public function twoFactor(array $envData)
{
$userId = self::getUserId($envData['common_name']);
// use username field to specify OTP type, for now we only support 'totp'
$otpType = $envData['username'];
if ('totp' !== $otpType) {
throw new TwoFactorException('invalid OTP type specified in username field');
}
$otpKey = $envData['password'];
// validate the OTP key
if (0 === preg_match('/^[0-9]{6}$/', $otpKey)) {
throw new TwoFactorException('invalid OTP key format specified');
}
$dataDir = sprintf('%s/data/%s', $this->baseDir, $envData['INSTANCE_ID']);
if (false === ($otpSecret = @file_get_contents(sprintf('%s/users/otp_secrets/%s', $dataDir, $userId)))) {
throw new TwoFactorException('no OTP secret registered');
}
$otp = new Otp();
if ($otp->checkTotp(Base32::decode($otpSecret), $otpKey)) {
if (false === $this->otpLog->record($userId, $otpKey, time())) {
throw new TwoFactorException('OTP replayed');
}
} else {
throw new TwoFactorException('invalid OTP key');
}
}
/**
* @expectedException \SURFnet\VPN\Server\Exception\TwoFactorException
* @expectedExceptionMessage OTP replayed
*/
public function testTwoFactorReplay()
{
$o = new Otp();
$otpKey = $o->totp(Base32::decode('QPXDFE7G7VNRR4BH'));
$c = new TwoFactor(__DIR__, $this->otpLog);
$c->twoFactor(['INSTANCE_ID' => 'vpn.example', 'POOL_ID' => 'internet', 'common_name' => 'foo_xyz', 'username' => 'totp', 'password' => $otpKey]);
// replay
$c->twoFactor(['INSTANCE_ID' => 'vpn.example', 'POOL_ID' => 'internet', 'common_name' => 'foo_xyz', 'username' => 'totp', 'password' => $otpKey]);
}
/**
* Ajout de $secret en DB et activation l'authentification à 2 facteurs
*/
public function totp_post(Request $request)
{
$otp = new Otp();
$secret = session()->get('secret');
$key = $request->get("code");
$user = $this->auth->user();
if ($otp->checkTotp(Base32::decode($secret), $key)) {
DB::table('users')->where('id', $user->id)->update(array('totp_key' => $secret));
Session::forget('code');
return redirect(url('profil'))->with('success', 'L\'authentification à 2 facteurs à bien été activer');
} else {
return redirect(url('profil/totp'))->with('error', 'Ce code ne correspond pas, veuillez recommencer l\'opération');
}
}
public function store()
{
$response = array();
$otp = new Otp();
$secret = Input::get('s');
$key = Input::get('txCodigo');
if ($otp->checkTotp(Base32::decode($secret), $key, 0)) {
DB::table('authusuarios')->where('usuarioid', Auth::user()->usuarioid)->update(['twostepsecret' => $secret]);
$response['result'] = true;
return json_encode($response);
} else {
$response['result'] = false;
return json_encode($response);
}
}
public function authenticate($username, $password, $htop_value)
{
if (isset($this->credentials[$username])) {
list($user_password, $user_htop_secret) = $this->credentials[$username];
if ($user_password === $password) {
$otp = new Otp();
if ($otp->checkTotp(Base32::decode($user_htop_secret), $htop_value)) {
$this->session->username = $username;
$this->session->valid_host = $_SERVER['HTTP_HOST'];
$this->session->authenticated = true;
return true;
}
}
}
return false;
}
/**
* Check 2FA
*
* @access public
*/
public function check()
{
$user = $this->getUser();
$this->checkCurrentUser($user);
$otp = new Otp();
$values = $this->request->getValues();
if (!empty($values['code']) && $otp->checkTotp(Base32::decode($user['twofactor_secret']), $values['code'])) {
$this->sessionStorage->postAuth['validated'] = true;
$this->flash->success(t('The two factor authentication code is valid.'));
$this->response->redirect($this->helper->url->to('app', 'index'));
} else {
$this->flash->failure(t('The two factor authentication code is not valid.'));
$this->response->redirect($this->helper->url->to('twofactor', 'code'));
}
}
/**
* Validates a TOTP request.
*
* @todo Prevent TOTP replay attack.
* @param string $key The TOTP token sent in.
* @param string $secret The TOTP secret.
* @return bool
*/
public function validateTOTP($key, $secret)
{
$otp = new Otp();
return $otp->checkTotp(Base32::decode($secret), $key);
}
public function totp(Request $request)
{
$user_id = session()->get('user_id');
$key = $request->get("code");
if (empty($user_id)) {
return redirect('/auth/login');
}
$otp = new Otp();
$user = User::where('id', $user_id)->first();
if ($key) {
if ($otp->checkTotp(Base32::decode($user->totp_key), $key)) {
$this->auth->login($user, $request->has('remember'));
return redirect()->intended($this->redirectPath());
} else {
return redirect(url('totp'))->with('error', 'Ce code ne correspond pas, veuillez recommencer l\'opération');
}
}
return view('auth.totp')->with('error', 'Ce compte à activer \'authentification à 2 facteurs');
}
/**
* @expectedException InvalidArgumentException
* @expectedExceptionMessage Counter must be integer
*/
public function testHotpInvalidCounter()
{
$this->Otp->hotp($this->secret, 'a');
}
/**
* Authenticate the user
*
* @access public
* @return boolean
*/
public function authenticate()
{
$otp = new Otp();
return $otp->checkTotp(Base32::decode($this->secret), $this->code);
}
use Otp\Otp;
use Otp\GoogleAuthenticator;
use Base32\Base32;
// Getting a secret, either by generating or from storage
// DON'T use sessions as storage for this in production!!!
$secret = 0;
if (isset($_SESSION['otpsecret'])) {
$secret = $_SESSION['otpsecret'];
}
if (strlen($secret) != 16) {
$secret = GoogleAuthenticator::generateRandom();
$_SESSION['otpsecret'] = $secret;
}
// The secret is now an easy stored Base32 string.
// To use it in totp though we need to decode it into the original
$otp = new Otp();
$currentTotp = $otp->totp(Base32::decode($secret));
$qrCode = GoogleAuthenticator::getQrCodeUrl('totp', 'otpsample@cr', $secret);
$keyUri = GoogleAuthenticator::getKeyUri('totp', 'otpsample@cr', $secret);
?>
<html>
<head>
<title>One Time Passwords Example</title>
</head>
<body>
<h1>One Time Passwords Example</h1>
Secret is <?php
echo $secret;
?>
$en_pass = $encrypt->encrypt();
$user_u = $DB->execute("UPDATE users SET password = :password WHERE iduser = :iduser", array("iduser" => $iduser, "password" => $en_pass));
if ($user_u == 1) {
$text = "Le mot de passe de l'utilisateur <strong>" . $username . "</strong> à été changer avec succès !";
$addNotif = $DB->execute("INSERT INTO notif(idnotif, iduser, type, notification, date_notification, vu) VALUES (NULL , :iduser, :type, :notification, :date_notification, :vu)", array("iduser" => $iduser, "type" => 2, "notification" => $user->prenom_user . " à modifier le mot de passe de sont Espace.", "date_notification" => $date_format->format_strt(date("d-m-Y H:i:s")), "vu" => 0));
$fonction->redirect("profil", "", "", "success", "edit-password", $text);
} else {
$fonction->redirect("error", "", "", "code", "USR4", "");
}
}
if (isset($_POST['action']) && $_POST['action'] == 'active_totp') {
session_start();
require "../application/classe.php";
$iduser = $user->iduser;
$username = $user->username;
$otp = new Otp();
if ($otp->checkTotp(Base32::decode($_SESSION['user']['totp_secret']), $_POST['code'])) {
$user_u = $DB->execute("UPDATE users SET totp = 1, totp_token = :totp_token WHERE iduser = :iduser", array("totp_token" => $_SESSION['user']['totp_secret'], "iduser" => $iduser));
$_SESSION['user']['totp_secret'] = "";
if ($user_u == 1) {
$text = "L'authentificateur 2 Facteur à été activé pour l'utilisateur <strong>" . $username . "</strong>.";
$addNotif = $DB->execute("INSERT INTO notif(idnotif, iduser, type, notification, date_notification, vu) VALUES (NULL , :iduser, :type, :notification, :date_notification, :vu)", array("iduser" => $iduser, "type" => 1, "notification" => $user->prenom_user . " à activé l'authentification à 2 facteur.", "date_notification" => $date_format->format_strt(date("d-m-Y H:i:s")), "vu" => 0));
$fonction->redirect("profil", "", "", "success", "active_totp", $text);
} else {
$fonction->redirect("error", "", "", "code", "USR5", "");
}
} else {
$fonction->redirect("profil", "", "", "error", "active_totp", "Ce code ne correspond pas !!!");
}
}
if (isset($_GET['action']) && $_GET['action'] == 'desactive_totp') {