$this->email}?secret={$this->oath_key}&issuer={$issuer}&algorithm=SHA1&digits=6&period=30"; + $uri = "otpauth://totp/{$issuer}:{$this->email}?secret={$hash}&issuer={$issuer}&algorithm=SHA1&digits=6&period=30"; require_once 'Image/QRCode.php';