mfa update

2024-09-20 00:35:30 +00:00 · 2023-03-04 15:43:05 +11:00 · 2023-03-04 15:43:05 +11:00 · ee7af9b646
commit ee7af9b646
parent 34e941275a
2 changed files with 87 additions and 3 deletions
--- a/Code/Module/Totp_check.php
+++ b/Code/Module/Totp_check.php
@ -0,0 +1,82 @@
+<?php
+
+namespace Code\Module;
+
+use App;
+use Code\Lib\Apps;
+use Code\Lib\AConfig;
+use Code\Lib\System;
+use Code\Render\Theme;
+use Code\Web\Controller;
+use OTPHP\TOTP;
+
+class Totp_check extends Controller {
+
+    function post() {
+        $retval = ['status' => false];
+
+        if (!local_channel()) {
+            json_return_and_die($retval);
+        }
+
+        $account = App::get_account();
+        if (!$account) {
+            json_return_and_die($retval);
+        }
+        $secret = $account['account_external'];
+
+        if (isset($_POST['totp_code'])) {
+            $otp = TOTP::create($secret); // create TOTP object from the secret.
+            if ($otp->verify($_POST['totp_code'])) {
+
+            }
+            $otp->verify($input); // Returns true if the input is verified, otherwise false.
+            require_once("addon/totp/class_totp.php");
+        $ref = intval($_POST['totp_code']);
+
+        $totp = new \TOTP(ucfirst(System::get_platform_name()),
+            $account['account_email'], $secret, 30, 6);
+        $match = ($totp->authcode($totp->timestamp()) == $ref);
+        if ($match) $_SESSION['2FA_VERIFIED'] = true;
+        json_return_and_die(array("match" => ($match ? "1" : "0")));
+    }
+    json_return_and_die(array("status" => false));
+}
+
+
+
+
+    function totp_installed() {
+        $id = local_channel();
+        if (!$id) {
+            return false;
+        }
+        return Apps::addon_app_installed($id, 'totp');
+    }
+    function get_secret($acct_id) {
+        return AConfig::get($acct_id, 'totp', 'secret', null);
+    }
+    function get() {
+        if (!$this->totp_installed()) {
+            //Do not display any associated widgets at this point
+            App::$pdl = '';
+            $papp = Apps::get_papp('TOTP');
+            return Apps::app_render($papp, 'module');
+        }
+
+        $account = App::get_account();
+        if (!$account) goaway(z_root());
+        $o .= replace_macros(Theme::get_template('totp.tpl','addon/totp'),
+            [
+                '$header' => t('TOTP Two-Step Verification'),
+                '$desc'   => t('Enter the 2-step verification generated by your authenticator app:'),
+                '$success' => t('Success!'),
+                '$fail' => t('Invalid code, please try again.'),
+                '$maxfails' => t('Too many invalid codes...'),
+                '$submit' => t('Verify')
+            ]);
+        return $o;
+    }
+
+}
+
--- a/view/tpl/totp.tpl
+++ b/view/tpl/totp.tpl
@ -15,14 +15,16 @@ var totp_success_msg = '{{$success}}';
 var totp_fail_msg = '{{$fail}}';
 var totp_maxfails_msg = '{{$maxfails}}';
 var try_countdown = 3;
+
 $(window).on("load", function() {
 	totp_clear();
-	});
+});
+
 function totp_clear() {
-	var box = document.getElementById("totp-code");
+	let box = document.getElementById("totp-code");
 	box.value = "";
 	box.focus();
-	}
+}
 function totp_verify() {
 	var code = document.getElementById("totp-code").value;
 	$.post("totp", {totp_code: code},