public function twoFactor(array $envData) { $userId = self::getUserId($envData['common_name']); // use username field to specify OTP type, for now we only support 'totp' $otpType = $envData['username']; if ('totp' !== $otpType) { throw new TwoFactorException('invalid OTP type specified in username field'); } $otpKey = $envData['password']; // validate the OTP key if (0 === preg_match('/^[0-9]{6}$/', $otpKey)) { throw new TwoFactorException('invalid OTP key format specified'); } $dataDir = sprintf('%s/data/%s', $this->baseDir, $envData['INSTANCE_ID']); if (false === ($otpSecret = @file_get_contents(sprintf('%s/users/otp_secrets/%s', $dataDir, $userId)))) { throw new TwoFactorException('no OTP secret registered'); } $otp = new Otp(); if ($otp->checkTotp(Base32::decode($otpSecret), $otpKey)) { if (false === $this->otpLog->record($userId, $otpKey, time())) { throw new TwoFactorException('OTP replayed'); } } else { throw new TwoFactorException('invalid OTP key'); } }
* License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ require_once sprintf('%s/vendor/autoload.php', dirname(__DIR__)); use SURFnet\VPN\Server\OtpLog; use SURFnet\VPN\Common\CliParser; use SURFnet\VPN\Common\FileIO; try { $p = new CliParser('Initialize the OTP key storage', ['instance' => ['the instance', true, true]]); $opt = $p->parse($argv); if ($opt->e('help')) { echo $p->help(); exit(0); } $vpnDataDir = sprintf('%s/openvpn-data/%s', dirname(__DIR__), $opt->v('instance')); // create VPN directory if it does not yet exist FileIO::createDir($vpnDataDir, 0711); $db = new PDO(sprintf('sqlite://%s/otp.sqlite', $vpnDataDir)); $otpLog = new OtpLog($db); $otpLog->init(); } catch (Exception $e) { echo sprintf('ERROR: %s', $e->getMessage()) . PHP_EOL; exit(1); }
* it under the terms of the GNU Affero General Public License as * published by the Free Software Foundation, either version 3 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ require_once sprintf('%s/vendor/autoload.php', dirname(__DIR__)); use SURFnet\VPN\Server\OtpLog; use SURFnet\VPN\Common\CliParser; try { $p = new CliParser('Peform cleaning up of expired OTP keys', ['instance' => ['the instance', true, true]]); $opt = $p->parse($argv); if ($opt->e('help')) { echo $p->help(); exit(0); } $vpnDataDir = sprintf('%s/openvpn-data/%s', dirname(__DIR__), $opt->v('instance')); $db = new PDO(sprintf('sqlite://%s/otp.sqlite', $vpnDataDir)); $otpLog = new OtpLog($db); // remove all OTP key entries that are older than 5 minutes $otpLog->housekeeping(strtotime('now -5 minutes')); } catch (Exception $e) { echo sprintf('ERROR: %s', $e->getMessage()) . PHP_EOL; exit(1); }
public function setUp() { $db = new PDO('sqlite::memory:'); $this->otpLog = new OtpLog($db); $this->otpLog->init(); }