2015-12-29 01:24:09 +01:00
|
|
|
<?php
|
|
|
|
|
|
|
|
namespace Kanboard\Auth;
|
|
|
|
|
|
|
|
use Otp\Otp;
|
|
|
|
use Otp\GoogleAuthenticator;
|
|
|
|
use Base32\Base32;
|
|
|
|
use Kanboard\Core\Base;
|
|
|
|
use Kanboard\Core\Security\PostAuthenticationProviderInterface;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* TOTP Authentication Provider
|
|
|
|
*
|
|
|
|
* @package auth
|
|
|
|
* @author Frederic Guillot
|
|
|
|
*/
|
|
|
|
class TotpAuth extends Base implements PostAuthenticationProviderInterface
|
|
|
|
{
|
|
|
|
/**
|
|
|
|
* User pin code
|
|
|
|
*
|
2016-01-24 17:50:51 +01:00
|
|
|
* @access protected
|
2015-12-29 01:24:09 +01:00
|
|
|
* @var string
|
|
|
|
*/
|
2016-01-24 17:50:51 +01:00
|
|
|
protected $code = '';
|
2015-12-29 01:24:09 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Private key
|
|
|
|
*
|
2016-01-24 17:50:51 +01:00
|
|
|
* @access protected
|
2015-12-29 01:24:09 +01:00
|
|
|
* @var string
|
|
|
|
*/
|
2016-01-24 17:50:51 +01:00
|
|
|
protected $secret = '';
|
2015-12-29 01:24:09 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Get authentication provider name
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
public function getName()
|
|
|
|
{
|
2016-01-24 17:50:51 +01:00
|
|
|
return t('Time-based One-time Password Algorithm');
|
2015-12-29 01:24:09 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Authenticate the user
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return boolean
|
|
|
|
*/
|
|
|
|
public function authenticate()
|
|
|
|
{
|
|
|
|
$otp = new Otp;
|
|
|
|
return $otp->checkTotp(Base32::decode($this->secret), $this->code);
|
|
|
|
}
|
|
|
|
|
2016-01-24 17:50:51 +01:00
|
|
|
/**
|
|
|
|
* Called before to prompt the user
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
*/
|
|
|
|
public function beforeCode()
|
|
|
|
{
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2015-12-29 01:24:09 +01:00
|
|
|
/**
|
|
|
|
* Set validation code
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @param string $code
|
|
|
|
*/
|
|
|
|
public function setCode($code)
|
|
|
|
{
|
|
|
|
$this->code = $code;
|
|
|
|
}
|
|
|
|
|
2016-01-24 17:50:51 +01:00
|
|
|
/**
|
|
|
|
* Generate secret
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
public function generateSecret()
|
|
|
|
{
|
|
|
|
$this->secret = GoogleAuthenticator::generateRandom();
|
|
|
|
return $this->secret;
|
|
|
|
}
|
|
|
|
|
2015-12-29 01:24:09 +01:00
|
|
|
/**
|
|
|
|
* Set secret token
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @param string $secret
|
|
|
|
*/
|
|
|
|
public function setSecret($secret)
|
|
|
|
{
|
|
|
|
$this->secret = $secret;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Get secret token
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
public function getSecret()
|
|
|
|
{
|
|
|
|
return $this->secret;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Get QR code url
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @param string $label
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
public function getQrCodeUrl($label)
|
|
|
|
{
|
|
|
|
if (empty($this->secret)) {
|
|
|
|
return '';
|
|
|
|
}
|
|
|
|
|
|
|
|
return GoogleAuthenticator::getQrCodeUrl('totp', $label, $this->secret);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Get key url (empty if no url can be provided)
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @param string $label
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
public function getKeyUrl($label)
|
|
|
|
{
|
|
|
|
if (empty($this->secret)) {
|
|
|
|
return '';
|
|
|
|
}
|
|
|
|
|
|
|
|
return GoogleAuthenticator::getKeyUri('totp', $label, $this->secret);
|
|
|
|
}
|
|
|
|
}
|