mfa cont.

2024-09-19 16:35:19 +00:00 · 2023-03-05 21:12:42 +11:00 · 2023-03-05 21:12:42 +11:00 · 5bc2dfb513
commit 5bc2dfb513
parent ff586758c6
4 changed files with 14 additions and 6 deletions
--- a/Code/Module/Settings/Multifactor.php
+++ b/Code/Module/Settings/Multifactor.php
@ -13,17 +13,18 @@ use ParagonIE\ConstantTime\Base32;

 class Multifactor
 {
-    public function init()
+    public function post()
    {
        $account = App::get_account();
        if (!$account) {
            return;
        }
+        $enable_mfa = isset($_POST['enable_mfa']) ? (int) $_POST['enable_mfa'] : false;
+        AConfig::Set($account['account_id'], 'system', 'mfa_enabled', $enable_mfa);
    }

    public function get()
    {
-        $hasNewSecret = false;
        $account = App::get_account();
        if (!$account) {
            return '';
@ -31,8 +32,8 @@ class Multifactor

        if (!$account['account_external']) {
            $otp = TOTP::create();
-            $otp->setLabel('label');
-            $otp->setIssuer('issuer');
+            $otp->setLabel(rawurlencode(System::get_project_name()));
+            $otp->setIssuer(rawurlencode(System::get_project_name()));

            $mySecret = trim(Base32::encodeUpper(random_bytes(32)), '=');
            $otp = TOTP::create($mySecret);
@ -41,7 +42,6 @@ class Multifactor
                intval($account['account_id'])
            );
            $account['account_external'] = $otp->getSecret();
-            $hasNewSecret = true;
        }

        $otp = TOTP::create($account['account_external']);
--- a/Code/Module/Totp_check.php
+++ b/Code/Module/Totp_check.php
@ -51,9 +51,11 @@ class Totp_check extends Controller
        }
        return Apps::addon_app_installed($id, 'totp');
    }
+
    function get_secret($acct_id) {
        return AConfig::get($acct_id, 'totp', 'secret', null);
    }
+
    function get() {
        $account = App::get_account();
        if (!$account) {
--- a/include/auth.php
+++ b/include/auth.php
@ -11,6 +11,7 @@
 */

 use Code\Lib\Account;
+use Code\Lib\AConfig;
 use Code\Lib\Channel;
 use Code\Lib\Libzot;
 use Code\Extend\Hook;
@ -274,6 +275,11 @@ if (
                App::$session->extend_cookie();
                $login_refresh = true;
            }
+            $multiFactor  =  AConfig::Get(App::$account['account_id'], 'system', 'mfa_enabled');
+            if ($multiFactor && empty($_SESSION['2FA_VERIFIED'])) {
+      //          goaway(z_root() . '/totp_check');
+            }
+
            $ch = (($_SESSION['uid']) ? Channel::from_id($_SESSION['uid']) : null);
            authenticate_success(App::$account, false, $ch, false, false, $login_refresh);
        } else {
--- a/view/tpl/totp_setup.tpl
+++ b/view/tpl/totp_setup.tpl
@ -43,7 +43,7 @@
                {{include file="field_checkbox.tpl" field=$enable_mfa}}
                <div class="settings-submit-wrapper" >
                    <button id="otp-enable-submit" type="submit"
-                        name="submit" class="btn btn-primary" onclick="totp_test_code(); return false;">{{$submit}}
+                        name="submit" class="btn btn-primary">{{$submit}}
                    </button>
                </div>