/** * Executed when the session was successfully authenticated. * * @param AuthResult $authResult The successful authentication result. * @param bool $rememberMe Whether the authenticated session should be remembered after * the browser is closed or not. */ protected function processSuccessfulSession(AuthResult $authResult, $rememberMe) { $storage = new Storage($authResult->getIdentity()); /** * @deprecated Create a custom SessionInitializer instead. */ Piwik::postEvent('Login.authenticate.successful', array($authResult->getIdentity(), $authResult->getTokenAuth())); $cookie = $this->getAuthCookie($rememberMe); $cookie->set('login', $authResult->getIdentity()); $cookie->set('token_auth', $this->getHashTokenAuth($authResult->getIdentity(), $authResult->getTokenAuth())); if ($storage->isActive()) { $cookie->set('auth_code', $this->getHashTokenAuth($authResult->getIdentity(), $storage->getSecret())); } $cookie->setSecure(ProxyHttp::isHttps()); $cookie->setHttpOnly(true); $cookie->save(); }
/** * Settings page for the user - allow activating / disabling Google Authenticator and to generate secrets * * @return string * @throws \Exception * @throws \Piwik\NoAccessException */ public function settings() { Piwik::checkUserIsNotAnonymous(); $view = new View('@GoogleAuthenticator/settings'); $this->setGeneralVariablesView($view); $googleAuth = new PHPGangsta\GoogleAuthenticator(); $storage = new Storage(Piwik::getCurrentUserLogin()); $view->activated = $view->disabled = false; if (Common::getRequestVar('activate', 0, 'int')) { $storage->activate(); $view->activated = true; } if (Common::getRequestVar('disable', 0, 'int')) { $storage->deactivate(); $view->disabled = true; } $secret = $storage->getSecret(); $view->showSetUp = Common::getRequestVar('setup', 0, 'int'); $view->googleAuthIsActive = $storage->isActive(); $view->googleAuthSecret = $secret; $view->googleAuthImage = $googleAuth->getQRCodeGoogleUrl(Piwik::getCurrentUserLogin(), $secret, 'Piwik - ' . Url::getCurrentHost()); return $view->render(); }
/** * Returns if the set auth code is valid and updates the validation status of the current session * @return bool */ public function validateAuthCode() { $storage = new Storage($this->getLogin()); $secret = $storage->getSecret(); $googleAuth = new PHPGangsta\GoogleAuthenticator(); if (!empty($secret) && $googleAuth->verifyCode($secret, $this->authCode, 2)) { $this->setValidatedWithAuthCode(true); return true; } return false; }
/** * @param $auth */ public static function initAuthenticationFromCookie(\Piwik\Auth $auth, $activateCookieAuth) { if (self::isModuleIsAPI() && !$activateCookieAuth) { return; } $authCookieName = Config::getInstance()->General['login_cookie_name']; $authCookieExpiry = 0; $authCookiePath = Config::getInstance()->General['login_cookie_path']; $authCookie = new Cookie($authCookieName, $authCookieExpiry, $authCookiePath); $defaultLogin = '******'; $defaultTokenAuth = 'anonymous'; if ($authCookie->isCookieFound()) { $defaultLogin = $authCookie->get('login'); $defaultTokenAuth = $authCookie->get('token_auth'); } $auth->setLogin($defaultLogin); $auth->setTokenAuth($defaultTokenAuth); $storage = new Storage($defaultLogin); if (!$storage->isActive()) { return; } $secret = $storage->getSecret(); $cookieSecret = $authCookie->get('auth_code'); if ($cookieSecret == SessionInitializer::getHashTokenAuth($defaultLogin, $secret)) { $googleAuth = new PHPGangsta\GoogleAuthenticator(); $auth->setAuthCode($googleAuth->getCode($secret)); $auth->validateAuthCode(); } }