public function AuthorizeWithOtp($user_id)
{
$doAuthorize = true;
if (CModule::IncludeModule("security")) {
/*
MFA can allow or disallow authorization.
Allowed only if:
- OTP is not active for the user;
When authorization is disallowed the OTP form will be shown on the next hit.
*/
$doAuthorize = \Bitrix\Security\Mfa\Otp::verifyUser(array("USER_ID" => $user_id));
}
if ($doAuthorize) {
return $this->Authorize($user_id);
}
return false;
}
if ($arParams['OTP']) {
$altPassword = substr($oRequest->arParameters['password'], 0, -6);
}
if ($err) {
$oResponse->status = "445 Event Error.";
$oResponse->text = $err;
$arControllerLog['STATUS'] = 'N';
$arControllerLog['DESCRIPTION'] = $oResponse->text;
$a = CControllerLog::Add($arControllerLog);
} elseif ($arUser['ACTIVE'] == 'Y' && ($user_id > 0 || md5($db_password . 'MySalt') == md5(md5($salt . $oRequest->arParameters['password']) . 'MySalt') || $altPassword && md5($db_password . 'MySalt') == md5(md5($salt . $altPassword) . 'MySalt'))) {
$arSaveUser = CControllerClient::PrepareUserInfo($arUser);
$arSaveUser["GROUP_ID"] = array();
$arUserGroups = CUser::GetUserGroup($arUser['ID']);
$MOD_RIGHT = $APPLICATION->GetGroupRight("controller", $arUserGroups);
$arParams['USER_ID'] = $arUser['ID'];
if (CModule::IncludeModule('security') && !\Bitrix\Security\Mfa\Otp::verifyUser($arParams)) {
$oResponse->status = "443 Bad password.";
$oResponse->text = GetMessage("CTRLR_WS_ERR_BAD_PASSW");
break;
} elseif ($MOD_RIGHT >= "V") {
$arSaveUser['CONTROLLER_ADMIN'] = 'Y';
$arSaveUser["GROUP_ID"][] = "administrators";
} elseif (COption::GetOptionString("controller", "auth_loc_enabled", "N") != "Y") {
$oResponse->status = "423 Remoute Authorization Disabled.";
$oResponse->text = "Remote authorization disabled on controller.";
break;
}
$arLocGroups = unserialize(COption::GetOptionString("controller", "auth_loc", serialize(array())));
foreach ($arLocGroups as $arTGroup) {
foreach ($arUserGroups as $group_id) {
if ($arTGroup["LOC"] == $group_id) {
