function checkAndActivate($fields) { try { $deferredParams = Otp::getDeferredParams(); if (!$deferredParams['USER_ID']) { throw new \Bitrix\Security\Mfa\OtpException(Loc::getMessage('SECURITY_AUTH_OTP_MANDATORY_UNKNOWN_ERROR')); } $otp = Otp::getByUser($deferredParams['USER_ID']); $binarySecret = pack('H*', $fields['SECRET']); $otp->regenerate($binarySecret)->syncParameters($fields['SYNC1'], $fields['SYNC2'])->save(); $deferredParams[Otp::REJECTED_KEY] = OTP::REJECT_BY_CODE; Otp::setDeferredParams($deferredParams); $result = array('status' => 'ok'); } catch (\Bitrix\Security\Mfa\OtpException $e) { $result = array('status' => 'error', 'error' => $e->getMessage()); } return $result; }
/** * @return array */ protected function toView() { /* @global CUser $USER */ global $USER; if (!CModule::includeModule('security')) { return array('MESSAGE' => Loc::getMessage('SECURITY_AUTH_OTP_MANDATORY_MODULE_ERROR')); } if (!Otp::isOtpRequiredByMandatory()) { return array('MESSAGE' => Loc::getMessage('SECURITY_AUTH_OTP_MANDATORY_NOT_REQUIRED')); } if ($USER->IsAuthorized()) { return array('MESSAGE' => Loc::getMessage('SECURITY_AUTH_OTP_MANDATORY_AUTH_ERROR')); } $deferredParams = Otp::getDeferredParams(); if (!$deferredParams['USER_ID']) { return array('MESSAGE' => Loc::getMessage('SECURITY_AUTH_OTP_MANDATORY_UNKNOWN_ERROR')); } $result = array(); $otp = Otp::getByUser($deferredParams['USER_ID']); $otp->regenerate(); $result['SECRET'] = $otp->getHexSecret(); $result['TYPE'] = $otp->getType(); $result['APP_SECRET'] = $otp->getAppSecret(); $result['APP_SECRET_SPACED'] = chunk_split($result['APP_SECRET'], 4, ' '); $result['PROVISION_URI'] = $otp->getProvisioningUri(); $result['SUCCESSFUL_URL'] = $this->arParams['SUCCESSFUL_URL']; $result['TWO_CODE_REQUIRED'] = $otp->getAlgorithm()->isTwoCodeRequired(); $result['OTP'] = $otp; return $result; }
public function LoginByOtp($otp, $remember_otp = "N", $captcha_word = "", $captcha_sid = "") { if (!CModule::IncludeModule("security") || !\Bitrix\Security\Mfa\Otp::isOtpRequired()) { return array("MESSAGE" => GetMessage("USER_LOGIN_OTP_ERROR") . "<br>", "TYPE" => "ERROR"); } $userParams = \Bitrix\Security\Mfa\Otp::getDeferredParams(); $userParams["OTP"] = $otp; $userParams["OTP_REMEMBER"] = $remember_otp === "Y"; $userParams["CAPTCHA_WORD"] = $captcha_word; $userParams["CAPTCHA_SID"] = $captcha_sid; if (!\Bitrix\Security\Mfa\Otp::verifyUser($userParams)) { return array("MESSAGE" => GetMessage("USER_LOGIN_OTP_INCORRECT") . "<br>", "TYPE" => "ERROR"); } $this->Authorize($userParams["USER_ID"], $userParams["REMEMBER"] == "Y"); return true; }