summaryrefslogtreecommitdiffstats
path: root/lib/redmine/twofa/totp.rb
blob: ed19b6c558330257ad6745f9b7823532b7e5abe1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
# frozen_string_literal: true

# Redmine - project management software
# Copyright (C) 2006-2022  Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

require_relative 'base'

module Redmine
  module Twofa
    class Totp < Base
      def init_pairing!
        @user.update!(twofa_totp_key: ROTP::Base32.random)
        # reset the cached totp as the key might have changed
        @totp = nil
        super
      end

      def destroy_pairing_without_verify!
        @user.update!(twofa_totp_key: nil, twofa_totp_last_used_at: nil)
        # reset the cached totp as the key might have changed
        @totp = nil
        super
      end

      def verify_otp!(code)
        # topt codes are white-space-insensitive
        code = code.to_s.remove(/[[:space:]]/)
        last_verified_at = @user.twofa_totp_last_used_at
        verified_at = totp.verify(code.to_s, drift_behind: allowed_drift, after: last_verified_at)
        if verified_at
          @user.update!(twofa_totp_last_used_at: verified_at)
          true
        else
          false
        end
      end

      def provisioning_uri
        totp.provisioning_uri(@user.login)
      end

      def init_pairing_view_variables
        super.merge(
          {
            provisioning_uri: provisioning_uri,
            totp_key: @user.twofa_totp_key
          }
        )
      end

      private

      def totp
        @totp ||= ROTP::TOTP.new(@user.twofa_totp_key, issuer: Setting.host_name)
      end
    end
  end
end