From 7d61f40fff6976e6603d81c0406e49302707ecd2 Mon Sep 17 00:00:00 2001 From: djmaze Date: Thu, 22 Jul 2021 22:14:26 +0200 Subject: [PATCH] improved some 2fa code based onmaster source changes --- plugins/two-factor-auth/index.php | 6 +- plugins/two-factor-auth/providers/totp.php | 86 +--------------------- 2 files changed, 5 insertions(+), 87 deletions(-) diff --git a/plugins/two-factor-auth/index.php b/plugins/two-factor-auth/index.php index 34281292e..87f4f9da3 100644 --- a/plugins/two-factor-auth/index.php +++ b/plugins/two-factor-auth/index.php @@ -10,9 +10,9 @@ class TwoFactorAuthPlugin extends \RainLoop\Plugins\AbstractPlugin { const NAME = 'Two Factor Authentication', - VERSION = '2.0', - RELEASE = '2021-04-13', - REQUIRED = '2.5.0', + VERSION = '2.1', + RELEASE = '2021-07-22', + REQUIRED = '2.5.4', CATEGORY = 'Login', DESCRIPTION = 'This plugin allows you to to have TOTP'; diff --git a/plugins/two-factor-auth/providers/totp.php b/plugins/two-factor-auth/providers/totp.php index 8dfd39ede..bffc6b9ce 100644 --- a/plugins/two-factor-auth/providers/totp.php +++ b/plugins/two-factor-auth/providers/totp.php @@ -9,94 +9,12 @@ class TwoFactorAuthTotp implements TwoFactorAuthInterface public function VerifyCode(string $sSecret, string $sCode) : bool { - $key = static::Base32Decode($sSecret); - $algo = 'SHA1'; // Google Authenticator doesn't support SHA256 - $digits = 6; // Google Authenticator doesn't support 8 - $modulo = \pow(10, $digits); - $timeSlice = \floor(\time() / 30); - $discrepancy = 1; - for ($i = -$discrepancy; $i <= $discrepancy; ++$i) { - // Pack time into binary string - $counter = \str_pad(\pack('N*', $timeSlice + $i), 8, "\x00", STR_PAD_LEFT); - // Hash it with users secret key - $hm = \hash_hmac($algo, $counter, $key, true); - // Unpak 4 bytes of the result, use last nipple of result as index/offset - $value = \unpack('N', \substr($hm, (\ord(\substr($hm, -1)) & 0x0F), 4)); - // Only 32 bits - $value = $value[1] & 0x7FFFFFFF; - $value = \str_pad($value % $modulo, $digits, '0', STR_PAD_LEFT); - if (\hash_equals($value, $sCode)) { - return true; - } - } - return false; + return \SnappyMail\TOTP::Verify($sSecret, $sCode); } public function CreateSecret() : string { - $CHARS = \array_keys(static::$map); - $length = 16; - $secret = ''; - while (0 < $length--) { - $secret .= $CHARS[\random_int(0,31)]; - } - return $secret; - } - - protected static $map = array( - 'A' => 0, // ord 65 - 'B' => 1, - 'C' => 2, - 'D' => 3, - 'E' => 4, - 'F' => 5, - 'G' => 6, - 'H' => 7, - 'I' => 8, - 'J' => 9, - 'K' => 10, - 'L' => 11, - 'M' => 12, - 'N' => 13, - 'O' => 14, - 'P' => 15, - 'Q' => 16, - 'R' => 17, - 'S' => 18, - 'T' => 19, - 'U' => 20, - 'V' => 21, - 'W' => 22, - 'X' => 23, - 'Y' => 24, - 'Z' => 25, // ord 90 - '2' => 26, // ord 50 - '3' => 27, - '4' => 28, - '5' => 29, - '6' => 30, - '7' => 31 // ord 55 - ); - - protected static function Base32Decode(string $data) - { - $data = \strtoupper(\rtrim($data, "=\x20\t\n\r\0\x0B")); - $dataSize = \strlen($data); - $buf = 0; - $bufSize = 0; - $res = ''; - for ($i = 0; $i < $dataSize; ++$i) { - $c = $data[$i]; - if (isset(static::$map[$c])) { - $buf = ($buf << 5) | static::$map[$c]; - $bufSize += 5; - if ($bufSize > 7) { - $bufSize -= 8; - $res .= \chr(($buf & (0xff << $bufSize)) >> $bufSize); - } - } - } - return $res; + return \SnappyMail\TOTP::CreateSecret(); } }