You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
127 lines
3.6 KiB
127 lines
3.6 KiB
<?php declare(strict_types=1);
|
|
|
|
namespace BradyMcD\TAATP\Workflow;
|
|
|
|
use BradyMcD\TAATP\AntiCSRFInterface;
|
|
use BradyMcD\TAATP\HashInterface;
|
|
use BradyMcD\TAATP\Required\PersistenceInterface;
|
|
use BradyMcD\TAATP\Required\RequestInterface;
|
|
use BradyMcD\TAATP\SessionInterface;
|
|
use BradyMcD\TAATP\WorkflowInterface;
|
|
|
|
use BradyMcD\TAATP\URI\Otpauth;
|
|
use BradyMcD\RFC\_6238;
|
|
|
|
use chillerlan\QRCode\QRCode;
|
|
|
|
/** @SuppressWarnings(PHPMD.ShortVariable)*/
|
|
class UserManagement implements WorkflowInterface
|
|
{
|
|
public function __construct(
|
|
private PersistenceInterface $db,
|
|
private RequestInterface $request,
|
|
private AntiCSRFInterface $csrf,
|
|
private SessionInterface $session,
|
|
private mixed $userIndex,
|
|
private HashInterface $hash,
|
|
)
|
|
{
|
|
}
|
|
|
|
function view()
|
|
{
|
|
echo $this->emitStr();
|
|
}
|
|
|
|
private function viewEnrollForm(): string
|
|
{
|
|
$html = "<div id=\"enroll\"><form %frm>";
|
|
$html .= $this->csrf->emitStr();
|
|
$html .= "<p>To add an authenticator to your account, scan the QR code</p>";
|
|
$html .= "<img src=%qr alt=\"qr-code\" />";
|
|
$html .= "<label for=\"totp_challenge\">Enter the authentication code:</label>";
|
|
$html .= "<input name=\"totp_challenge\" id=\"totp_challenge\" type=\"text\" >";
|
|
$html .= "<input type=\"submit\" value=\"Submit\" />";
|
|
$html .= "</form></div>";
|
|
|
|
$provisioningUri = (new Otpauth(
|
|
"taatp",
|
|
$this->db->userString($this->userIndex),
|
|
$this->hash->keygen(),
|
|
"SHA1",
|
|
30,
|
|
6
|
|
))->emitStr();
|
|
$this->session->store("secret", $provisioningUri);
|
|
|
|
$values = [
|
|
"%frm" => $this->request->formProps("enroll"),
|
|
"%qr" => (new QRCode)->render($provisioningUri),
|
|
];
|
|
return \str_replace(\array_keys($values), $values, $html);
|
|
}
|
|
|
|
private function viewUnenrollForm(): string
|
|
{
|
|
$html = "<div id=\"unenroll\"><form %frm>";
|
|
$html .= $this->csrf->emitStr();
|
|
$html .= "<label for=\"totp_challenge\">To de-register your authenticator enter the current authentication code:</label>";
|
|
$html .= "<intput name=\"totp_challenge\" id=\"totp_challenge\" type\"text\" />";
|
|
$html .= "<input type=\"submit\" value=\"Submit\" />";
|
|
$html .= "</form></div>";
|
|
|
|
$values = [
|
|
"%frm" => $this->ri->formProps("unenroll"),
|
|
];
|
|
|
|
return \str_replace(\array_keys($values), $values, $html);
|
|
}
|
|
|
|
function emitStr(): string
|
|
{
|
|
if (\is_null($this->db->getSecret($this->userIndex)))
|
|
{
|
|
$this->viewEnrollForm();
|
|
}
|
|
$this->viewUnenrollForm();
|
|
}
|
|
|
|
function response(): bool
|
|
{
|
|
if (!$this->csrf->match())
|
|
{
|
|
return false;
|
|
}
|
|
|
|
$pUri = $this->db->getSecret($this->userIndex);
|
|
$enrollFlag = \is_null($pUri);
|
|
$enrollFlag && $enrollFlag = $this->session->get('secret');
|
|
|
|
$totp = _6238(
|
|
$pUri.secret,
|
|
$pUri.period,
|
|
$enrollFlag? 0:$this->db->getLastTime($this->userIndex),
|
|
2,
|
|
$pUri.digits,
|
|
$this->clock,
|
|
$this->hash
|
|
);
|
|
$flag = $totp.validate($this->ri->getResp("totp_challenge"));
|
|
|
|
if($flag && $enrollFlag)
|
|
{
|
|
$this->db->storeLastTime($this->userIndex, $flag);
|
|
$this->db->storeSecret($this->userIndex, $pUri);
|
|
return true;
|
|
}
|
|
else if($flag)
|
|
{
|
|
$this->db->stripSecret($this->userIndex);
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
}
|
|
|
|
?>
|