/** * @return array */ protected function toView() { /* @global CUser $USER */ global $USER; if (!CModule::includeModule('security')) { return array('MESSAGE' => Loc::getMessage('SECURITY_AUTH_OTP_MANDATORY_MODULE_ERROR')); } if (!Otp::isOtpRequiredByMandatory()) { return array('MESSAGE' => Loc::getMessage('SECURITY_AUTH_OTP_MANDATORY_NOT_REQUIRED')); } if ($USER->IsAuthorized()) { return array('MESSAGE' => Loc::getMessage('SECURITY_AUTH_OTP_MANDATORY_AUTH_ERROR')); } $deferredParams = Otp::getDeferredParams(); if (!$deferredParams['USER_ID']) { return array('MESSAGE' => Loc::getMessage('SECURITY_AUTH_OTP_MANDATORY_UNKNOWN_ERROR')); } $result = array(); $otp = Otp::getByUser($deferredParams['USER_ID']); $otp->regenerate(); $result['SECRET'] = $otp->getHexSecret(); $result['TYPE'] = $otp->getType(); $result['APP_SECRET'] = $otp->getAppSecret(); $result['APP_SECRET_SPACED'] = chunk_split($result['APP_SECRET'], 4, ' '); $result['PROVISION_URI'] = $otp->getProvisioningUri(); $result['SUCCESSFUL_URL'] = $this->arParams['SUCCESSFUL_URL']; $result['TWO_CODE_REQUIRED'] = $otp->getAlgorithm()->isTwoCodeRequired(); $result['OTP'] = $otp; return $result; }
$arResult["AUTH_FORGOT_PASSWORD_URL"] = $arParams["FORGOT_PASSWORD_URL"] . (strpos($arParams["FORGOT_PASSWORD_URL"], "?") !== false ? "&" : "?") . "forgot_password=yes&backurl=" . $url; $arResult["AUTH_LOGIN_URL"] = $APPLICATION->GetCurPageParam("login_form=yes", $arParamsToDelete); $arRes = array(); foreach ($arResult as $key => $value) { $arRes[$key] = htmlspecialcharsbx($value); $arRes['~' . $key] = $value; } $arResult = $arRes; if (CModule::IncludeModule("security") && Mfa\Otp::isOtpRequired() && $_REQUEST["login_form"] != "yes") { $arResult["FORM_TYPE"] = "otp"; $arResult["REMEMBER_OTP"] = COption::GetOptionString('security', 'otp_allow_remember') === 'Y'; $arResult["CAPTCHA_CODE"] = false; if (Mfa\Otp::isCaptchaRequired()) { $arResult["CAPTCHA_CODE"] = $APPLICATION->CaptchaGetCode(); } if (Mfa\Otp::isOtpRequiredByMandatory()) { $arResult['ERROR_MESSAGE'] = array("MESSAGE" => GetMessage("system_auth_form_otp_required"), "TYPE" => "ERROR"); } } else { $arResult["FORM_TYPE"] = "login"; $arVarExcl = array("USER_LOGIN" => 1, "USER_PASSWORD" => 1, "backurl" => 1, "auth_service_id" => 1); $arResult["GET"] = array(); $arResult["POST"] = array(); foreach ($_POST as $vname => $vvalue) { if (!array_key_exists($vname, $arVarExcl)) { if (!is_array($vvalue)) { $arResult["POST"][htmlspecialcharsbx($vname)] = htmlspecialcharsbx($vvalue); } else { foreach ($vvalue as $k1 => $v1) { if (is_array($v1)) { foreach ($v1 as $k2 => $v2) {
define('NOT_CHECK_PERMISSIONS', true); require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/include/prolog_before.php"; use Bitrix\Main\Web\Json; use Bitrix\Security\Mfa\Otp; use Bitrix\Main\Localization\Loc; Loc::loadMessages(__FILE__); /** * @global CUser $USER * @global CMain $APPLICATION */ header('Content-Type: application/json', true); $request = Bitrix\Main\Context::getCurrent()->getRequest(); if (!CModule::includeModule('security')) { response(array('status' => 'error', 'error' => Loc::getMessage('SECURITY_AUTH_OTP_MANDATORY_MODULE_ERROR'))); } if (!Otp::isOtpRequiredByMandatory()) { response(array('status' => 'error', 'error' => Loc::getMessage('SECURITY_AUTH_OTP_MANDATORY_NOT_REQUIRED'))); } if ($USER->IsAuthorized()) { response(array('status' => 'error', 'error' => Loc::getMessage('SECURITY_AUTH_OTP_MANDATORY_AUTH_ERROR'))); } if (!check_bitrix_sessid()) { response(array('status' => 'error', 'error' => 'INVALID_SESSID')); } switch ($request->getPost('action')) { case 'check_activate': if ($request->getPost('secret') === null || $request->getPost('sync1') === null) { $result = array('status' => 'error', 'error' => 'NOT_ENOUGH_PARAMS'); } else { $fields = array('ACTIVE' => 'Y', 'SECRET' => $_POST['secret'], 'SYNC1' => $_POST['sync1'], 'SYNC2' => $_POST['sync2']); $result = checkAndActivate($fields);