1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
|
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2022 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
require_relative 'base'
module Redmine
module Twofa
class Totp < Base
def init_pairing!
@user.update!(twofa_totp_key: ROTP::Base32.random)
# reset the cached totp as the key might have changed
@totp = nil
super
end
def destroy_pairing_without_verify!
@user.update!(twofa_totp_key: nil, twofa_totp_last_used_at: nil)
# reset the cached totp as the key might have changed
@totp = nil
super
end
def verify_otp!(code)
# topt codes are white-space-insensitive
code = code.to_s.remove(/[[:space:]]/)
last_verified_at = @user.twofa_totp_last_used_at
verified_at = totp.verify(code.to_s, drift_behind: allowed_drift, after: last_verified_at)
if verified_at
@user.update!(twofa_totp_last_used_at: verified_at)
true
else
false
end
end
def provisioning_uri
totp.provisioning_uri(@user.login)
end
def init_pairing_view_variables
super.merge(
{
provisioning_uri: provisioning_uri,
totp_key: @user.twofa_totp_key
}
)
end
private
def totp
@totp ||= ROTP::TOTP.new(@user.twofa_totp_key, issuer: Setting.host_name)
end
end
end
end
|