/**
* @return array
*/
protected function toView()
{
/* @global CUser $USER */
global $USER;
if (!CModule::includeModule('security')) {
return array('MESSAGE' => Loc::getMessage('SECURITY_AUTH_OTP_MANDATORY_MODULE_ERROR'));
}
if (!Otp::isOtpRequiredByMandatory()) {
return array('MESSAGE' => Loc::getMessage('SECURITY_AUTH_OTP_MANDATORY_NOT_REQUIRED'));
}
if ($USER->IsAuthorized()) {
return array('MESSAGE' => Loc::getMessage('SECURITY_AUTH_OTP_MANDATORY_AUTH_ERROR'));
}
$deferredParams = Otp::getDeferredParams();
if (!$deferredParams['USER_ID']) {
return array('MESSAGE' => Loc::getMessage('SECURITY_AUTH_OTP_MANDATORY_UNKNOWN_ERROR'));
}
$result = array();
$otp = Otp::getByUser($deferredParams['USER_ID']);
$otp->regenerate();
$result['SECRET'] = $otp->getHexSecret();
$result['TYPE'] = $otp->getType();
$result['APP_SECRET'] = $otp->getAppSecret();
$result['APP_SECRET_SPACED'] = chunk_split($result['APP_SECRET'], 4, ' ');
$result['PROVISION_URI'] = $otp->getProvisioningUri();
$result['SUCCESSFUL_URL'] = $this->arParams['SUCCESSFUL_URL'];
$result['TWO_CODE_REQUIRED'] = $otp->getAlgorithm()->isTwoCodeRequired();
$result['OTP'] = $otp;
return $result;
}
$arResult["AUTH_FORGOT_PASSWORD_URL"] = $arParams["FORGOT_PASSWORD_URL"] . (strpos($arParams["FORGOT_PASSWORD_URL"], "?") !== false ? "&" : "?") . "forgot_password=yes&backurl=" . $url;
$arResult["AUTH_LOGIN_URL"] = $APPLICATION->GetCurPageParam("login_form=yes", $arParamsToDelete);
$arRes = array();
foreach ($arResult as $key => $value) {
$arRes[$key] = htmlspecialcharsbx($value);
$arRes['~' . $key] = $value;
}
$arResult = $arRes;
if (CModule::IncludeModule("security") && Mfa\Otp::isOtpRequired() && $_REQUEST["login_form"] != "yes") {
$arResult["FORM_TYPE"] = "otp";
$arResult["REMEMBER_OTP"] = COption::GetOptionString('security', 'otp_allow_remember') === 'Y';
$arResult["CAPTCHA_CODE"] = false;
if (Mfa\Otp::isCaptchaRequired()) {
$arResult["CAPTCHA_CODE"] = $APPLICATION->CaptchaGetCode();
}
if (Mfa\Otp::isOtpRequiredByMandatory()) {
$arResult['ERROR_MESSAGE'] = array("MESSAGE" => GetMessage("system_auth_form_otp_required"), "TYPE" => "ERROR");
}
} else {
$arResult["FORM_TYPE"] = "login";
$arVarExcl = array("USER_LOGIN" => 1, "USER_PASSWORD" => 1, "backurl" => 1, "auth_service_id" => 1);
$arResult["GET"] = array();
$arResult["POST"] = array();
foreach ($_POST as $vname => $vvalue) {
if (!array_key_exists($vname, $arVarExcl)) {
if (!is_array($vvalue)) {
$arResult["POST"][htmlspecialcharsbx($vname)] = htmlspecialcharsbx($vvalue);
} else {
foreach ($vvalue as $k1 => $v1) {
if (is_array($v1)) {
foreach ($v1 as $k2 => $v2) {
define('NOT_CHECK_PERMISSIONS', true);
require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/include/prolog_before.php";
use Bitrix\Main\Web\Json;
use Bitrix\Security\Mfa\Otp;
use Bitrix\Main\Localization\Loc;
Loc::loadMessages(__FILE__);
/**
* @global CUser $USER
* @global CMain $APPLICATION
*/
header('Content-Type: application/json', true);
$request = Bitrix\Main\Context::getCurrent()->getRequest();
if (!CModule::includeModule('security')) {
response(array('status' => 'error', 'error' => Loc::getMessage('SECURITY_AUTH_OTP_MANDATORY_MODULE_ERROR')));
}
if (!Otp::isOtpRequiredByMandatory()) {
response(array('status' => 'error', 'error' => Loc::getMessage('SECURITY_AUTH_OTP_MANDATORY_NOT_REQUIRED')));
}
if ($USER->IsAuthorized()) {
response(array('status' => 'error', 'error' => Loc::getMessage('SECURITY_AUTH_OTP_MANDATORY_AUTH_ERROR')));
}
if (!check_bitrix_sessid()) {
response(array('status' => 'error', 'error' => 'INVALID_SESSID'));
}
switch ($request->getPost('action')) {
case 'check_activate':
if ($request->getPost('secret') === null || $request->getPost('sync1') === null) {
$result = array('status' => 'error', 'error' => 'NOT_ENOUGH_PARAMS');
} else {
$fields = array('ACTIVE' => 'Y', 'SECRET' => $_POST['secret'], 'SYNC1' => $_POST['sync1'], 'SYNC2' => $_POST['sync2']);
$result = checkAndActivate($fields);
