/** * This method should handle any two factor authentication and report back * to the subject. * * @param array $credentials Array holding the user credentials * @param array $options Array of extra options * * @return boolean True if the user is authorised with this two-factor authentication method * * @since 3.2 */ public function onUserTwofactorAuthenticate($credentials, $options) { // Get the OTP configuration object $otpConfig = $options['otp_config']; // Make sure it's an object if (empty($otpConfig) || !is_object($otpConfig)) { return false; } // Check if we have the correct method if ($otpConfig->method != $this->methodName) { return false; } // Check if there is a security code if (empty($credentials['secretkey'])) { return false; } // Create a new TOTP class with Google Authenticator compatible settings $totp = new FOFEncryptTotp(30, 6, 10); // Check the code $code = $totp->getCode($otpConfig->config['code']); $check = $code == $credentials['secretkey']; /* * If the check fails, test the previous 30 second slot. This allow the * user to enter the security code when it's becoming red in Google * Authenticator app (reaching the end of its 30 second lifetime) */ if (!$check) { $time = time() - 30; $code = $totp->getCode($otpConfig->config['code'], $time); $check = $code == $credentials['secretkey']; } /* * If the check fails, test the next 30 second slot. This allows some * time drift between the authentication device and the server */ if (!$check) { $time = time() + 30; $code = $totp->getCode($otpConfig->config['code'], $time); $check = $code == $credentials['secretkey']; } return $check; }
/** * Creates a decryption key for use with the TOTP decryption method * * @param integer $time The timestamp used for TOTP calculation, leave empty to use current timestamp * * @return string THe encryption key */ private function _createDecryptionKey($time = null) { $totp = new FOFEncryptTotp($this->fofAuth_timeStep); $otp = $totp->getCode($this->fofAuth_Key, $time); $key = hash('sha256', $this->fofAuth_Key . $otp); return $key; }