/** * @param $auth */ public static function initAuthenticationFromCookie(\Piwik\Auth $auth, $activateCookieAuth) { if (self::isModuleIsAPI() && !$activateCookieAuth) { return; } $authCookieName = Config::getInstance()->General['login_cookie_name']; $authCookieExpiry = 0; $authCookiePath = Config::getInstance()->General['login_cookie_path']; $authCookie = new Cookie($authCookieName, $authCookieExpiry, $authCookiePath); $defaultLogin = '******'; $defaultTokenAuth = 'anonymous'; if ($authCookie->isCookieFound()) { $defaultLogin = $authCookie->get('login'); $defaultTokenAuth = $authCookie->get('token_auth'); } $auth->setLogin($defaultLogin); $auth->setTokenAuth($defaultTokenAuth); $storage = new Storage($defaultLogin); if (!$storage->isActive()) { return; } $secret = $storage->getSecret(); $cookieSecret = $authCookie->get('auth_code'); if ($cookieSecret == SessionInitializer::getHashTokenAuth($defaultLogin, $secret)) { $googleAuth = new PHPGangsta\GoogleAuthenticator(); $auth->setAuthCode($googleAuth->getCode($secret)); $auth->validateAuthCode(); } }
/** * Executed when the session was successfully authenticated. * * @param AuthResult $authResult The successful authentication result. * @param bool $rememberMe Whether the authenticated session should be remembered after * the browser is closed or not. */ protected function processSuccessfulSession(AuthResult $authResult, $rememberMe) { $storage = new Storage($authResult->getIdentity()); /** * @deprecated Create a custom SessionInitializer instead. */ Piwik::postEvent('Login.authenticate.successful', array($authResult->getIdentity(), $authResult->getTokenAuth())); $cookie = $this->getAuthCookie($rememberMe); $cookie->set('login', $authResult->getIdentity()); $cookie->set('token_auth', $this->getHashTokenAuth($authResult->getIdentity(), $authResult->getTokenAuth())); if ($storage->isActive()) { $cookie->set('auth_code', $this->getHashTokenAuth($authResult->getIdentity(), $storage->getSecret())); } $cookie->setSecure(ProxyHttp::isHttps()); $cookie->setHttpOnly(true); $cookie->save(); }
/** * Settings page for the user - allow activating / disabling Google Authenticator and to generate secrets * * @return string * @throws \Exception * @throws \Piwik\NoAccessException */ public function settings() { Piwik::checkUserIsNotAnonymous(); $view = new View('@GoogleAuthenticator/settings'); $this->setGeneralVariablesView($view); $googleAuth = new PHPGangsta\GoogleAuthenticator(); $storage = new Storage(Piwik::getCurrentUserLogin()); $view->activated = $view->disabled = false; if (Common::getRequestVar('activate', 0, 'int')) { $storage->activate(); $view->activated = true; } if (Common::getRequestVar('disable', 0, 'int')) { $storage->deactivate(); $view->disabled = true; } $secret = $storage->getSecret(); $view->showSetUp = Common::getRequestVar('setup', 0, 'int'); $view->googleAuthIsActive = $storage->isActive(); $view->googleAuthSecret = $secret; $view->googleAuthImage = $googleAuth->getQRCodeGoogleUrl(Piwik::getCurrentUserLogin(), $secret, 'Piwik - ' . Url::getCurrentHost()); return $view->render(); }
/** * Authenticates user * * @return AuthResult */ public function authenticate() { $authResult = parent::authenticate(); // if authentication was correct, check if an auth code is required if ($authResult->wasAuthenticationSuccessful()) { $this->setLogin($authResult->getIdentity()); $storage = new Storage($authResult->getIdentity()); $this->validateAuthCode(); // if Google Authenticator is disabled, or user already validated with auth code if (!$storage->isActive() || $this->getValidatedWithAuthCode()) { return $authResult; } $authResult = new AuthResult(self::AUTH_CODE_REQUIRED, $this->login, $this->token_auth); } return $authResult; }