Misterzym
/
CodeIgniter-Aauth
mirror of https://github.com/misterzym/CodeIgniter-Aauth.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

totp enhancements 

- added 2 config vars (`totp_two_step_login_active`, `totp_two_step_login_redirect`)
 - changed `login()` to set session data if totp is required and two_step_login is active and skip default
 - fixed `control()` to check if totp verification is required, if required then it redirects to `totp_two_step_login_redirect`
 - fixed `control()` to check if is_loggedin not with totp verification is required
 - changed `is_allowed()` to check if totp verification is required, if required then it redirects to `totp_two_step_login_redirect`
 - added 2 functions `verify_user_totp_code($totp_code, $user_id = FALSE)` & `is_totp_required()`

reference to #131 (tutorial follows)
develop
REJack 9 years ago
parent
bf0463310e
commit
37a731dbdb
2 changed files with 59 additions and 9 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      application/config/aauth.php
  2. 65
      application/libraries/Aauth.php

3
application/config/aauth.php
Unescape View File

@ -50,6 +50,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
| ['totp_active'] The Time-based One-time Password Algorithm
| ['totp_only_on_ip_change'] TOTP only on IP Change
| ['totp_reset_over_reset_password'] TOTP reset over reset Password
| ['totp_two_step_login'] enables TOTP two step login
|
| ['max_login_attempt'] Login attempts time interval (default 10 times in one hour)
| ['max_login_attempt_time_period'] Period of time for max login attempts (default "5 minutes")
@ -111,6 +112,8 @@ $config_aauth["default"] = array(
'totp_active' => false,
'totp_only_on_ip_change' => false,
'totp_reset_over_reset_password' => false,
'totp_two_step_login_active' => false,
'totp_two_step_login_redirect' => '/account/twofactor_verification/',
'max_login_attempt' => 10,
'max_login_attempt_time_period' => "5 minutes",

65
application/libraries/Aauth.php
Unescape View File

@ -233,7 +233,12 @@ class Aauth {
}
}
if($this->config_vars['totp_active'] == TRUE AND $this->config_vars['totp_only_on_ip_change'] == FALSE){
if($this->config_vars['totp_active'] == TRUE AND $this->config_vars['totp_only_on_ip_change'] == FALSE AND $this->config_vars['totp_two_step_login_active'] == FALSE){
if($this->config_vars['totp_two_step_login_active'] == TRUE){
$this->CI->session->set_userdata('totp_required', true);
}
$query = null;
$query = $this->aauth_db->where($db_identifier, $identifier);
$query = $this->aauth_db->get($this->config_vars['users']);
@ -260,10 +265,15 @@ class Aauth {
$totp_secret = $query->row()->totp_secret;
$ip_address = $query->row()->ip_address;
$current_ip_address = $this->CI->input->ip_address();
if ($query->num_rows() > 0 AND !$totp_code) {
if($ip_address != $current_ip_address ){
$this->error($this->CI->lang->line('aauth_error_totp_code_required'));
return FALSE;
if($this->config_vars['totp_two_step_login_active'] == FALSE){
$this->error($this->CI->lang->line('aauth_error_totp_code_required'));
return FALSE;
} else if($this->config_vars['totp_two_step_login_active'] == TRUE){
$this->CI->session->set_userdata('totp_required', true);
}
}
}else {
if(!empty($totp_secret)){
@ -440,17 +450,16 @@ class Aauth {
* @param bool $perm_par If not given just control user logged in or not
*/
public function control( $perm_par = FALSE ){
if($this->CI->session->userdata('totp_required')){
$this->error($this->CI->lang->line('aauth_error_totp_verification_required'));
redirect($this->config_vars['totp_two_step_login_redirect']);
}
$perm_id = $this->get_perm_id($perm_par);
$this->update_activity();
if($perm_par == FALSE){
if($this->is_loggedin()){
if($this->CI->session->userdata('totp_required')){
$this->error($this->CI->lang->line('aauth_error_no_access'));
redirect($this->config_vars['totp_two_step_login_redirect']);
}else{
return TRUE;
}
return TRUE;
}else if(!$this->is_loggedin()){
$this->error($this->CI->lang->line('aauth_error_no_access'));
if($this->config_vars['no_permission'] !== FALSE){
@ -1592,6 +1601,11 @@ class Aauth {
*/
public function is_allowed($perm_par, $user_id=FALSE){
if($this->CI->session->userdata('totp_required')){
$this->error($this->CI->lang->line('aauth_error_totp_verification_required'));
redirect($this->config_vars['totp_two_step_login_redirect']);
}
if( $user_id == FALSE){
$user_id = $this->CI->session->userdata('id');
}
@ -2361,6 +2375,39 @@ class Aauth {
return $ga->getQRCodeGoogleUrl($this->config_vars['name'], $secret);
}
public function verify_user_totp_code($totp_code, $user_id = FALSE){
if ( !$this->is_totp_required()) {
return TRUE;
}
if ($user_id == FALSE) {
$user_id = $this->CI->session->userdata('id');
}
if (empty($totp_code)) {
$this->error($this->CI->lang->line('aauth_error_totp_code_required'));
return FALSE;
}
$query = $this->aauth_db->where('id', $user_id);
$query = $this->aauth_db->get($this->config_vars['users']);
$totp_secret = $query->row()->totp_secret;
$ga = new PHPGangsta_GoogleAuthenticator();
$checkResult = $ga->verifyCode($totp_secret, $totp_code, 0);
if (!$checkResult) {
$this->error($this->CI->lang->line('aauth_error_totp_code_invalid'));
return FALSE;
}else{
$this->CI->session->unset_userdata('totp_required');
return TRUE;
}
}
public function is_totp_required(){
if ( !$this->CI->session->userdata('totp_required')) {
return FALSE;
}else if ( $this->CI->session->userdata('totp_required')) {
return TRUE;
}
}
} // end class
// $this->CI->session->userdata('id')

Write Preview
Loading…
Cancel
Save