app/Auth/TotpAuth.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146

<?php

namespace Kanboard\Auth;

use Otp\Otp;
use Otp\GoogleAuthenticator;
use Base32\Base32;
use Kanboard\Core\Base;
use Kanboard\Core\Security\PostAuthenticationProviderInterface;

/**
 * TOTP Authentication Provider
 *
 * @package  Kanboard\Auth
 * @author   Frederic Guillot
 */
class TotpAuth extends Base implements PostAuthenticationProviderInterface
{
    /**
     * User pin code
     *
     * @access protected
     * @var string
     */
    protected $code = '';

    /**
     * Private key
     *
     * @access protected
     * @var string
     */
    protected $secret = '';

    /**
     * Get authentication provider name
     *
     * @access public
     * @return string
     */
    public function getName()
    {
        return t('Time-based One-time Password Algorithm');
    }

    /**
     * Authenticate the user
     *
     * @access public
     * @return boolean
     */
    public function authenticate()
    {
        $otp = new Otp;
        return $otp->checkTotp(Base32::decode($this->secret), $this->code);
    }

    /**
     * Called before to prompt the user
     *
     * @access public
     */
    public function beforeCode()
    {

    }

    /**
     * Set validation code
     *
     * @access public
     * @param  string $code
     */
    public function setCode($code)
    {
        $this->code = $code;
    }

    /**
     * Generate secret
     *
     * @access public
     * @return string
     */
    public function generateSecret()
    {
        $this->secret = GoogleAuthenticator::generateRandom();
        return $this->secret;
    }

    /**
     * Set secret token
     *
     * @access public
     * @param  string  $secret
     */
    public function setSecret($secret)
    {
        $this->secret = $secret;
    }

    /**
     * Get secret token
     *
     * @access public
     * @return string
     */
    public function getSecret()
    {
        return $this->secret;
    }

    /**
     * Get QR code url
     *
     * @access public
     * @param  string $label
     * @return string
     */
    public function getQrCodeUrl($label)
    {
        if (empty($this->secret)) {
            return '';
        }

        $options = array('issuer' => TOTP_ISSUER);
        return GoogleAuthenticator::getQrCodeUrl('totp', $label, $this->secret, null, $options);
    }

    /**
     * Get key url (empty if no url can be provided)
     *
     * @access public
     * @param  string $label
     * @return string
     */
    public function getKeyUrl($label)
    {
        if (empty($this->secret)) {
            return '';
        }

        $options = array('issuer' => TOTP_ISSUER);
        return GoogleAuthenticator::getKeyUri('totp', $label, $this->secret, null, $options);
    }
}