From e62779e26781c849bdc24f40e94330bec97f8069 Mon Sep 17 00:00:00 2001 From: Frederic Guillot Date: Tue, 5 Jan 2016 20:31:15 -0500 Subject: Improve 2FA --- app/Core/Security/PostAuthenticationProviderInterface.php | 15 +++++++++++++++ app/Core/Security/Token.php | 10 +--------- 2 files changed, 16 insertions(+), 9 deletions(-) (limited to 'app/Core/Security') diff --git a/app/Core/Security/PostAuthenticationProviderInterface.php b/app/Core/Security/PostAuthenticationProviderInterface.php index 88fc2fe5..3f628bb0 100644 --- a/app/Core/Security/PostAuthenticationProviderInterface.php +++ b/app/Core/Security/PostAuthenticationProviderInterface.php @@ -10,6 +10,13 @@ namespace Kanboard\Core\Security; */ interface PostAuthenticationProviderInterface extends AuthenticationProviderInterface { + /** + * Called only one time before to prompt the user for pin code + * + * @access public + */ + public function beforeCode(); + /** * Set user pin-code * @@ -18,6 +25,14 @@ interface PostAuthenticationProviderInterface extends AuthenticationProviderInte */ public function setCode($code); + /** + * Generate secret if necessary + * + * @access public + * @return string + */ + public function generateSecret(); + /** * Set secret token (fetched from user profile) * diff --git a/app/Core/Security/Token.php b/app/Core/Security/Token.php index 9fd2d02b..cbd784a8 100644 --- a/app/Core/Security/Token.php +++ b/app/Core/Security/Token.php @@ -21,15 +21,7 @@ class Token extends Base */ public static function getToken() { - if (function_exists('random_bytes')) { - return bin2hex(random_bytes(30)); - } elseif (function_exists('openssl_random_pseudo_bytes')) { - return bin2hex(openssl_random_pseudo_bytes(30)); - } elseif (ini_get('open_basedir') === '' && strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') { - return hash('sha256', file_get_contents('/dev/urandom', false, null, 0, 30)); - } - - return hash('sha256', uniqid(mt_rand(), true)); + return bin2hex(random_bytes(30)); } /** -- cgit v1.2.3