commit 00aee6bc5e7c49af5dbede2d47ead1764aa60706
parent f279d23d88ff2ae05c24237c1f7a946dd5e0cec0
Author: Jan Dankert <devnull@localhost>
Date: Mon, 6 Nov 2017 22:13:48 +0100
TOTP-Url und -Token errechnen.
Diffstat:
1 file changed, 53 insertions(+), 4 deletions(-)
diff --git a/action/UserAction.class.php b/action/UserAction.class.php
@@ -175,12 +175,12 @@ class UserAction extends Action
}
// Kennwoerter identisch und lang genug
- $this->user->setPassword($pw1,!$this->hasRequestVar('timeout') ); // Kennwort setzen
+ $this->user->setPassword($newPassword,!$this->hasRequestVar('timeout') ); // Kennwort setzen
// E-Mail mit dem neuen Kennwort an Benutzer senden
if ( $this->hasRequestVar('email') && !empty($this->user->mail) && $conf['mail']['enabled'] )
{
- $this->mailPw( $pw1 );
+ $this->mailPw( $newPassword );
$this->addNotice('user',$this->user->name,'MAIL_SENT','ok');
}
@@ -205,12 +205,27 @@ class UserAction extends Action
/**
- * Eigenschaften des Benutzers anzeigen
+ * Eigenschaften des Benutzers ermitteln.
*/
function editView()
{
global $conf;
- $this->setTemplateVars( $this->user->getProperties() );
+
+ $issuer = urlencode(config('application','operator'));
+ $account = $this->user->name.'@'.$_SERVER['SERVER_NAME'];
+
+ $base32 = new Base2n(5, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567', FALSE, TRUE, TRUE);
+ $secret = $base32->encode(hex2bin($this->user->otpSecret));
+
+ $counter = $this->user->hotpCount;
+
+ $this->setTemplateVars(
+ $this->user->getProperties() +
+ array('totpSecretUrl' => "otpauth://totp/{$issuer}:{$account}?secret={$secret}&issuer={$issuer}",
+ 'hotpSecretUrl' => "otpauth://hotp/{$issuer}:{$account}?secret={$secret}&issuer={$issuer}&counter={$counter}"
+ )
+ + array('totpToken'=>$this->getCode())
+ );
$this->setTemplateVar( 'allstyles',$this->user->getAvailableStyles() );
@@ -226,7 +241,41 @@ class UserAction extends Action
}
+
+
+
+ /**
+ * Calculate the code, with given secret and point in time.
+ *
+ * @param string $secret
+ * @param int|null $timeSlice
+ *
+ * @return string
+ */
+ private function getCode()
+ {
+ $codeLength = 6;
+ $timeSlice = floor(time() / 30);
+ $secretkey = hex2bin($this->user->otpSecret);
+ // Pack time into binary string
+ $time = chr(0).chr(0).chr(0).chr(0).pack('N*', $timeSlice);
+ // Hash it with users secret key
+ $hm = hash_hmac('SHA1', $time, $secretkey, true);
+ // Use last nipple of result as index/offset
+ $offset = ord(substr($hm, -1)) & 0x0F;
+ // grab 4 bytes of the result
+ $hashpart = substr($hm, $offset, 4);
+ // Unpak binary value
+ $value = unpack('N', $hashpart);
+ $value = $value[1];
+ // Only 32 bits
+ $value = $value & 0x7FFFFFFF;
+ $modulo = pow(10, $codeLength);
+ return str_pad($value % $modulo, $codeLength, '0', STR_PAD_LEFT);
+ }
+
+
/**
* Eigenschaften des Benutzers anzeigen
*/
