/**
  * @param $auth
  */
 public static function initAuthenticationFromCookie(\Piwik\Auth $auth, $activateCookieAuth)
 {
     if (self::isModuleIsAPI() && !$activateCookieAuth) {
         return;
     }
     $authCookieName = Config::getInstance()->General['login_cookie_name'];
     $authCookieExpiry = 0;
     $authCookiePath = Config::getInstance()->General['login_cookie_path'];
     $authCookie = new Cookie($authCookieName, $authCookieExpiry, $authCookiePath);
     $defaultLogin = '******';
     $defaultTokenAuth = 'anonymous';
     if ($authCookie->isCookieFound()) {
         $defaultLogin = $authCookie->get('login');
         $defaultTokenAuth = $authCookie->get('token_auth');
     }
     $auth->setLogin($defaultLogin);
     $auth->setTokenAuth($defaultTokenAuth);
     $storage = new Storage($defaultLogin);
     if (!$storage->isActive()) {
         return;
     }
     $secret = $storage->getSecret();
     $cookieSecret = $authCookie->get('auth_code');
     if ($cookieSecret == SessionInitializer::getHashTokenAuth($defaultLogin, $secret)) {
         $googleAuth = new PHPGangsta\GoogleAuthenticator();
         $auth->setAuthCode($googleAuth->getCode($secret));
         $auth->validateAuthCode();
     }
 }
 /**
  * Executed when the session was successfully authenticated.
  *
  * @param AuthResult $authResult The successful authentication result.
  * @param bool $rememberMe Whether the authenticated session should be remembered after
  *                         the browser is closed or not.
  */
 protected function processSuccessfulSession(AuthResult $authResult, $rememberMe)
 {
     $storage = new Storage($authResult->getIdentity());
     /**
      * @deprecated Create a custom SessionInitializer instead.
      */
     Piwik::postEvent('Login.authenticate.successful', array($authResult->getIdentity(), $authResult->getTokenAuth()));
     $cookie = $this->getAuthCookie($rememberMe);
     $cookie->set('login', $authResult->getIdentity());
     $cookie->set('token_auth', $this->getHashTokenAuth($authResult->getIdentity(), $authResult->getTokenAuth()));
     if ($storage->isActive()) {
         $cookie->set('auth_code', $this->getHashTokenAuth($authResult->getIdentity(), $storage->getSecret()));
     }
     $cookie->setSecure(ProxyHttp::isHttps());
     $cookie->setHttpOnly(true);
     $cookie->save();
 }
 /**
  * Action to generate a new Google Authenticator secret for the current user
  *
  * @return string
  * @throws \Exception
  * @throws \Piwik\NoAccessException
  */
 public function regenerate()
 {
     Piwik::checkUserIsNotAnonymous();
     $view = new View('@GoogleAuthenticator/regenerate');
     $this->setGeneralVariablesView($view);
     $googleAuth = new PHPGangsta\GoogleAuthenticator();
     $storage = new Storage(Piwik::getCurrentUserLogin());
     $secret = Common::getRequestVar('gasecret', '', 'string');
     $authCode = Common::getRequestVar('gaauthcode', '', 'string');
     $authCodeNonce = Common::getRequestVar('authCodeNonce', '', 'string');
     $title = Common::getRequestVar('gatitle', $storage->getTitle(), 'string');
     $description = Common::getRequestVar('gadescription', $storage->getDescription(), 'string');
     if (!empty($secret) && !empty($authCode) && Nonce::verifyNonce(self::AUTH_CODE_NONCE, $authCodeNonce) && $googleAuth->verifyCode($secret, $authCode, 2)) {
         $storage->setSecret($secret);
         $storage->setDescription($description);
         $storage->setTitle($title);
         $this->auth->setAuthCode($authCode);
         $this->auth->validateAuthCode();
         Url::redirectToUrl(Url::getCurrentUrlWithoutQueryString() . Url::getCurrentQueryStringWithParametersModified(array('action' => 'settings', 'activate' => '1')));
     }
     if (empty($secret)) {
         $secret = $googleAuth->createSecret(32);
     }
     $view->title = $title;
     $view->description = $description;
     $view->authCodeNonce = Nonce::getNonce(self::AUTH_CODE_NONCE);
     $view->newSecret = $secret;
     $view->googleAuthImage = $googleAuth->getQRCodeGoogleUrl($description, $secret, $title);
     return $view->render();
 }
 /**
  * Authenticates user
  *
  * @return AuthResult
  */
 public function authenticate()
 {
     $authResult = parent::authenticate();
     // if authentication was correct, check if an auth code is required
     if ($authResult->wasAuthenticationSuccessful()) {
         $this->setLogin($authResult->getIdentity());
         $storage = new Storage($authResult->getIdentity());
         $this->validateAuthCode();
         // if Google Authenticator is disabled, or user already validated with auth code
         if (!$storage->isActive() || $this->getValidatedWithAuthCode()) {
             return $authResult;
         }
         $authResult = new AuthResult(self::AUTH_CODE_REQUIRED, $this->login, $this->token_auth);
     }
     return $authResult;
 }
 private function enableGoogleAuthenticator($login, $secret)
 {
     $storage = new Storage($login);
     $storage->activate();
     $storage->setSecret($secret);
 }