Cleanup + Login View
This commit is contained in:
@@ -1,13 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace Objects;
|
||||
|
||||
class KeyBasedTwoFactorToken extends TwoFactorToken {
|
||||
|
||||
const TYPE = "fido2";
|
||||
|
||||
public function __construct(string $secret, ?int $id = null, bool $confirmed = false) {
|
||||
parent::__construct(self::TYPE, $secret, $id, $confirmed);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,52 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace Objects;
|
||||
|
||||
use Base32\Base32;
|
||||
use chillerlan\QRCode\QRCode;
|
||||
use chillerlan\QRCode\QROptions;
|
||||
|
||||
class TimeBasedTwoFactorToken extends TwoFactorToken {
|
||||
|
||||
const TYPE = "totp";
|
||||
|
||||
public function __construct(string $secret, ?int $id = null, bool $confirmed = false) {
|
||||
parent::__construct(self::TYPE, $secret, $id, $confirmed);
|
||||
}
|
||||
|
||||
public function getUrl(User $user): string {
|
||||
$otpType = self::TYPE;
|
||||
$name = rawurlencode($user->getUsername());
|
||||
$settings = $user->getConfiguration()->getSettings();
|
||||
$urlArgs = [
|
||||
"secret" => $this->getSecret(),
|
||||
"issuer" => $settings->getSiteName(),
|
||||
];
|
||||
|
||||
$urlArgs = http_build_query($urlArgs);
|
||||
return "otpauth://$otpType/$name?$urlArgs";
|
||||
}
|
||||
|
||||
public function generateQRCode(User $user) {
|
||||
$options = new QROptions(['outputType' => QRCode::OUTPUT_IMAGE_PNG, "imageBase64" => false]);
|
||||
$qrcode = new QRCode($options);
|
||||
return $qrcode->render($this->getUrl($user));
|
||||
}
|
||||
|
||||
public function generate(?int $at = null, int $length = 6, int $period = 30): string {
|
||||
if ($at === null) {
|
||||
$at = time();
|
||||
}
|
||||
|
||||
$seed = intval($at / $period);
|
||||
$secret = Base32::decode($this->getSecret());
|
||||
$hmac = hash_hmac('sha1', pack("J", $seed), $secret, true);
|
||||
$offset = ord($hmac[-1]) & 0xF;
|
||||
$code = (unpack("N", substr($hmac, $offset, 4))[1] & 0x7fffffff) % intval(pow(10, $length));
|
||||
return substr(str_pad(strval($code), $length, "0", STR_PAD_LEFT), -1 * $length);
|
||||
}
|
||||
|
||||
public function verify(string $code): bool {
|
||||
return $this->generate() === $code;
|
||||
}
|
||||
}
|
||||
@@ -1,63 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace Objects;
|
||||
|
||||
abstract class TwoFactorToken extends ApiObject {
|
||||
|
||||
private ?int $id;
|
||||
private string $type;
|
||||
private string $secret;
|
||||
private bool $confirmed;
|
||||
private bool $authenticated;
|
||||
|
||||
public function __construct(string $type, string $secret, ?int $id = null, bool $confirmed = false) {
|
||||
$this->id = $id;
|
||||
$this->type = $type;
|
||||
$this->secret = $secret;
|
||||
$this->confirmed = $confirmed;
|
||||
$this->authenticated = $_SESSION["2faAuthenticated"] ?? false;
|
||||
}
|
||||
|
||||
public function jsonSerialize(): array {
|
||||
return [
|
||||
"id" => $this->id,
|
||||
"type" => $this->type,
|
||||
"confirmed" => $this->confirmed,
|
||||
"authenticated" => $this->authenticated,
|
||||
];
|
||||
}
|
||||
|
||||
public function authenticate() {
|
||||
$this->authenticated = true;
|
||||
$_SESSION["2faAuthenticated"] = true;
|
||||
}
|
||||
|
||||
public function getType(): string {
|
||||
return $this->type;
|
||||
}
|
||||
|
||||
public function getSecret(): string {
|
||||
return $this->secret;
|
||||
}
|
||||
|
||||
public function isConfirmed(): bool {
|
||||
return $this->confirmed;
|
||||
}
|
||||
|
||||
public function getId(): int {
|
||||
return $this->id;
|
||||
}
|
||||
|
||||
public static function newInstance(string $type, string $secret, ?int $id = null, bool $confirmed = false) {
|
||||
if ($type === TimeBasedTwoFactorToken::TYPE) {
|
||||
return new TimeBasedTwoFactorToken($secret, $id, $confirmed);
|
||||
} else {
|
||||
// TODO: error message
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
public function isAuthenticated(): bool {
|
||||
return $this->authenticated;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user