app = $app; if($intern) return; $app->ActionHandlerInit($this); $app->ActionHandler('generate', 'TOTPGenerateSecretJSON'); $app->ActionHandler('enable', 'TOTPEnable'); $app->ActionHandler('disable', 'TOTPDisable'); $app->ActionHandlerListen($app); } public function Install() { $tableName = 'user_totp'; $this->app->erp->CheckTable($tableName); $this->app->erp->CheckColumn('id', 'UNSIGNED INT', $tableName, 'NOT NULL AUTO_INCREMENT'); $this->app->erp->CheckColumn('user_id', 'INT', $tableName, 'UNSIGNED NOT NULL'); $this->app->erp->CheckColumn('active', 'TINYINT(1)', $tableName, 'UNSIGNED DEFAULT 0'); $this->app->erp->CheckColumn('secret', 'VARCHAR(100)', $tableName, 'NOT NULL'); $this->app->erp->CheckColumn('created_at', 'TIMESTAMP', $tableName, 'DEFAULT NOW()'); $this->app->erp->CheckColumn('modified_at', 'TIMESTAMP', $tableName); $this->app->erp->CheckIndex($tableName, 'user_id', true); $this->app->erp->RegisterHook('login_password_check_otp', 'totp', 'TOTPCheckLogin', 1, false, null, 3); } function TOTPDisable(){ $action = $this->app->Secure->GetPOST('action'); if($action !== 'disable'){ return new JsonResponse(['status' => 'error', 'msg' => 'muss POST sein'], 400); } /** @var TOTPLoginService $totpLoginService */ $totpLoginService = $this->app->Container->get('TOTPLoginService'); $userId = $this->app->User->GetID(); $totpLoginService->disableTotp($userId); return new JsonResponse(['status' => 'success']); } function TOTPEnable(){ $secret = $this->app->Secure->GetPOST('secret'); if(empty($secret)){ return new JsonResponse(['status' => 'error', 'msg' => 'Secret Empty'], 400); } /** @var TOTPLoginService $totpLoginService */ $totpLoginService = $this->app->Container->get('TOTPLoginService'); $userId = $this->app->User->GetID(); $totpLoginService->enableTotp($userId); $totpLoginService->setUserSecret($userId, $secret); return new JsonResponse(['status' => 'success']); } /** * @param $userID * @param $token * @param $passwordValid * * @throws Exception */ public function TOTPCheckLogin($userID, $token, &$passwordValid) { /** @var TOTPLoginService $totpLoginService */ $totpLoginService = $this->app->Container->get('TOTPLoginService'); if(!$totpLoginService->isTOTPEnabled($userID)){ return; } $passwordValid = $totpLoginService->isTokenValid($userID, $token); } public function TOTPGenerateSecretJSON(){ /** @var TOTPLoginService $totpLoginService */ $totpLoginService = $this->app->Container->get('TOTPLoginService'); /** @var \Xentral\Components\Token\TOTPTokenManager $tokenManager */ $tokenManager = $this->app->Container->get('TOTPTokenManager'); $secret = $tokenManager->generateBase32Secret(); $label = 'OpenXE' . ':' . $this->app->User->Getname(); $qr = $totpLoginService->generatePairingQrCode($this->app->User->GetID(), $label, $secret); return new JsonResponse( [ 'secret' => $secret, 'qr' => $qr->toHtml(4, 4) ] ); } }