1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
|
<?php
/**
* Second authentication factor handling
*/
declare(strict_types=1);
namespace PhpMyAdmin\Plugins\TwoFactor;
use PhpMyAdmin\Plugins\TwoFactorPlugin;
use PhpMyAdmin\TwoFactor;
use PragmaRX\Google2FA\Exceptions\IncompatibleWithGoogleAuthenticatorException;
use PragmaRX\Google2FA\Exceptions\InvalidCharactersException;
use PragmaRX\Google2FA\Exceptions\SecretKeyTooShortException;
use PragmaRX\Google2FAQRCode\Google2FA;
use function __;
use function extension_loaded;
/**
* HOTP and TOTP based two-factor authentication
*
* Also known as Google, Authy, or OTP
*/
class Application extends TwoFactorPlugin
{
/** @var string */
public static $id = 'application';
/** @var Google2FA */
protected $google2fa;
/**
* Creates object
*
* @param TwoFactor $twofactor TwoFactor instance
*/
public function __construct(TwoFactor $twofactor)
{
parent::__construct($twofactor);
$this->google2fa = new Google2FA();
$this->google2fa->setWindow(8);
if (isset($this->twofactor->config['settings']['secret'])) {
return;
}
$this->twofactor->config['settings']['secret'] = '';
}
public function getGoogle2fa(): Google2FA
{
return $this->google2fa;
}
/**
* Checks authentication, returns true on success
*
* @throws IncompatibleWithGoogleAuthenticatorException
* @throws InvalidCharactersException
* @throws SecretKeyTooShortException
*/
public function check(): bool
{
$this->provided = false;
if (! isset($_POST['2fa_code'])) {
return false;
}
$this->provided = true;
return (bool) $this->google2fa->verifyKey($this->twofactor->config['settings']['secret'], $_POST['2fa_code']);
}
/**
* Renders user interface to enter two-factor authentication
*
* @return string HTML code
*/
public function render()
{
return $this->template->render('login/twofactor/application');
}
/**
* Renders user interface to configure two-factor authentication
*
* @return string HTML code
*/
public function setup()
{
$secret = $this->twofactor->config['settings']['secret'];
$inlineUrl = $this->google2fa->getQRCodeInline(
'phpMyAdmin (' . $this->getAppId(false) . ')',
$this->twofactor->user,
$secret
);
return $this->template->render('login/twofactor/application_configure', [
'image' => $inlineUrl,
'secret' => $secret,
'has_imagick' => extension_loaded('imagick'),
]);
}
/**
* Performs backend configuration
*
* @throws IncompatibleWithGoogleAuthenticatorException
* @throws InvalidCharactersException
* @throws SecretKeyTooShortException
*/
public function configure(): bool
{
if (! isset($_SESSION['2fa_application_key'])) {
$_SESSION['2fa_application_key'] = $this->google2fa->generateSecretKey();
}
$this->twofactor->config['settings']['secret'] = $_SESSION['2fa_application_key'];
$result = $this->check();
if ($result) {
unset($_SESSION['2fa_application_key']);
}
return $result;
}
/**
* Get user visible name
*
* @return string
*/
public static function getName()
{
return __('Authentication Application (2FA)');
}
/**
* Get user visible description
*
* @return string
*/
public static function getDescription()
{
return __(
'Provides authentication using HOTP and TOTP applications such as FreeOTP, Google Authenticator or Authy.'
);
}
}
|
