web-base/Core/Objects/TwoFactor/TimeBasedTwoFactorToken.class.php

68 lines
1.9 KiB
PHP
Raw Permalink Normal View History

2022-02-20 16:53:26 +01:00
<?php
2022-11-18 18:06:46 +01:00
namespace Core\Objects\TwoFactor;
2022-02-20 16:53:26 +01:00
use Base32\Base32;
use chillerlan\QRCode\QRCode;
use chillerlan\QRCode\QROptions;
2022-11-27 15:58:44 +01:00
use Core\Driver\SQL\SQL;
2022-11-18 18:06:46 +01:00
use Core\Objects\Context;
2023-01-16 21:47:23 +01:00
use Core\Objects\DatabaseEntity\Attribute\Visibility;
2022-11-18 18:06:46 +01:00
use Core\Objects\DatabaseEntity\TwoFactorToken;
2022-02-20 16:53:26 +01:00
class TimeBasedTwoFactorToken extends TwoFactorToken {
const TYPE = "totp";
2023-01-16 21:47:23 +01:00
#[Visibility(Visibility::NONE)]
2022-11-27 12:33:27 +01:00
private string $secret;
2022-02-20 16:53:26 +01:00
2022-06-20 19:52:31 +02:00
public function __construct(string $secret) {
parent::__construct(self::TYPE);
2022-02-20 16:53:26 +01:00
$this->secret = $secret;
}
2022-06-20 19:52:31 +02:00
protected function readData(string $data) {
$this->secret = $data;
}
public function getUrl(Context $context): string {
2022-02-20 16:53:26 +01:00
$otpType = self::TYPE;
2022-06-20 19:52:31 +02:00
$name = rawurlencode($context->getUser()->getUsername());
$settings = $context->getSettings();
2022-02-20 16:53:26 +01:00
$urlArgs = [
"secret" => $this->secret,
"issuer" => $settings->getSiteName(),
];
$urlArgs = http_build_query($urlArgs);
return "otpauth://$otpType/$name?$urlArgs";
}
2022-06-20 19:52:31 +02:00
public function generateQRCode(Context $context) {
2022-02-20 16:53:26 +01:00
$options = new QROptions(['outputType' => QRCode::OUTPUT_IMAGE_PNG, "imageBase64" => false]);
$qrcode = new QRCode($options);
2022-06-20 19:52:31 +02:00
return $qrcode->render($this->getUrl($context));
2022-02-20 16:53:26 +01:00
}
public function generate(?int $at = null, int $length = 6, int $period = 30): string {
if ($at === null) {
$at = time();
}
$seed = intval($at / $period);
$secret = Base32::decode($this->secret);
$hmac = hash_hmac('sha1', pack("J", $seed), $secret, true);
$offset = ord($hmac[-1]) & 0xF;
$code = (unpack("N", substr($hmac, $offset, 4))[1] & 0x7fffffff) % intval(pow(10, $length));
return substr(str_pad(strval($code), $length, "0", STR_PAD_LEFT), -1 * $length);
}
public function verify(string $code): bool {
return $this->generate() === $code;
}
public function getData(): string {
return $this->secret;
}
}