/** * The form for user OTP device configuration submits to this action. * * @param userId The user id to check * @param useOtp If set, enable OTP device, otherwise delete OTP device record * @param algorithm The OTP algorithm to use (see constants.php) * @param secret The device key or secret to use * @param length The length of the client tokens */ public function usersubmitAction() { $this->disableLayout(); $this->disableView(); $userOtpSetting = $this->Setting->GetValueByName('userOtpControl', 'mfa'); $userOtpControl = $userOtpSetting === 'true'; if (!$userOtpControl && !$this->userSession->Dao->isAdmin()) { throw new Zend_Exception('Only administrators are allowed to manage OTP settings'); } $userId = $this->getParam('userId'); if (!isset($userId)) { throw new Zend_Exception('Must pass a userId parameter'); } $user = $this->User->load($userId); if (!$user) { throw new Zend_Exception('Invalid userId'); } $currentUser = $this->userSession->Dao; if (!$currentUser) { throw new Zend_Exception('Must be logged in'); } if ($currentUser->getKey() != $user->getKey() && !$currentUser->isAdmin()) { throw new Zend_Exception('Permission denied'); } $otpDevice = $this->Mfa_Otpdevice->getByUser($user); $useOtp = $this->getParam('useOtp'); if (!isset($useOtp)) { if ($otpDevice) { $this->Mfa_Otpdevice->delete($otpDevice); } echo JsonComponent::encode(array('status' => 'warning', 'message' => 'OTP Authentication disabled')); } else { if (!$otpDevice) { $otpDevice = new Mfa_OtpdeviceDao(); $otpDevice->setUserId($user->getKey()); $otpDevice->setCounter('0'); } $otpDevice->setAlgorithm($this->getParam('algorithm')); $otpDevice->setSecret($this->getParam('secret')); $otpDevice->setLength($this->getParam('length')); $this->Mfa_Otpdevice->save($otpDevice); echo JsonComponent::encode(array('status' => 'ok', 'message' => 'OTP Authentication enabled')); } }