/**
* @param $auth
*/
public static function initAuthenticationFromCookie(\Piwik\Auth $auth, $activateCookieAuth)
{
if (self::isModuleIsAPI() && !$activateCookieAuth) {
return;
}
$authCookieName = Config::getInstance()->General['login_cookie_name'];
$authCookieExpiry = 0;
$authCookiePath = Config::getInstance()->General['login_cookie_path'];
$authCookie = new Cookie($authCookieName, $authCookieExpiry, $authCookiePath);
$defaultLogin = '******';
$defaultTokenAuth = 'anonymous';
if ($authCookie->isCookieFound()) {
$defaultLogin = $authCookie->get('login');
$defaultTokenAuth = $authCookie->get('token_auth');
}
$auth->setLogin($defaultLogin);
$auth->setTokenAuth($defaultTokenAuth);
$storage = new Storage($defaultLogin);
if (!$storage->isActive()) {
return;
}
$secret = $storage->getSecret();
$cookieSecret = $authCookie->get('auth_code');
if ($cookieSecret == SessionInitializer::getHashTokenAuth($defaultLogin, $secret)) {
$googleAuth = new PHPGangsta\GoogleAuthenticator();
$auth->setAuthCode($googleAuth->getCode($secret));
$auth->validateAuthCode();
}
}
/**
* Executed when the session was successfully authenticated.
*
* @param AuthResult $authResult The successful authentication result.
* @param bool $rememberMe Whether the authenticated session should be remembered after
* the browser is closed or not.
*/
protected function processSuccessfulSession(AuthResult $authResult, $rememberMe)
{
$storage = new Storage($authResult->getIdentity());
/**
* @deprecated Create a custom SessionInitializer instead.
*/
Piwik::postEvent('Login.authenticate.successful', array($authResult->getIdentity(), $authResult->getTokenAuth()));
$cookie = $this->getAuthCookie($rememberMe);
$cookie->set('login', $authResult->getIdentity());
$cookie->set('token_auth', $this->getHashTokenAuth($authResult->getIdentity(), $authResult->getTokenAuth()));
if ($storage->isActive()) {
$cookie->set('auth_code', $this->getHashTokenAuth($authResult->getIdentity(), $storage->getSecret()));
}
$cookie->setSecure(ProxyHttp::isHttps());
$cookie->setHttpOnly(true);
$cookie->save();
}
/**
* Settings page for the user - allow activating / disabling Google Authenticator and to generate secrets
*
* @return string
* @throws \Exception
* @throws \Piwik\NoAccessException
*/
public function settings()
{
Piwik::checkUserIsNotAnonymous();
$view = new View('@GoogleAuthenticator/settings');
$this->setGeneralVariablesView($view);
$googleAuth = new PHPGangsta\GoogleAuthenticator();
$storage = new Storage(Piwik::getCurrentUserLogin());
$view->activated = $view->disabled = false;
if (Common::getRequestVar('activate', 0, 'int')) {
$storage->activate();
$view->activated = true;
}
if (Common::getRequestVar('disable', 0, 'int')) {
$storage->deactivate();
$view->disabled = true;
}
$secret = $storage->getSecret();
$view->showSetUp = Common::getRequestVar('setup', 0, 'int');
$view->googleAuthIsActive = $storage->isActive();
$view->googleAuthSecret = $secret;
$view->googleAuthImage = $googleAuth->getQRCodeGoogleUrl(Piwik::getCurrentUserLogin(), $secret, 'Piwik - ' . Url::getCurrentHost());
return $view->render();
}
/**
* Authenticates user
*
* @return AuthResult
*/
public function authenticate()
{
$authResult = parent::authenticate();
// if authentication was correct, check if an auth code is required
if ($authResult->wasAuthenticationSuccessful()) {
$this->setLogin($authResult->getIdentity());
$storage = new Storage($authResult->getIdentity());
$this->validateAuthCode();
// if Google Authenticator is disabled, or user already validated with auth code
if (!$storage->isActive() || $this->getValidatedWithAuthCode()) {
return $authResult;
}
$authResult = new AuthResult(self::AUTH_CODE_REQUIRED, $this->login, $this->token_auth);
}
return $authResult;
}
