/** * @param $auth */ public static function initAuthenticationFromCookie(\Piwik\Auth $auth, $activateCookieAuth) { if (self::isModuleIsAPI() && !$activateCookieAuth) { return; } $authCookieName = Config::getInstance()->General['login_cookie_name']; $authCookieExpiry = 0; $authCookiePath = Config::getInstance()->General['login_cookie_path']; $authCookie = new Cookie($authCookieName, $authCookieExpiry, $authCookiePath); $defaultLogin = '******'; $defaultTokenAuth = 'anonymous'; if ($authCookie->isCookieFound()) { $defaultLogin = $authCookie->get('login'); $defaultTokenAuth = $authCookie->get('token_auth'); } $auth->setLogin($defaultLogin); $auth->setTokenAuth($defaultTokenAuth); $storage = new Storage($defaultLogin); if (!$storage->isActive()) { return; } $secret = $storage->getSecret(); $cookieSecret = $authCookie->get('auth_code'); if ($cookieSecret == SessionInitializer::getHashTokenAuth($defaultLogin, $secret)) { $googleAuth = new PHPGangsta\GoogleAuthenticator(); $auth->setAuthCode($googleAuth->getCode($secret)); $auth->validateAuthCode(); } }
/** * Executed when the session was successfully authenticated. * * @param AuthResult $authResult The successful authentication result. * @param bool $rememberMe Whether the authenticated session should be remembered after * the browser is closed or not. */ protected function processSuccessfulSession(AuthResult $authResult, $rememberMe) { $storage = new Storage($authResult->getIdentity()); /** * @deprecated Create a custom SessionInitializer instead. */ Piwik::postEvent('Login.authenticate.successful', array($authResult->getIdentity(), $authResult->getTokenAuth())); $cookie = $this->getAuthCookie($rememberMe); $cookie->set('login', $authResult->getIdentity()); $cookie->set('token_auth', $this->getHashTokenAuth($authResult->getIdentity(), $authResult->getTokenAuth())); if ($storage->isActive()) { $cookie->set('auth_code', $this->getHashTokenAuth($authResult->getIdentity(), $storage->getSecret())); } $cookie->setSecure(ProxyHttp::isHttps()); $cookie->setHttpOnly(true); $cookie->save(); }
/** * Action to generate a new Google Authenticator secret for the current user * * @return string * @throws \Exception * @throws \Piwik\NoAccessException */ public function regenerate() { Piwik::checkUserIsNotAnonymous(); $view = new View('@GoogleAuthenticator/regenerate'); $this->setGeneralVariablesView($view); $googleAuth = new PHPGangsta\GoogleAuthenticator(); $storage = new Storage(Piwik::getCurrentUserLogin()); $secret = Common::getRequestVar('gasecret', '', 'string'); $authCode = Common::getRequestVar('gaauthcode', '', 'string'); $authCodeNonce = Common::getRequestVar('authCodeNonce', '', 'string'); $title = Common::getRequestVar('gatitle', $storage->getTitle(), 'string'); $description = Common::getRequestVar('gadescription', $storage->getDescription(), 'string'); if (!empty($secret) && !empty($authCode) && Nonce::verifyNonce(self::AUTH_CODE_NONCE, $authCodeNonce) && $googleAuth->verifyCode($secret, $authCode, 2)) { $storage->setSecret($secret); $storage->setDescription($description); $storage->setTitle($title); $this->auth->setAuthCode($authCode); $this->auth->validateAuthCode(); Url::redirectToUrl(Url::getCurrentUrlWithoutQueryString() . Url::getCurrentQueryStringWithParametersModified(array('action' => 'settings', 'activate' => '1'))); } if (empty($secret)) { $secret = $googleAuth->createSecret(32); } $view->title = $title; $view->description = $description; $view->authCodeNonce = Nonce::getNonce(self::AUTH_CODE_NONCE); $view->newSecret = $secret; $view->googleAuthImage = $googleAuth->getQRCodeGoogleUrl($description, $secret, $title); return $view->render(); }
/** * Authenticates user * * @return AuthResult */ public function authenticate() { $authResult = parent::authenticate(); // if authentication was correct, check if an auth code is required if ($authResult->wasAuthenticationSuccessful()) { $this->setLogin($authResult->getIdentity()); $storage = new Storage($authResult->getIdentity()); $this->validateAuthCode(); // if Google Authenticator is disabled, or user already validated with auth code if (!$storage->isActive() || $this->getValidatedWithAuthCode()) { return $authResult; } $authResult = new AuthResult(self::AUTH_CODE_REQUIRED, $this->login, $this->token_auth); } return $authResult; }
private function enableGoogleAuthenticator($login, $secret) { $storage = new Storage($login); $storage->activate(); $storage->setSecret($secret); }