Streams/streams
Streams/streams
1
0
Fork 0
mirror of https://codeberg.org/streams/streams.git synced 2024-09-20 03:35:13 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

push up some more multifactor work

Browse source
This commit is contained in:
Mike Macgirvin 2023-03-04 16:44:40 +11:00
parent ee7af9b646
commit 590aa5fc26
2 changed files with 37 additions and 44 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
Code/Module/Totp_check.php
View file

@ -10,9 +10,11 @@ use Code\Render\Theme;
use Code\Web\Controller; use Code\Web\Controller;
use OTPHP\TOTP; use OTPHP\TOTP;
class Totp_check extends Controller { class Totp_check extends Controller
{
function post() { function post()
{
$retval = ['status' => false]; $retval = ['status' => false];
if (!local_channel()) { if (!local_channel()) {
@ -25,23 +27,16 @@ class Totp_check extends Controller {
} }
$secret = $account['account_external']; $secret = $account['account_external'];
if (isset($_POST['totp_code'])) { if ($secret && isset($_POST['totp_code'])) {
$otp = TOTP::create($secret); // create TOTP object from the secret. $otp = TOTP::create($secret); // create TOTP object from the secret.
if ($otp->verify($_POST['totp_code'])) { if ($otp->verify($_POST['totp_code'])) {
$_SESSION['2FA_VERIFIED'] = true;
$retval['status'] = true;
json_return_and_die($retval);
} }
$otp->verify($input); // Returns true if the input is verified, otherwise false. }
require_once("addon/totp/class_totp.php"); json_return_and_die($retval);
$ref = intval($_POST['totp_code']);
$totp = new \TOTP(ucfirst(System::get_platform_name()),
$account['account_email'], $secret, 30, 6);
$match = ($totp->authcode($totp->timestamp()) == $ref);
if ($match) $_SESSION['2FA_VERIFIED'] = true;
json_return_and_die(array("match" => ($match ? "1" : "0")));
} }
json_return_and_die(array("status" => false));
}
@ -57,16 +52,11 @@ class Totp_check extends Controller {
return AConfig::get($acct_id, 'totp', 'secret', null); return AConfig::get($acct_id, 'totp', 'secret', null);
} }
function get() { function get() {
if (!$this->totp_installed()) {
//Do not display any associated widgets at this point
App::$pdl = '';
$papp = Apps::get_papp('TOTP');
return Apps::app_render($papp, 'module');
}
$account = App::get_account(); $account = App::get_account();
if (!$account) goaway(z_root()); if (!$account) {
$o .= replace_macros(Theme::get_template('totp.tpl','addon/totp'), return t('Account not found.');
}
return replace_macros(Theme::get_template('totp.tpl'),
[ [
'$header' => t('TOTP Two-Step Verification'), '$header' => t('TOTP Two-Step Verification'),
'$desc' => t('Enter the 2-step verification generated by your authenticator app:'), '$desc' => t('Enter the 2-step verification generated by your authenticator app:'),
@ -74,9 +64,8 @@ class Totp_check extends Controller {
'$fail' => t('Invalid code, please try again.'), '$fail' => t('Invalid code, please try again.'),
'$maxfails' => t('Too many invalid codes...'), '$maxfails' => t('Too many invalid codes...'),
'$submit' => t('Verify') '$submit' => t('Verify')
]); ]
return $o; );
} }
} }

38
view/tpl/totp.tpl
View file

@ -1,20 +1,22 @@
<div style="width: 30em; margin: auto; margin-top: 3em; padding: 1em; border: 1px solid grey"> <div class="generic-content-wrapper">
<h3 style="text-align: center">{{$header}}</h3> <div class="section-content-tools-wrapper">
<h3 style="text-align: center;">{{$header}}</h3>
<div>{{$desc}}</div> <div>{{$desc}}</div>
<div style="margin: auto; margin-top: 1em; width: 18em"> <div>
<input type="text" class="form-control" style="float: left; width: 8em" id="totp-code" onkeydown="hitkey(event)"/> <input type="text" class="form-control" style="width: 10em" id="totp-code" onkeydown="hitkey(event)"/>
<input type="button" style="margin-left: 1em; float: left" value={{$submit}} onclick="totp_verify()"/> <div id="feedback"></div>
<div style="clear: left"></div> <input type="button" class="btn btn-primary" value={{$submit}} onclick="totp_verify()"/>
<div id="feedback" style="margin-top: 4px; text-align: center"></div>
</div>
</div> </div>
</div> </div>
<script type="text/javascript"> <script type="text/javascript">
var totp_success_msg = '{{$success}}'; let totp_success_msg = '{{$success}}';
var totp_fail_msg = '{{$fail}}'; let totp_fail_msg = '{{$fail}}';
var totp_maxfails_msg = '{{$maxfails}}'; let totp_maxfails_msg = '{{$maxfails}}';
var try_countdown = 3; let try_countdown = 3;
$(window).on("load", function() { $(window).on("load", function() {
totp_clear(); totp_clear();
@ -27,14 +29,14 @@ function totp_clear() {
} }
function totp_verify() { function totp_verify() {
var code = document.getElementById("totp-code").value; var code = document.getElementById("totp-code").value;
$.post("totp", {totp_code: code}, $.post("totp_check", {totp_code: code},
function(resp) { function(resp) {
var report = document.getElementById("feedback"); let report = document.getElementById("feedback");
var box = document.getElementById("totp-code"); let box = document.getElementById("totp-code");
if (resp['match'] == "1") { if (resp['status']) {
report.innerHTML = "<b>" + totp_success_msg + "</b>"; report.innerHTML = "<b>" + totp_success_msg + "</b>";
window.location = "/"; window.location = "/";
} }
else { else {
try_countdown -= 1; try_countdown -= 1;
if (try_countdown < 1) { if (try_countdown < 1) {
@ -48,7 +50,9 @@ function totp_verify() {
} }
}); });
} }
}
function hitkey(ev) { function hitkey(ev) {
if (ev.which == 13) totp_verify(); if (ev.which == 13) totp_verify();
} }
</script> </script>