|
|
|
|
<?php
|
|
|
|
|
/**
|
|
|
|
|
* CodeIgniter-Aauth
|
|
|
|
|
*
|
|
|
|
|
* Aauth is a User Authorization Library for CodeIgniter 4.x, which aims to make
|
|
|
|
|
* easy some essential jobs such as login, permissions and access operations.
|
|
|
|
|
* Despite ease of use, it has also very advanced features like grouping,
|
|
|
|
|
* access management, public access etc..
|
|
|
|
|
*
|
|
|
|
|
* @package CodeIgniter-Aauth
|
|
|
|
|
* @since 3.0.0
|
|
|
|
|
* @author Emre Akay
|
|
|
|
|
* @author Raphael "REJack" Jackstadt
|
|
|
|
|
* @copyright 2014-2019 Emre Akay
|
|
|
|
|
* @license https://opensource.org/licenses/MIT MIT License
|
|
|
|
|
* @link https://github.com/emreakay/CodeIgniter-Aauth
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
namespace App\Libraries\Aauth;
|
|
|
|
|
|
|
|
|
|
use \App\Models\Aauth\UserVariableModel;
|
|
|
|
|
|
|
|
|
|
use OTPHP\TOTP as OTPHP_TOTP;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Aauth TOTP
|
|
|
|
|
*
|
|
|
|
|
* Class for handling 2-factor authentication
|
|
|
|
|
*
|
|
|
|
|
* @package CodeIgniter-Aauth
|
|
|
|
|
*/
|
|
|
|
|
class TOTP extends \App\Libraries\Aauth
|
|
|
|
|
{
|
|
|
|
|
/**
|
|
|
|
|
* Update User TOTP Secret
|
|
|
|
|
*
|
|
|
|
|
* @param integer $userId User Id
|
|
|
|
|
* @param string $secret Secret Key
|
|
|
|
|
*
|
|
|
|
|
* @return boolean
|
|
|
|
|
*/
|
|
|
|
|
public function updateUserTotpSecret(int $userId = null, string $secret)
|
|
|
|
|
{
|
|
|
|
|
if (! $userId)
|
|
|
|
|
{
|
|
|
|
|
$userId = (int) @$this->session->user['id'];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$userVariableModel = new UserVariableModel();
|
|
|
|
|
|
|
|
|
|
return $userVariableModel->save($userId, 'totp_secret', $secret, true);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Generate Unique TOTP Secret
|
|
|
|
|
*
|
|
|
|
|
* @return string
|
|
|
|
|
*/
|
|
|
|
|
public function generateUniqueTotpSecret()
|
|
|
|
|
{
|
|
|
|
|
$endSecret = false;
|
|
|
|
|
|
|
|
|
|
$userVariableModel = new UserVariableModel();
|
|
|
|
|
|
|
|
|
|
while (! $endSecret)
|
|
|
|
|
{
|
|
|
|
|
$secret = OTPHP_TOTP::create();
|
|
|
|
|
|
|
|
|
|
if ($secret->getSecret() !== $userVariableModel->where(['data_key' => 'totp_secret', 'data_value' => $secret->getSecret(), 'system' => 1])->getFirstRow('array'))
|
|
|
|
|
{
|
|
|
|
|
$endSecret = $secret->getSecret();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $endSecret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Generate TOTP QR Code
|
|
|
|
|
*
|
|
|
|
|
* Generate TOTP QR Code URI by Secret
|
|
|
|
|
*
|
|
|
|
|
* @param string $secret Secret Key
|
|
|
|
|
*
|
|
|
|
|
* @return string
|
|
|
|
|
*/
|
|
|
|
|
public function generateTotpQrCode(string $secret, string $label = '')
|
|
|
|
|
{
|
|
|
|
|
$totp = OTPHP_TOTP::create($secret);
|
|
|
|
|
$totp->setLabel($label);
|
|
|
|
|
|
|
|
|
|
return $totp->getQrCodeUri();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Verify user TOTP Code
|
|
|
|
|
*
|
|
|
|
|
* @param integer $totpCode TOTP Code
|
|
|
|
|
* @param integer $userId User Id
|
|
|
|
|
*
|
|
|
|
|
* @return boolean
|
|
|
|
|
*/
|
|
|
|
|
public function verifyUserTotpCode(int $totpCode, int $userId = null)
|
|
|
|
|
{
|
|
|
|
|
if (! $userId)
|
|
|
|
|
{
|
|
|
|
|
$userId = (int) @$this->session->user['id'];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$userVariableModel = new UserVariableModel();
|
|
|
|
|
|
|
|
|
|
if ($totpSecret = $userVariableModel->find($userId, 'totp_secret', true))
|
|
|
|
|
{
|
|
|
|
|
$totp = OTPHP_TOTP::create($totpSecret);
|
|
|
|
|
|
|
|
|
|
if ($totp->verify($totpCode))
|
|
|
|
|
{
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
unset($_SESSION['user']['totp_required']);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* IS TOTP Required
|
|
|
|
|
*
|
|
|
|
|
* Checks if User need TOTP verification.
|
|
|
|
|
*
|
|
|
|
|
* @return boolean
|
|
|
|
|
*/
|
|
|
|
|
public function isTotpRequired()
|
|
|
|
|
{
|
|
|
|
|
if (@$this->session->user['totp_required'])
|
|
|
|
|
{
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
