1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768 |
- # frozen_string_literal: true
-
- # Redmine - project management software
- # Copyright (C) 2006-2020 Jean-Philippe Lang
- #
- # This program is free software; you can redistribute it and/or
- # modify it under the terms of the GNU General Public License
- # as published by the Free Software Foundation; either version 2
- # of the License, or (at your option) any later version.
- #
- # This program is distributed in the hope that it will be useful,
- # but WITHOUT ANY WARRANTY; without even the implied warranty of
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
- # along with this program; if not, write to the Free Software
- # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-
- module Redmine
- module Twofa
- class Totp < Base
- def init_pairing!
- @user.update!(twofa_totp_key: ROTP::Base32.random)
- # reset the cached totp as the key might have changed
- @totp = nil
- super
- end
-
- def destroy_pairing_without_verify!
- @user.update!(twofa_totp_key: nil, twofa_totp_last_used_at: nil)
- # reset the cached totp as the key might have changed
- @totp = nil
- super
- end
-
- def verify_otp!(code)
- # topt codes are white-space-insensitive
- code = code.to_s.remove(/[[:space:]]/)
- last_verified_at = @user.twofa_totp_last_used_at
- verified_at = totp.verify(code.to_s, drift_behind: allowed_drift, after: last_verified_at)
- if verified_at
- @user.update!(twofa_totp_last_used_at: verified_at)
- return true
- else
- return false
- end
- end
-
- def provisioning_uri
- totp.provisioning_uri(@user.mail)
- end
-
- def init_pairing_view_variables
- super.merge({
- provisioning_uri: provisioning_uri,
- totp_key: @user.twofa_totp_key
- })
- end
-
- private
-
- def totp
- @totp ||= ROTP::TOTP.new(@user.twofa_totp_key, issuer: Setting.app_title)
- end
- end
- end
- end
|