1 files changed, 68 insertions, 0 deletions
diff --git a/lib/redmine/twofa/totp.rb b/lib/redmine/twofa/totp.rb
new file mode 100644
index 000000000..ff4fe9cf1
--- /dev/null
+++ b/lib/redmine/twofa/totp.rb
@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+# Redmine - project management software
+# Copyright (C) 2006-2020  Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+module Redmine
+  module Twofa
+    class Totp < Base
+      def init_pairing!
+        @user.update!(twofa_totp_key: ROTP::Base32.random)
+        # reset the cached totp as the key might have changed
+        @totp = nil
+        super
+      end
+
+      def destroy_pairing_without_verify!
+        @user.update!(twofa_totp_key: nil, twofa_totp_last_used_at: nil)
+        # reset the cached totp as the key might have changed
+        @totp = nil
+        super
+      end
+
+      def verify_otp!(code)
+        # topt codes are white-space-insensitive
+        code = code.to_s.remove(/[[:space:]]/)
+        last_verified_at = @user.twofa_totp_last_used_at
+        verified_at = totp.verify(code.to_s, drift_behind: allowed_drift, after: last_verified_at)
+        if verified_at
+          @user.update!(twofa_totp_last_used_at: verified_at)
+          return true
+        else
+          return false
+        end
+      end
+
+      def provisioning_uri
+        totp.provisioning_uri(@user.mail)
+      end
+
+      def init_pairing_view_variables
+        super.merge({
+          provisioning_uri: provisioning_uri,
+          totp_key: @user.twofa_totp_key
+        })
+      end
+
+      private
+
+      def totp
+        @totp ||= ROTP::TOTP.new(@user.twofa_totp_key, issuer: Setting.app_title)
+      end
+    end
+  end
+end