Exemple #1
0
 public function twoFactor(array $envData)
 {
     $userId = self::getUserId($envData['common_name']);
     // use username field to specify OTP type, for now we only support 'totp'
     $otpType = $envData['username'];
     if ('totp' !== $otpType) {
         throw new TwoFactorException('invalid OTP type specified in username field');
     }
     $otpKey = $envData['password'];
     // validate the OTP key
     if (0 === preg_match('/^[0-9]{6}$/', $otpKey)) {
         throw new TwoFactorException('invalid OTP key format specified');
     }
     $dataDir = sprintf('%s/data/%s', $this->baseDir, $envData['INSTANCE_ID']);
     if (false === ($otpSecret = @file_get_contents(sprintf('%s/users/otp_secrets/%s', $dataDir, $userId)))) {
         throw new TwoFactorException('no OTP secret registered');
     }
     $otp = new Otp();
     if ($otp->checkTotp(Base32::decode($otpSecret), $otpKey)) {
         if (false === $this->otpLog->record($userId, $otpKey, time())) {
             throw new TwoFactorException('OTP replayed');
         }
     } else {
         throw new TwoFactorException('invalid OTP key');
     }
 }
Exemple #2
0
 *  License, or (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU Affero General Public License for more details.
 *
 *  You should have received a copy of the GNU Affero General Public License
 *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
require_once sprintf('%s/vendor/autoload.php', dirname(__DIR__));
use SURFnet\VPN\Server\OtpLog;
use SURFnet\VPN\Common\CliParser;
use SURFnet\VPN\Common\FileIO;
try {
    $p = new CliParser('Initialize the OTP key storage', ['instance' => ['the instance', true, true]]);
    $opt = $p->parse($argv);
    if ($opt->e('help')) {
        echo $p->help();
        exit(0);
    }
    $vpnDataDir = sprintf('%s/openvpn-data/%s', dirname(__DIR__), $opt->v('instance'));
    // create VPN directory if it does not yet exist
    FileIO::createDir($vpnDataDir, 0711);
    $db = new PDO(sprintf('sqlite://%s/otp.sqlite', $vpnDataDir));
    $otpLog = new OtpLog($db);
    $otpLog->init();
} catch (Exception $e) {
    echo sprintf('ERROR: %s', $e->getMessage()) . PHP_EOL;
    exit(1);
}
 *  it under the terms of the GNU Affero General Public License as
 *  published by the Free Software Foundation, either version 3 of the
 *  License, or (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU Affero General Public License for more details.
 *
 *  You should have received a copy of the GNU Affero General Public License
 *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
require_once sprintf('%s/vendor/autoload.php', dirname(__DIR__));
use SURFnet\VPN\Server\OtpLog;
use SURFnet\VPN\Common\CliParser;
try {
    $p = new CliParser('Peform cleaning up of expired OTP keys', ['instance' => ['the instance', true, true]]);
    $opt = $p->parse($argv);
    if ($opt->e('help')) {
        echo $p->help();
        exit(0);
    }
    $vpnDataDir = sprintf('%s/openvpn-data/%s', dirname(__DIR__), $opt->v('instance'));
    $db = new PDO(sprintf('sqlite://%s/otp.sqlite', $vpnDataDir));
    $otpLog = new OtpLog($db);
    // remove all OTP key entries that are older than 5 minutes
    $otpLog->housekeeping(strtotime('now -5 minutes'));
} catch (Exception $e) {
    echo sprintf('ERROR: %s', $e->getMessage()) . PHP_EOL;
    exit(1);
}
 public function setUp()
 {
     $db = new PDO('sqlite::memory:');
     $this->otpLog = new OtpLog($db);
     $this->otpLog->init();
 }