Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F1880212
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Size
2 KB
Subscribers
None
View Options
diff --git a/auth.php b/auth.php
--- a/auth.php
+++ b/auth.php
@@ -1,55 +1,61 @@
<?php
// must be run within Dokuwiki
if(!defined('DOKU_INC')) die();
//Load the PHPGangsta_GoogleAuthenticator Class
require_once(dirname(__FILE__).'/GoogleAuthenticator.php');
require_once(dirname(__FILE__).'/TokenHelper.php');
/**
* Google Authenticator Two Factor Authentication
*
* @author Daniel Popp dan@danpopp.net
*/
class auth_plugin_authg2fa extends auth_plugin_authplain {
function __construct() {
parent::__construct();
}
function __destruct() {
//parent::__destruct();
}
function checkPass($user,$pass) {
$th = new TokenHelper();
$secret = $th->getSecret($user);
- if($secret != "")
+ if($secret != "") {
define('GOOGLE_AUTH_SECRET', $secret);
+ $twofactor = true;
+ }
+ else {
+ $twofactor = false;
+ }
$tslack = $this->getConf("g2fa_timeout_slack");
$enable = $this->getConf("g2fa_enable");
$force = $this->getConf("g2fa_force");
$hint = $this->getConf("g2fa_hint");
- $twofactor = true;
- if(!defined('GOOGLE_AUTH_SECRET')) $twofactor=false;
- if($enable == 1 && !$twofactor && $force)
- {
- msg($this->getLang('force'));
- return false;
- }
- if($enable ==1 && !$twofactor && $hint)
- msg($this->getLang('hint'));
- if($enable==0) $twofactor=false;
- if($twofactor==true) {
- if (isset($_POST['p'])) {
- $ga = new PHPGangsta_GoogleAuthenticator();
- $twofa = $_POST['t'];
- $checkResult = $ga->verifyCode($secret, $twofa, $tslack);
+ if($enable == 1) { // The plugin is at least enabled!
+ if(!$twofactor) { // There is no secret for the given user..
+ if($force) {
+ msg($this->getLang('force'));
+ return false;
+ }
+ else if($hint) {
+ msg($this->getLang('hint'));
+ }
+ }
+ else { // 2FA is enabled AND we have a secret, so let's check it
+ if(isset($_POST['p'])) {
+ $ga = new PHPGangsta_GoogleAuthenticator();
+ $twofa = $_POST['t'];
+ $checkResult = $ga->verifyCode($secret, $twofa, $tslack);
}
else {
- $checkResult = false;
+ $checkResult = false;
}
- if ($checkResult != true) {
- return false;
+ if(!$checkResult) { // 2FA code didn't match OR no password supplied
+ return false;
}
+ }
}
return parent::checkPass($user,$pass);
}
}
?>
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Fri, Jan 24, 3:13 AM (1 d, 13 h)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
533775
Default Alt Text
(2 KB)
Attached To
rGTFA authg2fa
Event Timeline
Log In to Comment