Improve 2FA

2 files changed, 16 insertions, 9 deletions

diff --git a/app/Core/Security/PostAuthenticationProviderInterface.php b/app/Core/Security/PostAuthenticationProviderInterface.php
index 88fc2fe5..3f628bb0 100644
--- a/app/Core/Security/PostAuthenticationProviderInterface.php
+++ b/app/Core/Security/PostAuthenticationProviderInterface.php
@@ -11,6 +11,13 @@ namespace Kanboard\Core\Security;
 interface PostAuthenticationProviderInterface extends AuthenticationProviderInterface
 {
     /**
+     * Called only one time before to prompt the user for pin code
+     *
+     * @access public
+     */
+    public function beforeCode();
+
+    /**
      * Set user pin-code
      *
      * @access public
@@ -19,6 +26,14 @@ interface PostAuthenticationProviderInterface extends AuthenticationProviderInte
     public function setCode($code);
 
     /**
+     * Generate secret if necessary
+     *
+     * @access public
+     * @return string
+     */
+    public function generateSecret();
+
+    /**
      * Set secret token (fetched from user profile)
      *
      * @access public
diff --git a/app/Core/Security/Token.php b/app/Core/Security/Token.php
index 9fd2d02b..cbd784a8 100644
--- a/app/Core/Security/Token.php
+++ b/app/Core/Security/Token.php
@@ -21,15 +21,7 @@ class Token extends Base
      */
     public static function getToken()
     {
-        if (function_exists('random_bytes')) {
-            return bin2hex(random_bytes(30));
-        } elseif (function_exists('openssl_random_pseudo_bytes')) {
-            return bin2hex(openssl_random_pseudo_bytes(30));
-        } elseif (ini_get('open_basedir') === '' && strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') {
-            return hash('sha256', file_get_contents('/dev/urandom', false, null, 0, 30));
-        }
-
-        return hash('sha256', uniqid(mt_rand(), true));
+        return bin2hex(random_bytes(30));
     }
 
     /**