/** * Action to generate a new Google Authenticator secret for the current user * * @return string * @throws \Exception * @throws \Piwik\NoAccessException */ public function regenerate() { Piwik::checkUserIsNotAnonymous(); $view = new View('@GoogleAuthenticator/regenerate'); $this->setGeneralVariablesView($view); $googleAuth = new PHPGangsta\GoogleAuthenticator(); $storage = new Storage(Piwik::getCurrentUserLogin()); $secret = Common::getRequestVar('gasecret', '', 'string'); $authCode = Common::getRequestVar('gaauthcode', '', 'string'); $authCodeNonce = Common::getRequestVar('authCodeNonce', '', 'string'); $title = Common::getRequestVar('gatitle', $storage->getTitle(), 'string'); $description = Common::getRequestVar('gadescription', $storage->getDescription(), 'string'); if (!empty($secret) && !empty($authCode) && Nonce::verifyNonce(self::AUTH_CODE_NONCE, $authCodeNonce) && $googleAuth->verifyCode($secret, $authCode, 2)) { $storage->setSecret($secret); $storage->setDescription($description); $storage->setTitle($title); $this->auth->setAuthCode($authCode); $this->auth->validateAuthCode(); Url::redirectToUrl(Url::getCurrentUrlWithoutQueryString() . Url::getCurrentQueryStringWithParametersModified(array('action' => 'settings', 'activate' => '1'))); } if (empty($secret)) { $secret = $googleAuth->createSecret(32); } $view->title = $title; $view->description = $description; $view->authCodeNonce = Nonce::getNonce(self::AUTH_CODE_NONCE); $view->newSecret = $secret; $view->googleAuthImage = $googleAuth->getQRCodeGoogleUrl($description, $secret, $title); return $view->render(); }
/** * @param $auth */ public static function initAuthenticationFromCookie(\Piwik\Auth $auth, $activateCookieAuth) { if (self::isModuleIsAPI() && !$activateCookieAuth) { return; } $authCookieName = Config::getInstance()->General['login_cookie_name']; $authCookieExpiry = 0; $authCookiePath = Config::getInstance()->General['login_cookie_path']; $authCookie = new Cookie($authCookieName, $authCookieExpiry, $authCookiePath); $defaultLogin = '******'; $defaultTokenAuth = 'anonymous'; if ($authCookie->isCookieFound()) { $defaultLogin = $authCookie->get('login'); $defaultTokenAuth = $authCookie->get('token_auth'); } $auth->setLogin($defaultLogin); $auth->setTokenAuth($defaultTokenAuth); $storage = new Storage($defaultLogin); if (!$storage->isActive()) { return; } $secret = $storage->getSecret(); $cookieSecret = $authCookie->get('auth_code'); if ($cookieSecret == SessionInitializer::getHashTokenAuth($defaultLogin, $secret)) { $googleAuth = new PHPGangsta\GoogleAuthenticator(); $auth->setAuthCode($googleAuth->getCode($secret)); $auth->validateAuthCode(); } }
/** * Returns if the set auth code is valid and updates the validation status of the current session * @return bool */ public function validateAuthCode() { $storage = new Storage($this->getLogin()); $secret = $storage->getSecret(); $googleAuth = new PHPGangsta\GoogleAuthenticator(); if (!empty($secret) && $googleAuth->verifyCode($secret, $this->authCode, 2)) { $this->setValidatedWithAuthCode(true); return true; } return false; }
private function getValidAuthCode() { $ga = new GoogleAuthenticator(); return $ga->getCode($this->secret); }