From 590aa5fc265ab3aba34369a17c15162808aa7a77 Mon Sep 17 00:00:00 2001
From: Mike Macgirvin <mike@macgirvin.com>
Date: Sat, 4 Mar 2023 16:44:40 +1100
Subject: [PATCH] push up some more multifactor work

---
 Code/Module/Totp_check.php | 43 ++++++++++++++------------------------
 view/tpl/totp.tpl          | 38 ++++++++++++++++++---------------
 2 files changed, 37 insertions(+), 44 deletions(-)

diff --git a/Code/Module/Totp_check.php b/Code/Module/Totp_check.php
index e4e9c5f4d..d6441c59c 100644
--- a/Code/Module/Totp_check.php
+++ b/Code/Module/Totp_check.php
@@ -10,9 +10,11 @@ use Code\Render\Theme;
 use Code\Web\Controller;
 use OTPHP\TOTP;
 
-class Totp_check extends Controller {
+class Totp_check extends Controller
+{
 
-    function post() {
+    function post()
+    {
         $retval = ['status' => false];
 
         if (!local_channel()) {
@@ -25,23 +27,16 @@ class Totp_check extends Controller {
         }
         $secret = $account['account_external'];
 
-        if (isset($_POST['totp_code'])) {
+        if ($secret && isset($_POST['totp_code'])) {
             $otp = TOTP::create($secret); // create TOTP object from the secret.
             if ($otp->verify($_POST['totp_code'])) {
-
+                $_SESSION['2FA_VERIFIED'] = true;
+                $retval['status'] = true;
+                json_return_and_die($retval);
             }
-            $otp->verify($input); // Returns true if the input is verified, otherwise false.
-            require_once("addon/totp/class_totp.php");
-        $ref = intval($_POST['totp_code']);
-
-        $totp = new \TOTP(ucfirst(System::get_platform_name()),
-            $account['account_email'], $secret, 30, 6);
-        $match = ($totp->authcode($totp->timestamp()) == $ref);
-        if ($match) $_SESSION['2FA_VERIFIED'] = true;
-        json_return_and_die(array("match" => ($match ? "1" : "0")));
+        }
+        json_return_and_die($retval);
     }
-    json_return_and_die(array("status" => false));
-}
 
 
 
@@ -57,16 +52,11 @@ class Totp_check extends Controller {
         return AConfig::get($acct_id, 'totp', 'secret', null);
     }
     function get() {
-        if (!$this->totp_installed()) {
-            //Do not display any associated widgets at this point
-            App::$pdl = '';
-            $papp = Apps::get_papp('TOTP');
-            return Apps::app_render($papp, 'module');
-        }
-
         $account = App::get_account();
-        if (!$account) goaway(z_root());
-        $o .= replace_macros(Theme::get_template('totp.tpl','addon/totp'),
+        if (!$account) {
+            return t('Account not found.');
+        }
+        return replace_macros(Theme::get_template('totp.tpl'),
             [
                 '$header' => t('TOTP Two-Step Verification'),
                 '$desc'   => t('Enter the 2-step verification generated by your authenticator app:'),
@@ -74,9 +64,8 @@ class Totp_check extends Controller {
                 '$fail' => t('Invalid code, please try again.'),
                 '$maxfails' => t('Too many invalid codes...'),
                 '$submit' => t('Verify')
-            ]);
-        return $o;
+            ]
+        );
     }
-
 }
 
diff --git a/view/tpl/totp.tpl b/view/tpl/totp.tpl
index 68c6a40c4..3a7dd1e83 100644
--- a/view/tpl/totp.tpl
+++ b/view/tpl/totp.tpl
@@ -1,20 +1,22 @@
-<div style="width: 30em; margin: auto; margin-top: 3em; padding: 1em; border: 1px solid grey">
-    <h3 style="text-align: center">{{$header}}</h3>
+<div class="generic-content-wrapper">
+    <div class="section-content-tools-wrapper">
+    <h3 style="text-align: center;">{{$header}}</h3>
 
     <div>{{$desc}}</div>
 
-    <div style="margin: auto; margin-top: 1em; width: 18em">
-        <input type="text" class="form-control" style="float: left; width: 8em" id="totp-code" onkeydown="hitkey(event)"/>
-        <input type="button" style="margin-left: 1em; float: left" value={{$submit}} onclick="totp_verify()"/>
-        <div style="clear: left"></div>
-        <div id="feedback" style="margin-top: 4px; text-align: center"></div>
+    <div>
+        <input type="text" class="form-control" style="width: 10em" id="totp-code" onkeydown="hitkey(event)"/>
+        <div id="feedback"></div>
+        <input type="button" class="btn btn-primary" value={{$submit}} onclick="totp_verify()"/>
+
+    </div>
     </div>
 </div>
 <script type="text/javascript">
-var totp_success_msg = '{{$success}}';
-var totp_fail_msg = '{{$fail}}';
-var totp_maxfails_msg = '{{$maxfails}}';
-var try_countdown = 3;
+let totp_success_msg = '{{$success}}';
+let totp_fail_msg = '{{$fail}}';
+let totp_maxfails_msg = '{{$maxfails}}';
+let try_countdown = 3;
 
 $(window).on("load", function() {
 	totp_clear();
@@ -27,14 +29,14 @@ function totp_clear() {
 }
 function totp_verify() {
 	var code = document.getElementById("totp-code").value;
-	$.post("totp", {totp_code: code},
+	$.post("totp_check", {totp_code: code},
 		function(resp) {
-			var report = document.getElementById("feedback");
-			var box = document.getElementById("totp-code");
-			if (resp['match'] == "1") {
+			let report = document.getElementById("feedback");
+			let box = document.getElementById("totp-code");
+			if (resp['status']) {
 				report.innerHTML = "<b>" + totp_success_msg + "</b>";
 				window.location = "/";
-				}
+			}
 			else {
 				try_countdown -= 1;
 				if (try_countdown < 1) {
@@ -48,7 +50,9 @@ function totp_verify() {
 				}
 			});
 	}
+}
+
 function hitkey(ev) {
 	if (ev.which == 13) totp_verify();
-	}
+}
 </script>