/**
* Action to generate a new Google Authenticator secret for the current user
*
* @return string
* @throws \Exception
* @throws \Piwik\NoAccessException
*/
public function regenerate()
{
Piwik::checkUserIsNotAnonymous();
$view = new View('@GoogleAuthenticator/regenerate');
$this->setGeneralVariablesView($view);
$googleAuth = new PHPGangsta\GoogleAuthenticator();
$storage = new Storage(Piwik::getCurrentUserLogin());
$secret = Common::getRequestVar('gasecret', '', 'string');
$authCode = Common::getRequestVar('gaauthcode', '', 'string');
$authCodeNonce = Common::getRequestVar('authCodeNonce', '', 'string');
$title = Common::getRequestVar('gatitle', $storage->getTitle(), 'string');
$description = Common::getRequestVar('gadescription', $storage->getDescription(), 'string');
if (!empty($secret) && !empty($authCode) && Nonce::verifyNonce(self::AUTH_CODE_NONCE, $authCodeNonce) && $googleAuth->verifyCode($secret, $authCode, 2)) {
$storage->setSecret($secret);
$storage->setDescription($description);
$storage->setTitle($title);
$this->auth->setAuthCode($authCode);
$this->auth->validateAuthCode();
Url::redirectToUrl(Url::getCurrentUrlWithoutQueryString() . Url::getCurrentQueryStringWithParametersModified(array('action' => 'settings', 'activate' => '1')));
}
if (empty($secret)) {
$secret = $googleAuth->createSecret(32);
}
$view->title = $title;
$view->description = $description;
$view->authCodeNonce = Nonce::getNonce(self::AUTH_CODE_NONCE);
$view->newSecret = $secret;
$view->googleAuthImage = $googleAuth->getQRCodeGoogleUrl($description, $secret, $title);
return $view->render();
}
/**
* @param $auth
*/
public static function initAuthenticationFromCookie(\Piwik\Auth $auth, $activateCookieAuth)
{
if (self::isModuleIsAPI() && !$activateCookieAuth) {
return;
}
$authCookieName = Config::getInstance()->General['login_cookie_name'];
$authCookieExpiry = 0;
$authCookiePath = Config::getInstance()->General['login_cookie_path'];
$authCookie = new Cookie($authCookieName, $authCookieExpiry, $authCookiePath);
$defaultLogin = '******';
$defaultTokenAuth = 'anonymous';
if ($authCookie->isCookieFound()) {
$defaultLogin = $authCookie->get('login');
$defaultTokenAuth = $authCookie->get('token_auth');
}
$auth->setLogin($defaultLogin);
$auth->setTokenAuth($defaultTokenAuth);
$storage = new Storage($defaultLogin);
if (!$storage->isActive()) {
return;
}
$secret = $storage->getSecret();
$cookieSecret = $authCookie->get('auth_code');
if ($cookieSecret == SessionInitializer::getHashTokenAuth($defaultLogin, $secret)) {
$googleAuth = new PHPGangsta\GoogleAuthenticator();
$auth->setAuthCode($googleAuth->getCode($secret));
$auth->validateAuthCode();
}
}
/**
* Returns if the set auth code is valid and updates the validation status of the current session
* @return bool
*/
public function validateAuthCode()
{
$storage = new Storage($this->getLogin());
$secret = $storage->getSecret();
$googleAuth = new PHPGangsta\GoogleAuthenticator();
if (!empty($secret) && $googleAuth->verifyCode($secret, $this->authCode, 2)) {
$this->setValidatedWithAuthCode(true);
return true;
}
return false;
}
private function getValidAuthCode()
{
$ga = new GoogleAuthenticator();
return $ga->getCode($this->secret);
}
