public function xSettingsEnable2FaGglAction() { if ($this->getParam('qr') && $this->getParam('code')) { if (Scalr_Util_Google2FA::verifyKey($this->getParam('qr'), $this->getParam('code'))) { $this->user->setSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL, 1); $this->user->setSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL_KEY, $this->getCrypto()->encrypt($this->getParam('qr'), $this->cryptoKey)); $this->response->success(); } else { $this->response->failure('Code is invalid. Please try again.'); } } else { $this->response->failure(); } }
/** * @param string $scalrLogin * @param RawData $scalrPass * @param bool $scalrKeepSession * @param int $accountId * @param string $tfaGglCode * @param bool $tfaGglReset * @param string $scalrCaptcha * @param string $scalrCaptchaChallenge */ public function xLoginAction($scalrLogin, RawData $scalrPass, $scalrKeepSession = false, $accountId = 0, $tfaGglCode = '', $tfaGglReset = false, $scalrCaptcha = '', $scalrCaptchaChallenge = '') { $user = $this->loginUserGet($scalrLogin, $scalrPass, $accountId, $scalrCaptcha, $scalrCaptchaChallenge); // check for 2-factor auth if (($user->getAccountId() && $user->getAccount()->isFeatureEnabled(Scalr_Limits::FEATURE_2FA) || !$user->getAccountId()) && $user->getSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL) == 1) { if ($tfaGglCode) { if ($tfaGglReset) { $resetCode = $user->getSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL_RESET_CODE); if ($resetCode != Scalr_Util_CryptoTool::hash($tfaGglCode)) { $this->response->data(array('errors' => array('tfaGglCode' => 'Invalid reset code'))); $this->response->failure(); return; } else { $user->setSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL, ''); $user->setSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL_KEY, ''); $user->setSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL_RESET_CODE, ''); $this->response->success('Two-factor authentication has been disabled.'); } } else { $key = $this->getCrypto()->decrypt($user->getSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL_KEY)); if (!Scalr_Util_Google2FA::verifyKey($key, $tfaGglCode)) { $this->response->data(array('errors' => array('tfaGglCode' => 'Invalid code'))); $this->response->failure(); return; } } } else { $this->response->data(array('tfaGgl' => true)); $this->response->failure(); return; } } $this->loginUserCreate($user, $scalrKeepSession); }
/** * @param $qr * @param $code * @throws Exception */ public function xSettingsEnable2FaGglAction($qr, $code) { if ($this->user->getSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL) == 1) { throw new Exception('Two-factor authentication has been already enabled for this user'); } if ($qr && $code) { if (Scalr_Util_Google2FA::verifyKey($qr, $code)) { $resetCode = Scalr_Util_CryptoTool::sault(12); $this->user->setSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL, 1); $this->user->setSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL_KEY, $this->getCrypto()->encrypt($qr)); $this->user->setSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL_RESET_CODE, Scalr_Util_CryptoTool::hash($resetCode)); $this->response->data(['resetCode' => $resetCode]); } else { $this->response->data(array('errors' => array('code' => 'Invalid code'))); $this->response->failure(); } } else { $this->response->failure('Invalid data'); } }
public function xLoginTfaGglAction() { $user = $this->loginUserGet(); if (($user->getAccountId() && $user->getAccount()->isFeatureEnabled(Scalr_Limits::FEATURE_2FA) || !$user->getAccountId()) && $user->getSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL) == 1) { $key = $this->getCrypto()->decrypt($user->getSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL_KEY), $this->cryptoKey); if ($this->getParam('tfaCode') && Scalr_Util_Google2FA::verifyKey($key, $this->getParam('tfaCode'))) { $this->loginUserCreate($user); } else { $this->response->failure('Invalid code'); } } else { $this->response->failure('Two-factor authentication not enabled for this user'); } }
/** * @param string $scalrLogin * @param RawData $scalrPass * @param bool $scalrKeepSession * @param int $accountId * @param string $tfaGglCode * @param bool $tfaGglReset * @param string $scalrCaptcha * @param string $scalrCaptchaChallenge */ public function xLoginAction($scalrLogin, RawData $scalrPass, $scalrKeepSession = false, $accountId = 0, $tfaGglCode = '', $tfaGglReset = false, $scalrCaptcha = '', $scalrCaptchaChallenge = '') { $user = $this->loginUserGet($scalrLogin, $scalrPass, $accountId, $scalrCaptcha, $scalrCaptchaChallenge); $msg = []; // check for 2-factor auth if ($user->getSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL) == 1) { if ($tfaGglCode) { if ($tfaGglReset) { $resetCode = $user->getSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL_RESET_CODE); if ($resetCode != CryptoTool::hash($tfaGglCode)) { $this->response->data(["errors" => ["tfaGglCode" => "Invalid reset code"]]); $this->auditLog("user.auth.login", ['result' => 'error', 'error_message' => 'Invalid reset code']); $this->response->failure(); return; } else { $user->setSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL, ''); $user->setSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL_KEY, ''); $user->setSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL_RESET_CODE, ''); $msg = ["info" => "Two-factor authentication has been disabled."]; $this->response->success($msg["info"]); } } else { $key = $this->getCrypto()->decrypt($user->getSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL_KEY)); if (!Scalr_Util_Google2FA::verifyKey($key, $tfaGglCode)) { $this->response->data(["errors" => ["tfaGglCode" => "Invalid code"]]); $this->auditLog("user.auth.login", ['result' => 'error', 'error_message' => 'Invalid code']); $this->response->failure(); return; } } } else { $this->response->data(["tfaGgl" => true]); $this->response->failure(); return; } } $this->loginUserCreate($user, $scalrKeepSession); try { $envId = $this->getEnvironmentId(true) ?: $user->getDefaultEnvironment()->id; } catch (Exception $e) { $envId = null; } $this->getContainer()->auditlogger->setEnvironmentId($envId)->setRuid(Scalr_Session::getInstance()->getRealUserId()); $this->auditLog("user.auth.login", $user); }
public function xSettingsEnable2FaGglAction() { if ($this->getParam('qr') && $this->getParam('code')) { if (Scalr_Util_Google2FA::verifyKey($this->getParam('qr'), $this->getParam('code'))) { $this->user->setSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL, 1); $this->user->setSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL_KEY, $this->getCrypto()->encrypt($this->getParam('qr'), $this->cryptoKey)); $this->response->success('Two-factor authentication enabled'); } else { $this->response->data(array('errors' => array('code' => 'Invalid code'))); $this->response->failure(); } } else { $this->response->failure('Invalid data'); } }