WebSVN – Moodle – Diff – /admin/tool/mfa/factor/totp/classes/factor.php

 require_once(__DIR__.'/../extlib/OTPHP/TOTPInterface.php');
 require_once(__DIR__.'/../extlib/OTPHP/ParameterTrait.php');
 require_once(__DIR__.'/../extlib/OTPHP/OTP.php');
 require_once(__DIR__.'/../extlib/OTPHP/TOTP.php');
-require_once(__DIR__.'/../extlib/Assert/Assertion.php');
-require_once(__DIR__.'/../extlib/Assert/AssertionFailedException.php');
 require_once(__DIR__.'/../extlib/Assert/InvalidArgumentException.php');
 require_once(__DIR__.'/../extlib/ParagonIE/ConstantTime/EncoderInterface.php');
 require_once(__DIR__.'/../extlib/ParagonIE/ConstantTime/Binary.php');
+require_once(__DIR__.'/../extlib/ParagonIE/ConstantTime/Base32.php');
 require_once(__DIR__.'/../extlib/ParagonIE/ConstantTime/Base32.php');
 use MoodleQuickForm;
 use tool_mfa\local\factor\object_factor_base;
+use OTPHP\TOTP;
+use stdClass;
+use core\clock;
-use OTPHP\TOTP;
+use core\context\system;
-use stdClass;
+use core\di;
 /**
     const TOTP_INVALID = 'invalid';
     /** @var string Factor icon */
+    protected $icon = 'fa-mobile-screen';
+    /** @var clock */
+    private readonly clock $clock;
+    /**
+     * Constructor.
+     *
+     * @param string $name
+     */
+    public function __construct(string $name) {
+        parent::__construct($name);
+        $this->clock = di::get(clock::class);
     protected $icon = 'fa-mobile-screen';
     /**
      * @return string
      */
     public function generate_totp_uri(string $secret): string {
         global $USER, $SITE, $CFG;
         $host = parse_url($CFG->wwwroot, PHP_URL_HOST);
-        $sitename = str_replace(':', '', $SITE->fullname);
+        $sitename = str_replace(':', '', format_string($SITE->fullname, true, ['context' => system::instance()]));
         $issuer = $sitename.' '.$host;
-        $totp = TOTP::create($secret);
+        $totp = TOTP::create($secret, clock: $this->clock);
         $totp->setLabel($USER->username);
         $totp->setIssuer($issuer);
         return $totp->getProvisioningUri();
+    }
+    }
     /**
      * TOTP Factor implementation.
      *
-     * @param \MoodleQuickForm $mform
+     * @param MoodleQuickForm $mform
-     * @return \MoodleQuickForm $mform
+     * @return MoodleQuickForm $mform
      */
-    public function setup_factor_form_definition(\MoodleQuickForm $mform): \MoodleQuickForm {
+    public function setup_factor_form_definition(MoodleQuickForm $mform): MoodleQuickForm {
         $secret = $this->generate_secret_code();
         $mform->addElement('hidden', 'secret', $secret);
         $mform->setType('secret', PARAM_ALPHANUM);
         return $mform;
+    }
     /**
      * TOTP Factor implementation.
+     *
-     * @param \MoodleQuickForm $mform
+     * @param MoodleQuickForm $mform
-     * @return \MoodleQuickForm $mform
+     * @return MoodleQuickForm $mform
      */
-    public function setup_factor_form_definition_after_data(\MoodleQuickForm $mform): \MoodleQuickForm {
+    public function setup_factor_form_definition_after_data(MoodleQuickForm $mform): MoodleQuickForm {
         // Enter manually.
         $secret = wordwrap($secret, 4, ' ', true) . '</code>';
+        $secret = \html_writer::tag('code', $secret);
-        $secret = \html_writer::tag('code', $secret);
+        $sitefullname = format_string($SITE->fullname, true, ['context' => system::instance()]);
         $manualtable = new \html_table();
         $manualtable->id = 'manualattributes';
         $manualtable->attributes['class'] = 'generaltable table table-bordered table-sm w-auto';
         $manualtable->attributes['style'] = 'width: auto;';
         $manualtable->data = [
             [get_string('setupfactor:key', 'factor_totp'), $secret],
-            [get_string('setupfactor:account', 'factor_totp'), "$SITE->fullname ($USER->username)"],
+            [get_string('setupfactor:account', 'factor_totp'), "{$sitefullname} ({$USER->username})"],
             [get_string('setupfactor:mode', 'factor_totp'), get_string('setupfactor:mode:timebased', 'factor_totp')],
         ];
         $html = \html_writer::table($manualtable);
         // Wrap the table in a couple of divs to be controlled via bootstrap.
         $html = \html_writer::div($html, 'collapse', ['id' => 'collapseManualAttributes']);
         $togglelink = \html_writer::tag('a', get_string('setupfactor:link', 'factor_totp'), [
-            'data-toggle' => 'collapse',
+            'data-bs-toggle' => 'collapse',
-            'data-target' => '#collapseManualAttributes',
+            'data-bs-target' => '#collapseManualAttributes',
      * @return array
      */
     public function setup_factor_form_validation(array $data): array {
         $errors = [];
-        $totp = TOTP::create($data['secret']);
+        $totp = TOTP::create($data['secret'], clock: $this->clock);
-        if (!$totp->verify($data['verificationcode'], time(), 1)) {
+        if (!$totp->verify($data['verificationcode'], $this->clock->time(), 1)) {
             $errors['verificationcode'] = get_string('error:wrongverification', 'factor_totp');
+        }
         return $errors;
+    }
     /**
      * TOTP Factor implementation.
+     *
-     * @param \MoodleQuickForm $mform
+     * @param MoodleQuickForm $mform
-     * @return \MoodleQuickForm $mform
+     * @return MoodleQuickForm $mform
      */
-    public function login_form_definition(\MoodleQuickForm $mform): \MoodleQuickForm {
+    public function login_form_definition(MoodleQuickForm $mform): MoodleQuickForm {
      */
     public function login_form_validation(array $data): array {
         global $USER;
         $factors = $this->get_active_user_factors($USER);
         $result = ['verificationcode' => get_string('error:wrongverification', 'factor_totp')];
-        $windowconfig = get_config('factor_totp', 'window');
+        $window = get_config('factor_totp', 'window');
         foreach ($factors as $factor) {
-            $totp = TOTP::create($factor->secret);
-            // Convert seconds to windows.
-            $window = (int) floor($windowconfig / $totp->getPeriod());
+            $totp = TOTP::create($factor->secret, clock: $this->clock);
             $factorresult = $this->validate_code($data['verificationcode'], $window, $totp, $factor);
-            $time = userdate(time(), get_string('systimeformat', 'factor_totp'));
+            $time = userdate($this->clock->time(), get_string('systimeformat', 'factor_totp'));
             switch ($factorresult) {
         $lastverified = $this->get_lastverified($factor->id);
         if ($lastverified > 0 && $totp->verify($code, $lastverified, $window)) {
             return self::TOTP_USED;
+        }
-        // The window in which to check for clock skew, 5 increments past valid window.
-        $skewwindow = $window + 5;
-        $pasttimestamp = time() - ($skewwindow * $totp->getPeriod());
-        $futuretimestamp = time() + ($skewwindow * $totp->getPeriod());
+        // Check if the code is valid, returning early.
-        if ($totp->verify($code, time(), $window)) {
+        if ($totp->verify($code, $this->clock->time(), $window)) {
-            return self::TOTP_VALID;
-        } else if ($totp->verify($code, $pasttimestamp, $skewwindow)) {
-            // Check for clock skew in the past 10 periods.
-            return self::TOTP_OLD;
-        } else if ($totp->verify($code, $futuretimestamp, $skewwindow)) {
-            // Check for clock skew in the future 10 periods.
-            return self::TOTP_FUTURE;
-        } else {
-            // In all other cases, code is invalid.
-            return self::TOTP_INVALID;
+            return self::TOTP_VALID;
+        }
+        // Check for clock skew in the past and future 10 periods.
+        for ($i = 1; $i <= 10; $i++) {
+            $pasttimestamp = $this->clock->time() - $i * $totp->getPeriod();
+            $futuretimestamp = $this->clock->time() + $i * $totp->getPeriod();
+            if ($totp->verify($code, $pasttimestamp, $window)) {
+                return self::TOTP_OLD;
+            }
+            if ($totp->verify($code, $futuretimestamp, $window)) {
+                return self::TOTP_FUTURE;
+            }
+        }
+        // In all other cases, the code is invalid.
         return self::TOTP_INVALID;
+    }
     /**
      * Generates cryptographically secure pseudo-random 16-digit secret code.
+     *
      * @return string
      */
     public function generate_secret_code(): string {
-        $totp = TOTP::create();
+        $totp = TOTP::create(clock: $this->clock);
         return substr($totp->getSecret(), 0, 16);
+    }
             $row = new stdClass();
             $row->userid = $USER->id;
             $row->factor = $this->name;
             $row->secret = $data->secret;
             $row->label = $data->devicename;
-            $row->timecreated = time();
+            $row->timecreated = $this->clock->time();
             $row->createdfromip = $USER->lastip;
-            $row->timemodified = time();
+            $row->timemodified = $this->clock->time();
             $row->lastverified = 0;
             $row->revoked = 0;
             // Check if a record with this configuration already exists, warning the user accordingly.

Proyectos de Subversion Moodle

(root)/admin/tool/mfa/factor/totp/classes/factor.php – Rev 1 → 1441