mirror of
https://codeberg.org/streams/streams.git
synced 2024-09-20 03:35:13 +00:00
push up some more multifactor work
This commit is contained in:
parent
ee7af9b646
commit
590aa5fc26
2 changed files with 37 additions and 44 deletions
|
@ -10,9 +10,11 @@ use Code\Render\Theme;
|
||||||
use Code\Web\Controller;
|
use Code\Web\Controller;
|
||||||
use OTPHP\TOTP;
|
use OTPHP\TOTP;
|
||||||
|
|
||||||
class Totp_check extends Controller {
|
class Totp_check extends Controller
|
||||||
|
{
|
||||||
|
|
||||||
function post() {
|
function post()
|
||||||
|
{
|
||||||
$retval = ['status' => false];
|
$retval = ['status' => false];
|
||||||
|
|
||||||
if (!local_channel()) {
|
if (!local_channel()) {
|
||||||
|
@ -25,23 +27,16 @@ class Totp_check extends Controller {
|
||||||
}
|
}
|
||||||
$secret = $account['account_external'];
|
$secret = $account['account_external'];
|
||||||
|
|
||||||
if (isset($_POST['totp_code'])) {
|
if ($secret && isset($_POST['totp_code'])) {
|
||||||
$otp = TOTP::create($secret); // create TOTP object from the secret.
|
$otp = TOTP::create($secret); // create TOTP object from the secret.
|
||||||
if ($otp->verify($_POST['totp_code'])) {
|
if ($otp->verify($_POST['totp_code'])) {
|
||||||
|
$_SESSION['2FA_VERIFIED'] = true;
|
||||||
|
$retval['status'] = true;
|
||||||
|
json_return_and_die($retval);
|
||||||
}
|
}
|
||||||
$otp->verify($input); // Returns true if the input is verified, otherwise false.
|
}
|
||||||
require_once("addon/totp/class_totp.php");
|
json_return_and_die($retval);
|
||||||
$ref = intval($_POST['totp_code']);
|
|
||||||
|
|
||||||
$totp = new \TOTP(ucfirst(System::get_platform_name()),
|
|
||||||
$account['account_email'], $secret, 30, 6);
|
|
||||||
$match = ($totp->authcode($totp->timestamp()) == $ref);
|
|
||||||
if ($match) $_SESSION['2FA_VERIFIED'] = true;
|
|
||||||
json_return_and_die(array("match" => ($match ? "1" : "0")));
|
|
||||||
}
|
}
|
||||||
json_return_and_die(array("status" => false));
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -57,16 +52,11 @@ class Totp_check extends Controller {
|
||||||
return AConfig::get($acct_id, 'totp', 'secret', null);
|
return AConfig::get($acct_id, 'totp', 'secret', null);
|
||||||
}
|
}
|
||||||
function get() {
|
function get() {
|
||||||
if (!$this->totp_installed()) {
|
|
||||||
//Do not display any associated widgets at this point
|
|
||||||
App::$pdl = '';
|
|
||||||
$papp = Apps::get_papp('TOTP');
|
|
||||||
return Apps::app_render($papp, 'module');
|
|
||||||
}
|
|
||||||
|
|
||||||
$account = App::get_account();
|
$account = App::get_account();
|
||||||
if (!$account) goaway(z_root());
|
if (!$account) {
|
||||||
$o .= replace_macros(Theme::get_template('totp.tpl','addon/totp'),
|
return t('Account not found.');
|
||||||
|
}
|
||||||
|
return replace_macros(Theme::get_template('totp.tpl'),
|
||||||
[
|
[
|
||||||
'$header' => t('TOTP Two-Step Verification'),
|
'$header' => t('TOTP Two-Step Verification'),
|
||||||
'$desc' => t('Enter the 2-step verification generated by your authenticator app:'),
|
'$desc' => t('Enter the 2-step verification generated by your authenticator app:'),
|
||||||
|
@ -74,9 +64,8 @@ class Totp_check extends Controller {
|
||||||
'$fail' => t('Invalid code, please try again.'),
|
'$fail' => t('Invalid code, please try again.'),
|
||||||
'$maxfails' => t('Too many invalid codes...'),
|
'$maxfails' => t('Too many invalid codes...'),
|
||||||
'$submit' => t('Verify')
|
'$submit' => t('Verify')
|
||||||
]);
|
]
|
||||||
return $o;
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,20 +1,22 @@
|
||||||
<div style="width: 30em; margin: auto; margin-top: 3em; padding: 1em; border: 1px solid grey">
|
<div class="generic-content-wrapper">
|
||||||
<h3 style="text-align: center">{{$header}}</h3>
|
<div class="section-content-tools-wrapper">
|
||||||
|
<h3 style="text-align: center;">{{$header}}</h3>
|
||||||
|
|
||||||
<div>{{$desc}}</div>
|
<div>{{$desc}}</div>
|
||||||
|
|
||||||
<div style="margin: auto; margin-top: 1em; width: 18em">
|
<div>
|
||||||
<input type="text" class="form-control" style="float: left; width: 8em" id="totp-code" onkeydown="hitkey(event)"/>
|
<input type="text" class="form-control" style="width: 10em" id="totp-code" onkeydown="hitkey(event)"/>
|
||||||
<input type="button" style="margin-left: 1em; float: left" value={{$submit}} onclick="totp_verify()"/>
|
<div id="feedback"></div>
|
||||||
<div style="clear: left"></div>
|
<input type="button" class="btn btn-primary" value={{$submit}} onclick="totp_verify()"/>
|
||||||
<div id="feedback" style="margin-top: 4px; text-align: center"></div>
|
|
||||||
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<script type="text/javascript">
|
<script type="text/javascript">
|
||||||
var totp_success_msg = '{{$success}}';
|
let totp_success_msg = '{{$success}}';
|
||||||
var totp_fail_msg = '{{$fail}}';
|
let totp_fail_msg = '{{$fail}}';
|
||||||
var totp_maxfails_msg = '{{$maxfails}}';
|
let totp_maxfails_msg = '{{$maxfails}}';
|
||||||
var try_countdown = 3;
|
let try_countdown = 3;
|
||||||
|
|
||||||
$(window).on("load", function() {
|
$(window).on("load", function() {
|
||||||
totp_clear();
|
totp_clear();
|
||||||
|
@ -27,14 +29,14 @@ function totp_clear() {
|
||||||
}
|
}
|
||||||
function totp_verify() {
|
function totp_verify() {
|
||||||
var code = document.getElementById("totp-code").value;
|
var code = document.getElementById("totp-code").value;
|
||||||
$.post("totp", {totp_code: code},
|
$.post("totp_check", {totp_code: code},
|
||||||
function(resp) {
|
function(resp) {
|
||||||
var report = document.getElementById("feedback");
|
let report = document.getElementById("feedback");
|
||||||
var box = document.getElementById("totp-code");
|
let box = document.getElementById("totp-code");
|
||||||
if (resp['match'] == "1") {
|
if (resp['status']) {
|
||||||
report.innerHTML = "<b>" + totp_success_msg + "</b>";
|
report.innerHTML = "<b>" + totp_success_msg + "</b>";
|
||||||
window.location = "/";
|
window.location = "/";
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
try_countdown -= 1;
|
try_countdown -= 1;
|
||||||
if (try_countdown < 1) {
|
if (try_countdown < 1) {
|
||||||
|
@ -48,7 +50,9 @@ function totp_verify() {
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
function hitkey(ev) {
|
function hitkey(ev) {
|
||||||
if (ev.which == 13) totp_verify();
|
if (ev.which == 13) totp_verify();
|
||||||
}
|
}
|
||||||
</script>
|
</script>
|
||||||
|
|
Loading…
Reference in a new issue