mirror of
https://codeberg.org/streams/streams.git
synced 2024-09-20 00:55:19 +00:00
push up some more multifactor work
This commit is contained in:
Mike Macgirvin
parent
ee7af9b646
commit
590aa5fc26
2 changed files with 37 additions and 44 deletions
|
|
@ -10,9 +10,11 @@ use Code\Render\Theme;
|
|||
use Code\Web\Controller;
|
||||
use OTPHP\TOTP;
|
||||
|
||||
class Totp_check extends Controller {
|
||||
class Totp_check extends Controller
|
||||
{
|
||||
|
||||
function post() {
|
||||
function post()
|
||||
{
|
||||
$retval = ['status' => false];
|
||||
|
||||
if (!local_channel()) {
|
||||
|
|
@ -25,23 +27,16 @@ class Totp_check extends Controller {
|
|||
}
|
||||
$secret = $account['account_external'];
|
||||
|
||||
if (isset($_POST['totp_code'])) {
|
||||
if ($secret && isset($_POST['totp_code'])) {
|
||||
$otp = TOTP::create($secret); // create TOTP object from the secret.
|
||||
if ($otp->verify($_POST['totp_code'])) {
|
||||
|
||||
$_SESSION['2FA_VERIFIED'] = true;
|
||||
$retval['status'] = true;
|
||||
json_return_and_die($retval);
|
||||
}
|
||||
$otp->verify($input); // Returns true if the input is verified, otherwise false.
|
||||
require_once("addon/totp/class_totp.php");
|
||||
$ref = intval($_POST['totp_code']);
|
||||
|
||||
$totp = new \TOTP(ucfirst(System::get_platform_name()),
|
||||
$account['account_email'], $secret, 30, 6);
|
||||
$match = ($totp->authcode($totp->timestamp()) == $ref);
|
||||
if ($match) $_SESSION['2FA_VERIFIED'] = true;
|
||||
json_return_and_die(array("match" => ($match ? "1" : "0")));
|
||||
}
|
||||
json_return_and_die($retval);
|
||||
}
|
||||
json_return_and_die(array("status" => false));
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
|
@ -57,16 +52,11 @@ class Totp_check extends Controller {
|
|||
return AConfig::get($acct_id, 'totp', 'secret', null);
|
||||
}
|
||||
function get() {
|
||||
if (!$this->totp_installed()) {
|
||||
//Do not display any associated widgets at this point
|
||||
App::$pdl = '';
|
||||
$papp = Apps::get_papp('TOTP');
|
||||
return Apps::app_render($papp, 'module');
|
||||
}
|
||||
|
||||
$account = App::get_account();
|
||||
if (!$account) goaway(z_root());
|
||||
$o .= replace_macros(Theme::get_template('totp.tpl','addon/totp'),
|
||||
if (!$account) {
|
||||
return t('Account not found.');
|
||||
}
|
||||
return replace_macros(Theme::get_template('totp.tpl'),
|
||||
[
|
||||
'$header' => t('TOTP Two-Step Verification'),
|
||||
'$desc' => t('Enter the 2-step verification generated by your authenticator app:'),
|
||||
|
|
@ -74,9 +64,8 @@ class Totp_check extends Controller {
|
|||
'$fail' => t('Invalid code, please try again.'),
|
||||
'$maxfails' => t('Too many invalid codes...'),
|
||||
'$submit' => t('Verify')
|
||||
]);
|
||||
return $o;
|
||||
]
|
||||
);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,20 +1,22 @@
|
|||
<div style="width: 30em; margin: auto; margin-top: 3em; padding: 1em; border: 1px solid grey">
|
||||
<h3 style="text-align: center">{{$header}}</h3>
|
||||
<div class="generic-content-wrapper">
|
||||
<div class="section-content-tools-wrapper">
|
||||
<h3 style="text-align: center;">{{$header}}</h3>
|
||||
|
||||
<div>{{$desc}}</div>
|
||||
|
||||
<div style="margin: auto; margin-top: 1em; width: 18em">
|
||||
<input type="text" class="form-control" style="float: left; width: 8em" id="totp-code" onkeydown="hitkey(event)"/>
|
||||
<input type="button" style="margin-left: 1em; float: left" value={{$submit}} onclick="totp_verify()"/>
|
||||
<div style="clear: left"></div>
|
||||
<div id="feedback" style="margin-top: 4px; text-align: center"></div>
|
||||
<div>
|
||||
<input type="text" class="form-control" style="width: 10em" id="totp-code" onkeydown="hitkey(event)"/>
|
||||
<div id="feedback"></div>
|
||||
<input type="button" class="btn btn-primary" value={{$submit}} onclick="totp_verify()"/>
|
||||
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<script type="text/javascript">
|
||||
var totp_success_msg = '{{$success}}';
|
||||
var totp_fail_msg = '{{$fail}}';
|
||||
var totp_maxfails_msg = '{{$maxfails}}';
|
||||
var try_countdown = 3;
|
||||
let totp_success_msg = '{{$success}}';
|
||||
let totp_fail_msg = '{{$fail}}';
|
||||
let totp_maxfails_msg = '{{$maxfails}}';
|
||||
let try_countdown = 3;
|
||||
|
||||
$(window).on("load", function() {
|
||||
totp_clear();
|
||||
|
|
@ -27,14 +29,14 @@ function totp_clear() {
|
|||
}
|
||||
function totp_verify() {
|
||||
var code = document.getElementById("totp-code").value;
|
||||
$.post("totp", {totp_code: code},
|
||||
$.post("totp_check", {totp_code: code},
|
||||
function(resp) {
|
||||
var report = document.getElementById("feedback");
|
||||
var box = document.getElementById("totp-code");
|
||||
if (resp['match'] == "1") {
|
||||
let report = document.getElementById("feedback");
|
||||
let box = document.getElementById("totp-code");
|
||||
if (resp['status']) {
|
||||
report.innerHTML = "<b>" + totp_success_msg + "</b>";
|
||||
window.location = "/";
|
||||
}
|
||||
}
|
||||
else {
|
||||
try_countdown -= 1;
|
||||
if (try_countdown < 1) {
|
||||
|
|
@ -48,7 +50,9 @@ function totp_verify() {
|
|||
}
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
function hitkey(ev) {
|
||||
if (ev.which == 13) totp_verify();
|
||||
}
|
||||
}
|
||||
</script>
|
||||
|
|
|
|||
Loading…
Reference in a new issue