/**
* Tests generateRandom
*/
public function testGenerateRandom()
{
// contains numbers 2-7 and letters A-Z in large letters, 16 chars long
$this->assertRegExp('/[2-7A-Z]{16}/', GoogleAuthenticator::generateRandom());
// Can be told to make a longer secret
$this->assertRegExp('/[2-7A-Z]{18}/', GoogleAuthenticator::generateRandom(18));
}
public function totp()
{
$secret = GoogleAuthenticator::generateRandom();
$_SESSION['user']['totp_secret'] = $secret;
$username = $this->username;
$qrCode = GoogleAuthenticator::getQrCodeUrl('totp', 'GESTCOM CRIDIP ' . $username, $secret);
return $qrCode;
}
public function enable()
{
if (!Auth::check()) {
return Redirect::to('login');
}
$secret = GoogleAuthenticator::generateRandom();
$qr = GoogleAuthenticator::getQrCodeUrl('totp', urlencode(Config::get('login::nombreapplicacion')) . ':' . Auth::user()->email, $secret);
return View::make('login::login')->with('route', 'twostep.store')->with('mainPartial', 'twoStepEnablePartial')->with('footerPartial', 'twoStepPartialEnableFooter')->with('qr', $qr)->with('secret', $secret);
}
/**
* Vue L'authentification à 2 facteurs
*/
public function totp()
{
$user = $this->auth->user();
if ($user->totp_key != '') {
return redirect(url('profil'))->with('error', 'L\'authentification à 2 facteurs est déjà activer');
}
$secret = GoogleAuthenticator::generateRandom();
$site_name = env('SITE_NAME', 'AltisPan');
$qrcode = GoogleAuthenticator::getQrCodeUrl('totp', "{$site_name} - {$user->name}", $secret);
Session::put('secret', $secret);
return view('users.totp', compact('qrcode'));
}
/**
* Enable/disable 2FA
*
* @access public
*/
public function save()
{
$user = $this->getUser();
$this->checkCurrentUser($user);
$values = $this->request->getValues();
if (isset($values['twofactor_activated']) && $values['twofactor_activated'] == 1) {
$this->user->update(array('id' => $user['id'], 'twofactor_activated' => 1, 'twofactor_secret' => GoogleAuthenticator::generateRandom()));
} else {
$this->user->update(array('id' => $user['id'], 'twofactor_activated' => 0, 'twofactor_secret' => ''));
}
// Allow the user to test or disable the feature
$this->userSession->disable2FA();
$this->flash->success(t('User updated successfully.'));
$this->response->redirect($this->helper->url->to('twofactor', 'index', array('user_id' => $user['id'])));
}
use ORM, Otp\GoogleAuthenticator;
$klein->respond('POST', '/ajax/account/totp', function ($request, $response) use($core) {
/*
* Generate the TOTP Token
*/
$secret = GoogleAuthenticator::generateRandom();
$account = ORM::forTable('users')->findOne($core->user->getData('id'));
$account->totp_secret = $secret;
$account->save();
/*
* Generate QR Code
*/
$response->body('<div class="row" id="notice_box_totp" style="display:none;"></div>
<div class="row">
<div class="col-md-6">
<center><img src="' . GoogleAuthenticator::getQrCodeUrl('totp', $core->user->getData('email'), $secret) . '" /><br /><br /><code>' . $secret . '</code></center>
</div>
<div class="col-md-6">
<div class="alert alert-info">Please verify your TOTP settings by scanning the QR Code to the right with your phone\'s authenticator application, and then enter the 6 number code generated by the application in the box below. Press the enter key when finished.</div>
<form action="#" method="post" id="totp_token_verify">
<div class="form-group">
<label class="control-label" for="totp_token">TOTP Token</label>
<input class="form-control" type="text" id="totp_token" style="" />
</div>
' . $core->auth->XSRF() . '
</form>
</div>
</div>')->send();
});
$klein->respond('POST', '/ajax/account/totp/verify', function ($request, $response) use($core) {
// Responding with body rather than a flash since this is an AJAX request.
/**
* Get key url (empty if no url can be provided)
*
* @access public
* @param string $label
* @return string
*/
public function getKeyUrl($label)
{
if (empty($this->secret)) {
return '';
}
return GoogleAuthenticator::getKeyUri('totp', $label, $this->secret);
}
/**
* Get key url (empty if no url can be provided)
*
* @access public
* @param string $label
* @return string
*/
public function getKeyUrl($label)
{
if (empty($this->secret)) {
return '';
}
$options = array('issuer' => TOTP_ISSUER);
return GoogleAuthenticator::getKeyUri('totp', $label, $this->secret, null, $options);
}
// Getting a secret, either by generating or from storage
// DON'T use sessions as storage for this in production!!!
$secret = 0;
if (isset($_SESSION['otpsecret'])) {
$secret = $_SESSION['otpsecret'];
}
if (strlen($secret) != 16) {
$secret = GoogleAuthenticator::generateRandom();
$_SESSION['otpsecret'] = $secret;
}
// The secret is now an easy stored Base32 string.
// To use it in totp though we need to decode it into the original
$otp = new Otp();
$currentTotp = $otp->totp(Base32::decode($secret));
$qrCode = GoogleAuthenticator::getQrCodeUrl('totp', 'otpsample@cr', $secret);
$keyUri = GoogleAuthenticator::getKeyUri('totp', 'otpsample@cr', $secret);
?>
<html>
<head>
<title>One Time Passwords Example</title>
</head>
<body>
<h1>One Time Passwords Example</h1>
Secret is <?php
echo $secret;
?>
. This is saved with the users credentials.
<br />
<br />
public function getQrCodeUrl($realm, $label, $secret)
{
return GoogleAuthenticator::getQrCodeUrl($realm, $label, $secret);
}