From c3e80586d498a682ac45632ff46d619c3771efee Mon Sep 17 00:00:00 2001 From: Moc Date: Wed, 27 Jan 2021 18:06:59 +0100 Subject: [PATCH] #3 - Check for 2FA upon "Forgotten Password" request Not functional yet! --- e_event.php | 10 +++++-- twofactorauth_class.php | 60 ++++++++++++++++++++++++++++++++++------- verify.php | 47 ++++++++++++++++++++++++++++++-- 3 files changed, 103 insertions(+), 14 deletions(-) diff --git a/e_event.php b/e_event.php index 93d2299..be63615 100644 --- a/e_event.php +++ b/e_event.php @@ -20,12 +20,18 @@ function config() $event = array(); - // User + // User login $event[] = array( 'name' => "user_validlogin", 'function' => "init_tfa", ); + // User has submitted Forgotten Password form + $event[] = array( + 'name' => "user_fpw_request", + 'function' => "init_tfa", + ); + return $event; } @@ -37,7 +43,7 @@ function init_tfa($data, $eventname) if(e107::getPlugPref('twofactorauth', 'tfa_active')) { $tfa = new tfa_class(); - $tfa->init($data); + $tfa->init($data, $eventname); } } diff --git a/twofactorauth_class.php b/twofactorauth_class.php index 5bc3ec8..da31667 100644 --- a/twofactorauth_class.php +++ b/twofactorauth_class.php @@ -24,8 +24,22 @@ public function __construct() } } - public function init($user_id) + public function init($data, $eventname) { + // Login + if($eventname == 'user_validlogin') + { + $user_id = $data; + } + // FPW + else + { + // error_log($eventname); + // error_log(print_r($data, true)); + // return false; + $user_id = $data["user_id"]; + } + // Check if 2FA is activated if($this->tfaActivated($user_id) == false) { @@ -79,6 +93,10 @@ public function showTotpInputForm($action = 'login', $secret = '') $action = 'submit'; $button_name = "enter-totp-login"; break; + case 'fpw': + $action = 'submit'; + $button_name = "enter-totp-fpw"; + break; case 'enable': $action = 'submit'; $button_name = "enter-totp-enable"; @@ -115,7 +133,7 @@ public function showTotpInputForm($action = 'login', $secret = '') return $text; } - public function processLogin($user_id = USERID, $totp) + private function verifyTotp($user_id = USERID, $totp) { $tfa_library = new TwoFactorAuth(); @@ -139,15 +157,29 @@ public function processLogin($user_id = USERID, $totp) e107::getAdminLog()->addDebug(__LINE__." ".__METHOD__.": The TOTP code that was entered, is correct"); e107::getAdminLog()->toFile('twofactorauth', 'TwoFactorAuth Debug Information', true); } + return true; + } + else + { + if($this->tfa_debug) + { + e107::getAdminLog()->addDebug(__LINE__." ".__METHOD__.": The TOTP code that was entered, is INCORRECT"); + e107::getAdminLog()->toFile('twofactorauth', 'TwoFactorAuth Debug Information', true); + } + return false; + } + } + + public function processLogin($user_id = USERID, $totp) + { + if($this->verifyTotp($user_id, $totp)) + { // Continue processing login $user = e107::user($user_id); $ulogin = new userlogin(); $ulogin->validLogin($user); - //e107::getUser()->validLogin($user); - //e107::getUserSession()->makeUserCookie($user); - // Get previous page the user was on before logging in. $redirect_to = e107::getSession('2fa')->get('previous_page'); @@ -174,15 +206,23 @@ public function processLogin($user_id = USERID, $totp) // The entered TOTP is INCORRECT else { - if($this->tfa_debug) - { - e107::getAdminLog()->addDebug(__LINE__." ".__METHOD__.": The TOTP code that was entered, is INCORRECT"); - e107::getAdminLog()->toFile('twofactorauth', 'TwoFactorAuth Debug Information', true); - } return false; } } + public function processFpw($user_id = USERID, $totp) + { + if($this->verifyTotp($user_id, $totp)) + { + return true; + } + // The entered TOTP is INCORRECT + else + { + return LAN_2FA_INCORRECT_TOTP; + } + } + public function processEnable($user_id = USERID, $secret_key, $totp) { $tfa_library = new TwoFactorAuth(); diff --git a/verify.php b/verify.php index 8faa996..295feb9 100644 --- a/verify.php +++ b/verify.php @@ -20,7 +20,8 @@ exit; } -$session_user_id = e107::getSession('2fa')->get('user_id'); +$session_user_id = e107::getSession('2fa')->get('user_id'); +$session_previous_page = e107::getSession('2fa')->get('previous_page'); // No need to access this file directly or when already logged in. if(empty($session_user_id) || USER) @@ -41,6 +42,16 @@ exit; } +// Check action +if(strpos($session_previous_page, 'fpw.php') !== false) // PHP 8 - str_contains() +{ + $action = 'fpw'; +} +else +{ + $action = 'login'; +} + // Load required files (TwoFactorAuth Library and twofactorauth class) // e107_require_once(e_PLUGIN.'twofactorauth/vendor/autoload.php'); // use \RobThree\Auth\TwoFactorAuth; @@ -73,6 +84,38 @@ } } +// Process TOTP code and verify against secret key +if(isset($_POST)) +{ + // Retrieve user ID from session + $user_id = e107::getSession('2fa')->get('user_id'); + + // Set $totp, entered by user + $totp = intval($_POST['totp']); + $totp = (string) $totp; + + if(isset($_POST['enter-totp-login'])) + { + if(!$tfa_class->processLogin($user_id, $totp)) + { + e107::getMessage()->addError(LAN_2FA_INCORRECT_TOTP); + } + } + + if(isset($_POST['enter-totp-fpw'])) + { + if(!$tfa_class->processFpw($user_id, $totp)) + { + e107::getMessage()->addError(LAN_2FA_INCORRECT_TOTP); + } + else + { + return true; + } + } + +} + // TEMP FOR DEV PURPOSES // $secret = e107::getDB()->retrieve('twofactorauth', 'secret_key', "user_id='1'"); // $correct_totp = $tfa_library->getCode($secret); @@ -80,7 +123,7 @@ // Display form to enter TOTP e107::getMessage()->addInfo(e107::getParser()->toHTML(LAN_2FA_VERIFY_INSTRUCTIONS, true)); -$text .= $tfa_class->showTotpInputForm(); +$text .= $tfa_class->showTotpInputForm($action); $text .= '

'.LAN_2FA_FALLBACK_INSTRUCTIONS.'

'; // Let's render and show it all!