Rewrite of the authentication and authorization system

1 files changed, 19 insertions, 14 deletions

diff --git a/app/Controller/Twofactor.php b/app/Controller/Twofactor.php
index a7368d6b..aeb13acc 100644
--- a/app/Controller/Twofactor.php
+++ b/app/Controller/Twofactor.php
@@ -2,10 +2,6 @@
 
 namespace Kanboard\Controller;
 
-use Otp\Otp;
-use Otp\GoogleAuthenticator;
-use Base32\Base32;
-
 /**
  * Two Factor Auth controller
  *
@@ -36,12 +32,15 @@ class Twofactor extends User
         $user = $this->getUser();
         $this->checkCurrentUser($user);
 
+        $provider = $this->authenticationManager->getPostAuthenticationProvider();
         $label = $user['email'] ?: $user['username'];
 
+        $provider->setSecret($user['twofactor_secret']);
+
         $this->response->html($this->layout('twofactor/index', array(
             'user' => $user,
-            'qrcode_url' => $user['twofactor_activated'] == 1 ? GoogleAuthenticator::getQrCodeUrl('totp', $label, $user['twofactor_secret']) : '',
-            'key_url' => $user['twofactor_activated'] == 1 ? GoogleAuthenticator::getKeyUri('totp', $label, $user['twofactor_secret']) : '',
+            'qrcode_url' => $user['twofactor_activated'] == 1 ? $provider->getQrCodeUrl($label) : '',
+            'key_url' => $user['twofactor_activated'] == 1 ? $provider->getKeyUrl($label) : '',
         )));
     }
 
@@ -61,7 +60,7 @@ class Twofactor extends User
             $this->user->update(array(
                 'id' => $user['id'],
                 'twofactor_activated' => 1,
-                'twofactor_secret' => GoogleAuthenticator::generateRandom(),
+                'twofactor_secret' => $this->authenticationManager->getPostAuthenticationProvider()->getSecret(),
             ));
         } else {
             $this->user->update(array(
@@ -72,14 +71,14 @@ class Twofactor extends User
         }
 
         // Allow the user to test or disable the feature
-        $this->userSession->disable2FA();
+        $this->userSession->disablePostAuthentication();
 
         $this->flash->success(t('User updated successfully.'));
         $this->response->redirect($this->helper->url->to('twofactor', 'index', array('user_id' => $user['id'])));
     }
 
     /**
-     * Test 2FA
+     * Test code
      *
      * @access public
      */
@@ -88,10 +87,13 @@ class Twofactor extends User
         $user = $this->getUser();
         $this->checkCurrentUser($user);
 
-        $otp = new Otp;
         $values = $this->request->getValues();
 
-        if (! empty($values['code']) && $otp->checkTotp(Base32::decode($user['twofactor_secret']), $values['code'])) {
+        $provider = $this->authenticationManager->getPostAuthenticationProvider();
+        $provider->setCode(empty($values['code']) ? '' : $values['code']);
+        $provider->setSecret($user['twofactor_secret']);
+
+        if ($provider->authenticate()) {
             $this->flash->success(t('The two factor authentication code is valid.'));
         } else {
             $this->flash->failure(t('The two factor authentication code is not valid.'));
@@ -110,11 +112,14 @@ class Twofactor extends User
         $user = $this->getUser();
         $this->checkCurrentUser($user);
 
-        $otp = new Otp;
         $values = $this->request->getValues();
 
-        if (! empty($values['code']) && $otp->checkTotp(Base32::decode($user['twofactor_secret']), $values['code'])) {
-            $this->sessionStorage->postAuth['validated'] = true;
+        $provider = $this->authenticationManager->getPostAuthenticationProvider();
+        $provider->setCode(empty($values['code']) ? '' : $values['code']);
+        $provider->setSecret($user['twofactor_secret']);
+
+        if ($provider->authenticate()) {
+            $this->userSession->validatePostAuthentication();
             $this->flash->success(t('The two factor authentication code is valid.'));
             $this->response->redirect($this->helper->url->to('app', 'index'));
         } else {