web-base/core/Objects/TwoFactor/TimeBasedTwoFactorToken.class.php

<?php

namespace Objects\TwoFactor;

use Base32\Base32;
use chillerlan\QRCode\QRCode;
use chillerlan\QRCode\QROptions;
use Objects\User;

class TimeBasedTwoFactorToken extends TwoFactorToken {

  const TYPE = "totp";
  private string $secret;

  public function __construct(string $secret, ?int $id = null, bool $confirmed = false) {
    parent::__construct(self::TYPE, $id, $confirmed);
    $this->secret = $secret;
  }

  public function getUrl(User $user): string {
    $otpType = self::TYPE;
    $name = rawurlencode($user->getUsername());
    $settings = $user->getConfiguration()->getSettings();
    $urlArgs = [
      "secret" => $this->secret,
      "issuer" => $settings->getSiteName(),
    ];

    $urlArgs = http_build_query($urlArgs);
    return "otpauth://$otpType/$name?$urlArgs";
  }

  public function generateQRCode(User $user) {
    $options = new QROptions(['outputType' => QRCode::OUTPUT_IMAGE_PNG, "imageBase64" => false]);
    $qrcode = new QRCode($options);
    return $qrcode->render($this->getUrl($user));
  }

  public function generate(?int $at = null, int $length = 6, int $period = 30): string {
    if ($at === null) {
      $at = time();
    }

    $seed = intval($at / $period);
    $secret =  Base32::decode($this->secret);
    $hmac = hash_hmac('sha1', pack("J", $seed), $secret, true);
    $offset = ord($hmac[-1]) & 0xF;
    $code = (unpack("N", substr($hmac, $offset, 4))[1] & 0x7fffffff) % intval(pow(10, $length));
    return substr(str_pad(strval($code), $length, "0", STR_PAD_LEFT), -1 * $length);
  }

  public function verify(string $code): bool {
    return $this->generate() === $code;
  }

  public function getData(): string {
    return $this->secret;
  }
}
Core Update 1.4.0 2022-02-20 16:53:26 +01:00			`<?php`

			`namespace Objects\TwoFactor;`

			`use Base32\Base32;`
			`use chillerlan\QRCode\QRCode;`
			`use chillerlan\QRCode\QROptions;`
			`use Objects\User;`

			`class TimeBasedTwoFactorToken extends TwoFactorToken {`

			`const TYPE = "totp";`
			`private string $secret;`

			`public function __construct(string $secret, ?int $id = null, bool $confirmed = false) {`
			`parent::__construct(self::TYPE, $id, $confirmed);`
			`$this->secret = $secret;`
			`}`

			`public function getUrl(User $user): string {`
			`$otpType = self::TYPE;`
			`$name = rawurlencode($user->getUsername());`
			`$settings = $user->getConfiguration()->getSettings();`
			`$urlArgs = [`
			`"secret" => $this->secret,`
			`"issuer" => $settings->getSiteName(),`
			`];`

			`$urlArgs = http_build_query($urlArgs);`
			`return "otpauth://$otpType/$name?$urlArgs";`
			`}`

			`public function generateQRCode(User $user) {`
			`$options = new QROptions(['outputType' => QRCode::OUTPUT_IMAGE_PNG, "imageBase64" => false]);`
			`$qrcode = new QRCode($options);`
			`return $qrcode->render($this->getUrl($user));`
			`}`

			`public function generate(?int $at = null, int $length = 6, int $period = 30): string {`
			`if ($at === null) {`
			`$at = time();`
			`}`

			`$seed = intval($at / $period);`
			`$secret = Base32::decode($this->secret);`
			`$hmac = hash_hmac('sha1', pack("J", $seed), $secret, true);`
			`$offset = ord($hmac[-1]) & 0xF;`
			`$code = (unpack("N", substr($hmac, $offset, 4))[1] & 0x7fffffff) % intval(pow(10, $length));`
			`return substr(str_pad(strval($code), $length, "0", STR_PAD_LEFT), -1 * $length);`
			`}`

			`public function verify(string $code): bool {`
			`return $this->generate() === $code;`
			`}`

			`public function getData(): string {`
			`return $this->secret;`
			`}`
			`}`