/**
* The form for user OTP device configuration submits to this action.
*
* @param userId The user id to check
* @param useOtp If set, enable OTP device, otherwise delete OTP device record
* @param algorithm The OTP algorithm to use (see constants.php)
* @param secret The device key or secret to use
* @param length The length of the client tokens
*/
public function usersubmitAction()
{
$this->disableLayout();
$this->disableView();
$userOtpSetting = $this->Setting->GetValueByName('userOtpControl', 'mfa');
$userOtpControl = $userOtpSetting === 'true';
if (!$userOtpControl && !$this->userSession->Dao->isAdmin()) {
throw new Zend_Exception('Only administrators are allowed to manage OTP settings');
}
$userId = $this->getParam('userId');
if (!isset($userId)) {
throw new Zend_Exception('Must pass a userId parameter');
}
$user = $this->User->load($userId);
if (!$user) {
throw new Zend_Exception('Invalid userId');
}
$currentUser = $this->userSession->Dao;
if (!$currentUser) {
throw new Zend_Exception('Must be logged in');
}
if ($currentUser->getKey() != $user->getKey() && !$currentUser->isAdmin()) {
throw new Zend_Exception('Permission denied');
}
$otpDevice = $this->Mfa_Otpdevice->getByUser($user);
$useOtp = $this->getParam('useOtp');
if (!isset($useOtp)) {
if ($otpDevice) {
$this->Mfa_Otpdevice->delete($otpDevice);
}
echo JsonComponent::encode(array('status' => 'warning', 'message' => 'OTP Authentication disabled'));
} else {
if (!$otpDevice) {
$otpDevice = new Mfa_OtpdeviceDao();
$otpDevice->setUserId($user->getKey());
$otpDevice->setCounter('0');
}
$otpDevice->setAlgorithm($this->getParam('algorithm'));
$otpDevice->setSecret($this->getParam('secret'));
$otpDevice->setLength($this->getParam('length'));
$this->Mfa_Otpdevice->save($otpDevice);
echo JsonComponent::encode(array('status' => 'ok', 'message' => 'OTP Authentication enabled'));
}
}
