public function xSettingsEnable2FaGglAction()
{
if ($this->getParam('qr') && $this->getParam('code')) {
if (Scalr_Util_Google2FA::verifyKey($this->getParam('qr'), $this->getParam('code'))) {
$this->user->setSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL, 1);
$this->user->setSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL_KEY, $this->getCrypto()->encrypt($this->getParam('qr'), $this->cryptoKey));
$this->response->success();
} else {
$this->response->failure('Code is invalid. Please try again.');
}
} else {
$this->response->failure();
}
}
/**
* @param string $scalrLogin
* @param RawData $scalrPass
* @param bool $scalrKeepSession
* @param int $accountId
* @param string $tfaGglCode
* @param bool $tfaGglReset
* @param string $scalrCaptcha
* @param string $scalrCaptchaChallenge
*/
public function xLoginAction($scalrLogin, RawData $scalrPass, $scalrKeepSession = false, $accountId = 0, $tfaGglCode = '', $tfaGglReset = false, $scalrCaptcha = '', $scalrCaptchaChallenge = '')
{
$user = $this->loginUserGet($scalrLogin, $scalrPass, $accountId, $scalrCaptcha, $scalrCaptchaChallenge);
// check for 2-factor auth
if (($user->getAccountId() && $user->getAccount()->isFeatureEnabled(Scalr_Limits::FEATURE_2FA) || !$user->getAccountId()) && $user->getSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL) == 1) {
if ($tfaGglCode) {
if ($tfaGglReset) {
$resetCode = $user->getSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL_RESET_CODE);
if ($resetCode != Scalr_Util_CryptoTool::hash($tfaGglCode)) {
$this->response->data(array('errors' => array('tfaGglCode' => 'Invalid reset code')));
$this->response->failure();
return;
} else {
$user->setSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL, '');
$user->setSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL_KEY, '');
$user->setSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL_RESET_CODE, '');
$this->response->success('Two-factor authentication has been disabled.');
}
} else {
$key = $this->getCrypto()->decrypt($user->getSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL_KEY));
if (!Scalr_Util_Google2FA::verifyKey($key, $tfaGglCode)) {
$this->response->data(array('errors' => array('tfaGglCode' => 'Invalid code')));
$this->response->failure();
return;
}
}
} else {
$this->response->data(array('tfaGgl' => true));
$this->response->failure();
return;
}
}
$this->loginUserCreate($user, $scalrKeepSession);
}
/**
* @param $qr
* @param $code
* @throws Exception
*/
public function xSettingsEnable2FaGglAction($qr, $code)
{
if ($this->user->getSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL) == 1) {
throw new Exception('Two-factor authentication has been already enabled for this user');
}
if ($qr && $code) {
if (Scalr_Util_Google2FA::verifyKey($qr, $code)) {
$resetCode = Scalr_Util_CryptoTool::sault(12);
$this->user->setSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL, 1);
$this->user->setSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL_KEY, $this->getCrypto()->encrypt($qr));
$this->user->setSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL_RESET_CODE, Scalr_Util_CryptoTool::hash($resetCode));
$this->response->data(['resetCode' => $resetCode]);
} else {
$this->response->data(array('errors' => array('code' => 'Invalid code')));
$this->response->failure();
}
} else {
$this->response->failure('Invalid data');
}
}
public function xLoginTfaGglAction()
{
$user = $this->loginUserGet();
if (($user->getAccountId() && $user->getAccount()->isFeatureEnabled(Scalr_Limits::FEATURE_2FA) || !$user->getAccountId()) && $user->getSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL) == 1) {
$key = $this->getCrypto()->decrypt($user->getSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL_KEY), $this->cryptoKey);
if ($this->getParam('tfaCode') && Scalr_Util_Google2FA::verifyKey($key, $this->getParam('tfaCode'))) {
$this->loginUserCreate($user);
} else {
$this->response->failure('Invalid code');
}
} else {
$this->response->failure('Two-factor authentication not enabled for this user');
}
}
/**
* @param string $scalrLogin
* @param RawData $scalrPass
* @param bool $scalrKeepSession
* @param int $accountId
* @param string $tfaGglCode
* @param bool $tfaGglReset
* @param string $scalrCaptcha
* @param string $scalrCaptchaChallenge
*/
public function xLoginAction($scalrLogin, RawData $scalrPass, $scalrKeepSession = false, $accountId = 0, $tfaGglCode = '', $tfaGglReset = false, $scalrCaptcha = '', $scalrCaptchaChallenge = '')
{
$user = $this->loginUserGet($scalrLogin, $scalrPass, $accountId, $scalrCaptcha, $scalrCaptchaChallenge);
$msg = [];
// check for 2-factor auth
if ($user->getSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL) == 1) {
if ($tfaGglCode) {
if ($tfaGglReset) {
$resetCode = $user->getSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL_RESET_CODE);
if ($resetCode != CryptoTool::hash($tfaGglCode)) {
$this->response->data(["errors" => ["tfaGglCode" => "Invalid reset code"]]);
$this->auditLog("user.auth.login", ['result' => 'error', 'error_message' => 'Invalid reset code']);
$this->response->failure();
return;
} else {
$user->setSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL, '');
$user->setSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL_KEY, '');
$user->setSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL_RESET_CODE, '');
$msg = ["info" => "Two-factor authentication has been disabled."];
$this->response->success($msg["info"]);
}
} else {
$key = $this->getCrypto()->decrypt($user->getSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL_KEY));
if (!Scalr_Util_Google2FA::verifyKey($key, $tfaGglCode)) {
$this->response->data(["errors" => ["tfaGglCode" => "Invalid code"]]);
$this->auditLog("user.auth.login", ['result' => 'error', 'error_message' => 'Invalid code']);
$this->response->failure();
return;
}
}
} else {
$this->response->data(["tfaGgl" => true]);
$this->response->failure();
return;
}
}
$this->loginUserCreate($user, $scalrKeepSession);
try {
$envId = $this->getEnvironmentId(true) ?: $user->getDefaultEnvironment()->id;
} catch (Exception $e) {
$envId = null;
}
$this->getContainer()->auditlogger->setEnvironmentId($envId)->setRuid(Scalr_Session::getInstance()->getRealUserId());
$this->auditLog("user.auth.login", $user);
}
public function xSettingsEnable2FaGglAction()
{
if ($this->getParam('qr') && $this->getParam('code')) {
if (Scalr_Util_Google2FA::verifyKey($this->getParam('qr'), $this->getParam('code'))) {
$this->user->setSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL, 1);
$this->user->setSetting(Scalr_Account_User::SETTING_SECURITY_2FA_GGL_KEY, $this->getCrypto()->encrypt($this->getParam('qr'), $this->cryptoKey));
$this->response->success('Two-factor authentication enabled');
} else {
$this->response->data(array('errors' => array('code' => 'Invalid code')));
$this->response->failure();
}
} else {
$this->response->failure('Invalid data');
}
}
