v2.0-alpha
This commit is contained in:
@@ -3,18 +3,19 @@
|
||||
namespace Objects\TwoFactor;
|
||||
|
||||
use Cose\Algorithm\Signature\ECDSA\ECSignature;
|
||||
use Objects\DatabaseEntity\Attribute\Transient;
|
||||
use Objects\DatabaseEntity\TwoFactorToken;
|
||||
|
||||
class KeyBasedTwoFactorToken extends TwoFactorToken {
|
||||
|
||||
const TYPE = "fido";
|
||||
|
||||
private ?string $challenge;
|
||||
private ?string $credentialId;
|
||||
private ?PublicKey $publicKey;
|
||||
#[Transient] private ?string $challenge;
|
||||
#[Transient] private ?string $credentialId;
|
||||
#[Transient] private ?PublicKey $publicKey;
|
||||
|
||||
public function __construct(string $data, ?int $id = null, bool $confirmed = false) {
|
||||
parent::__construct(self::TYPE, $id, $confirmed);
|
||||
if (!$confirmed) {
|
||||
protected function readData(string $data) {
|
||||
if ($this->isConfirmed()) {
|
||||
$this->challenge = base64_decode($data);
|
||||
$this->credentialId = null;
|
||||
$this->publicKey = null;
|
||||
@@ -34,7 +35,7 @@ class KeyBasedTwoFactorToken extends TwoFactorToken {
|
||||
return $this->publicKey;
|
||||
}
|
||||
|
||||
public function getCredentialId() {
|
||||
public function getCredentialId(): ?string {
|
||||
return $this->credentialId;
|
||||
}
|
||||
|
||||
|
||||
@@ -5,22 +5,29 @@ namespace Objects\TwoFactor;
|
||||
use Base32\Base32;
|
||||
use chillerlan\QRCode\QRCode;
|
||||
use chillerlan\QRCode\QROptions;
|
||||
use Objects\User;
|
||||
use Objects\Context;
|
||||
use Objects\DatabaseEntity\Attribute\Transient;
|
||||
use Objects\DatabaseEntity\TwoFactorToken;
|
||||
use Objects\DatabaseEntity\User;
|
||||
|
||||
class TimeBasedTwoFactorToken extends TwoFactorToken {
|
||||
|
||||
const TYPE = "totp";
|
||||
private string $secret;
|
||||
#[Transient] private string $secret;
|
||||
|
||||
public function __construct(string $secret, ?int $id = null, bool $confirmed = false) {
|
||||
parent::__construct(self::TYPE, $id, $confirmed);
|
||||
public function __construct(string $secret) {
|
||||
parent::__construct(self::TYPE);
|
||||
$this->secret = $secret;
|
||||
}
|
||||
|
||||
public function getUrl(User $user): string {
|
||||
protected function readData(string $data) {
|
||||
$this->secret = $data;
|
||||
}
|
||||
|
||||
public function getUrl(Context $context): string {
|
||||
$otpType = self::TYPE;
|
||||
$name = rawurlencode($user->getUsername());
|
||||
$settings = $user->getConfiguration()->getSettings();
|
||||
$name = rawurlencode($context->getUser()->getUsername());
|
||||
$settings = $context->getSettings();
|
||||
$urlArgs = [
|
||||
"secret" => $this->secret,
|
||||
"issuer" => $settings->getSiteName(),
|
||||
@@ -30,10 +37,10 @@ class TimeBasedTwoFactorToken extends TwoFactorToken {
|
||||
return "otpauth://$otpType/$name?$urlArgs";
|
||||
}
|
||||
|
||||
public function generateQRCode(User $user) {
|
||||
public function generateQRCode(Context $context) {
|
||||
$options = new QROptions(['outputType' => QRCode::OUTPUT_IMAGE_PNG, "imageBase64" => false]);
|
||||
$qrcode = new QRCode($options);
|
||||
return $qrcode->render($this->getUrl($user));
|
||||
return $qrcode->render($this->getUrl($context));
|
||||
}
|
||||
|
||||
public function generate(?int $at = null, int $length = 6, int $period = 30): string {
|
||||
|
||||
@@ -1,62 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace Objects\TwoFactor;
|
||||
use Objects\ApiObject;
|
||||
|
||||
abstract class TwoFactorToken extends ApiObject {
|
||||
|
||||
private ?int $id;
|
||||
private string $type;
|
||||
private bool $confirmed;
|
||||
private bool $authenticated;
|
||||
|
||||
public function __construct(string $type, ?int $id = null, bool $confirmed = false) {
|
||||
$this->id = $id;
|
||||
$this->type = $type;
|
||||
$this->confirmed = $confirmed;
|
||||
$this->authenticated = $_SESSION["2faAuthenticated"] ?? false;
|
||||
}
|
||||
|
||||
public function jsonSerialize(): array {
|
||||
return [
|
||||
"id" => $this->id,
|
||||
"type" => $this->type,
|
||||
"confirmed" => $this->confirmed,
|
||||
"authenticated" => $this->authenticated,
|
||||
];
|
||||
}
|
||||
|
||||
public abstract function getData(): string;
|
||||
|
||||
public function authenticate() {
|
||||
$this->authenticated = true;
|
||||
$_SESSION["2faAuthenticated"] = true;
|
||||
}
|
||||
|
||||
public function getType(): string {
|
||||
return $this->type;
|
||||
}
|
||||
|
||||
public function isConfirmed(): bool {
|
||||
return $this->confirmed;
|
||||
}
|
||||
|
||||
public function getId(): int {
|
||||
return $this->id;
|
||||
}
|
||||
|
||||
public static function newInstance(string $type, string $data, ?int $id = null, bool $confirmed = false) {
|
||||
if ($type === TimeBasedTwoFactorToken::TYPE) {
|
||||
return new TimeBasedTwoFactorToken($data, $id, $confirmed);
|
||||
} else if ($type === KeyBasedTwoFactorToken::TYPE) {
|
||||
return new KeyBasedTwoFactorToken($data, $id, $confirmed);
|
||||
} else {
|
||||
// TODO: error message
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
public function isAuthenticated(): bool {
|
||||
return $this->authenticated;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user