Skip to content

Commit

Permalink
#3 - Check for 2FA upon "Forgotten Password" request
Browse files Browse the repository at this point in the history
Not functional yet!
  • Loading branch information
Moc committed Jan 27, 2021
1 parent 6bfa19b commit c3e8058
Show file tree
Hide file tree
Showing 3 changed files with 103 additions and 14 deletions.
10 changes: 8 additions & 2 deletions e_event.php
Original file line number Diff line number Diff line change
Expand Up @@ -20,12 +20,18 @@ function config()

$event = array();

// User
// User login
$event[] = array(
'name' => "user_validlogin",
'function' => "init_tfa",
);

// User has submitted Forgotten Password form
$event[] = array(
'name' => "user_fpw_request",
'function' => "init_tfa",
);

return $event;

}
Expand All @@ -37,7 +43,7 @@ function init_tfa($data, $eventname)
if(e107::getPlugPref('twofactorauth', 'tfa_active'))
{
$tfa = new tfa_class();
$tfa->init($data);
$tfa->init($data, $eventname);
}
}

Expand Down
60 changes: 50 additions & 10 deletions twofactorauth_class.php
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,22 @@ public function __construct()
}
}

public function init($user_id)
public function init($data, $eventname)
{
// Login
if($eventname == 'user_validlogin')
{
$user_id = $data;
}
// FPW
else
{
// error_log($eventname);
// error_log(print_r($data, true));
// return false;
$user_id = $data["user_id"];
}

// Check if 2FA is activated
if($this->tfaActivated($user_id) == false)
{
Expand Down Expand Up @@ -79,6 +93,10 @@ public function showTotpInputForm($action = 'login', $secret = '')
$action = 'submit';
$button_name = "enter-totp-login";
break;
case 'fpw':
$action = 'submit';
$button_name = "enter-totp-fpw";
break;
case 'enable':
$action = 'submit';
$button_name = "enter-totp-enable";
Expand Down Expand Up @@ -115,7 +133,7 @@ public function showTotpInputForm($action = 'login', $secret = '')
return $text;
}

public function processLogin($user_id = USERID, $totp)
private function verifyTotp($user_id = USERID, $totp)
{
$tfa_library = new TwoFactorAuth();

Expand All @@ -139,15 +157,29 @@ public function processLogin($user_id = USERID, $totp)
e107::getAdminLog()->addDebug(__LINE__." ".__METHOD__.": The TOTP code that was entered, is correct");
e107::getAdminLog()->toFile('twofactorauth', 'TwoFactorAuth Debug Information', true);
}
return true;
}
else
{
if($this->tfa_debug)
{
e107::getAdminLog()->addDebug(__LINE__." ".__METHOD__.": The TOTP code that was entered, is INCORRECT");
e107::getAdminLog()->toFile('twofactorauth', 'TwoFactorAuth Debug Information', true);
}
return false;
}

}

public function processLogin($user_id = USERID, $totp)
{
if($this->verifyTotp($user_id, $totp))
{
// Continue processing login
$user = e107::user($user_id);
$ulogin = new userlogin();
$ulogin->validLogin($user);

//e107::getUser()->validLogin($user);
//e107::getUserSession()->makeUserCookie($user);

// Get previous page the user was on before logging in.
$redirect_to = e107::getSession('2fa')->get('previous_page');

Expand All @@ -174,15 +206,23 @@ public function processLogin($user_id = USERID, $totp)
// The entered TOTP is INCORRECT
else
{
if($this->tfa_debug)
{
e107::getAdminLog()->addDebug(__LINE__." ".__METHOD__.": The TOTP code that was entered, is INCORRECT");
e107::getAdminLog()->toFile('twofactorauth', 'TwoFactorAuth Debug Information', true);
}
return false;
}
}

public function processFpw($user_id = USERID, $totp)
{
if($this->verifyTotp($user_id, $totp))
{
return true;
}
// The entered TOTP is INCORRECT
else
{
return LAN_2FA_INCORRECT_TOTP;
}
}

public function processEnable($user_id = USERID, $secret_key, $totp)
{
$tfa_library = new TwoFactorAuth();
Expand Down
47 changes: 45 additions & 2 deletions verify.php
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,8 @@
exit;
}

$session_user_id = e107::getSession('2fa')->get('user_id');
$session_user_id = e107::getSession('2fa')->get('user_id');
$session_previous_page = e107::getSession('2fa')->get('previous_page');

// No need to access this file directly or when already logged in.
if(empty($session_user_id) || USER)
Expand All @@ -41,6 +42,16 @@
exit;
}

// Check action
if(strpos($session_previous_page, 'fpw.php') !== false) // PHP 8 - str_contains()
{
$action = 'fpw';
}
else
{
$action = 'login';
}

// Load required files (TwoFactorAuth Library and twofactorauth class)
// e107_require_once(e_PLUGIN.'twofactorauth/vendor/autoload.php');
// use \RobThree\Auth\TwoFactorAuth;
Expand Down Expand Up @@ -73,14 +84,46 @@
}
}

// Process TOTP code and verify against secret key
if(isset($_POST))
{
// Retrieve user ID from session
$user_id = e107::getSession('2fa')->get('user_id');

// Set $totp, entered by user
$totp = intval($_POST['totp']);
$totp = (string) $totp;

if(isset($_POST['enter-totp-login']))
{
if(!$tfa_class->processLogin($user_id, $totp))
{
e107::getMessage()->addError(LAN_2FA_INCORRECT_TOTP);
}
}

if(isset($_POST['enter-totp-fpw']))
{
if(!$tfa_class->processFpw($user_id, $totp))
{
e107::getMessage()->addError(LAN_2FA_INCORRECT_TOTP);
}
else
{
return true;
}
}

}

// TEMP FOR DEV PURPOSES
// $secret = e107::getDB()->retrieve('twofactorauth', 'secret_key', "user_id='1'");
// $correct_totp = $tfa_library->getCode($secret);
// $text .= $correct_totp;

// Display form to enter TOTP
e107::getMessage()->addInfo(e107::getParser()->toHTML(LAN_2FA_VERIFY_INSTRUCTIONS, true));
$text .= $tfa_class->showTotpInputForm();
$text .= $tfa_class->showTotpInputForm($action);
$text .= '<p class="font-italic">'.LAN_2FA_FALLBACK_INSTRUCTIONS.'</p>';

// Let's render and show it all!
Expand Down

0 comments on commit c3e8058

Please sign in to comment.