web-base/Core/Objects/TwoFactor/TimeBasedTwoFactorToken.class.php
2022-11-27 15:58:44 +01:00

65 lines
1.8 KiB
PHP

<?php
namespace Core\Objects\TwoFactor;
use Base32\Base32;
use chillerlan\QRCode\QRCode;
use chillerlan\QRCode\QROptions;
use Core\Driver\SQL\SQL;
use Core\Objects\Context;
use Core\Objects\DatabaseEntity\TwoFactorToken;
class TimeBasedTwoFactorToken extends TwoFactorToken {
const TYPE = "totp";
private string $secret;
public function __construct(string $secret) {
parent::__construct(self::TYPE);
$this->secret = $secret;
}
protected function readData(string $data) {
$this->secret = $data;
}
public function getUrl(Context $context): string {
$otpType = self::TYPE;
$name = rawurlencode($context->getUser()->getUsername());
$settings = $context->getSettings();
$urlArgs = [
"secret" => $this->secret,
"issuer" => $settings->getSiteName(),
];
$urlArgs = http_build_query($urlArgs);
return "otpauth://$otpType/$name?$urlArgs";
}
public function generateQRCode(Context $context) {
$options = new QROptions(['outputType' => QRCode::OUTPUT_IMAGE_PNG, "imageBase64" => false]);
$qrcode = new QRCode($options);
return $qrcode->render($this->getUrl($context));
}
public function generate(?int $at = null, int $length = 6, int $period = 30): string {
if ($at === null) {
$at = time();
}
$seed = intval($at / $period);
$secret = Base32::decode($this->secret);
$hmac = hash_hmac('sha1', pack("J", $seed), $secret, true);
$offset = ord($hmac[-1]) & 0xF;
$code = (unpack("N", substr($hmac, $offset, 4))[1] & 0x7fffffff) % intval(pow(10, $length));
return substr(str_pad(strval($code), $length, "0", STR_PAD_LEFT), -1 * $length);
}
public function verify(string $code): bool {
return $this->generate() === $code;
}
public function getData(): string {
return $this->secret;
}
}