public function AuthorizeWithOtp($user_id) { $doAuthorize = true; if (CModule::IncludeModule("security")) { /* MFA can allow or disallow authorization. Allowed only if: - OTP is not active for the user; When authorization is disallowed the OTP form will be shown on the next hit. */ $doAuthorize = \Bitrix\Security\Mfa\Otp::verifyUser(array("USER_ID" => $user_id)); } if ($doAuthorize) { return $this->Authorize($user_id); } return false; }
if ($arParams['OTP']) { $altPassword = substr($oRequest->arParameters['password'], 0, -6); } if ($err) { $oResponse->status = "445 Event Error."; $oResponse->text = $err; $arControllerLog['STATUS'] = 'N'; $arControllerLog['DESCRIPTION'] = $oResponse->text; $a = CControllerLog::Add($arControllerLog); } elseif ($arUser['ACTIVE'] == 'Y' && ($user_id > 0 || md5($db_password . 'MySalt') == md5(md5($salt . $oRequest->arParameters['password']) . 'MySalt') || $altPassword && md5($db_password . 'MySalt') == md5(md5($salt . $altPassword) . 'MySalt'))) { $arSaveUser = CControllerClient::PrepareUserInfo($arUser); $arSaveUser["GROUP_ID"] = array(); $arUserGroups = CUser::GetUserGroup($arUser['ID']); $MOD_RIGHT = $APPLICATION->GetGroupRight("controller", $arUserGroups); $arParams['USER_ID'] = $arUser['ID']; if (CModule::IncludeModule('security') && !\Bitrix\Security\Mfa\Otp::verifyUser($arParams)) { $oResponse->status = "443 Bad password."; $oResponse->text = GetMessage("CTRLR_WS_ERR_BAD_PASSW"); break; } elseif ($MOD_RIGHT >= "V") { $arSaveUser['CONTROLLER_ADMIN'] = 'Y'; $arSaveUser["GROUP_ID"][] = "administrators"; } elseif (COption::GetOptionString("controller", "auth_loc_enabled", "N") != "Y") { $oResponse->status = "423 Remoute Authorization Disabled."; $oResponse->text = "Remote authorization disabled on controller."; break; } $arLocGroups = unserialize(COption::GetOptionString("controller", "auth_loc", serialize(array()))); foreach ($arLocGroups as $arTGroup) { foreach ($arUserGroups as $group_id) { if ($arTGroup["LOC"] == $group_id) {