WebSVN – Moodle – Diff – /admin/tool/mfa/factor/totp/extlib/OTPHP/TOTP.php

 <?php
-declare(strict_types=1);
-/*
- * The MIT License (MIT)
- *
- * Copyright (c) 2014-2018 Spomky-Labs
- *
- * This software may be modified and distributed under the terms
- * of the MIT license.  See the LICENSE file for details.
- */
+declare(strict_types=1);
+namespace OTPHP;
+use InvalidArgumentException;
+use Psr\Clock\ClockInterface;
+use function assert;
+use function is_int;
 namespace OTPHP;
 /**
-use Assert\Assertion;
-final class TOTP extends OTP implements TOTPInterface
-{
-    /**
-     * TOTP constructor.
-     *
-     * @param string|null $secret
+ * @see \OTPHP\Test\TOTPTest
-     * @param int         $period
+ */
-     * @param string      $digest
+final class TOTP extends OTP implements TOTPInterface
      * @param int         $digits
-     * @param int         $epoch
+    private readonly ClockInterface $clock;
-     */
+    public function __construct(string $secret, ?ClockInterface $clock = null)
+    {
+        parent::__construct($secret);
+        if ($clock === null) {
+            trigger_deprecation(
+                'spomky-labs/otphp',
+                '11.3.0',
+                'The parameter "$clock" will become mandatory in 12.0.0. Please set a valid PSR Clock implementation instead of "null".'
-    protected function __construct($secret, int $period, string $digest, int $digits, int $epoch = 0)
+            );
             $clock = new InternalClock();
-        parent::__construct($secret, $digest, $digits);
-        $this->setPeriod($period);
+        }
-        $this->setEpoch($epoch);
-    }
+        $this->clock = $clock;
+    }
-    /**
-     * TOTP constructor.
+    public static function create(
-     *
+        null|string $secret = null,
-     * @param string|null $secret
+        int $period = self::DEFAULT_PERIOD,
-     * @param int         $period
+        string $digest = self::DEFAULT_DIGEST,
+        int $digits = self::DEFAULT_DIGITS,
+        int $epoch = self::DEFAULT_EPOCH,
-     * @param string      $digest
+        ?ClockInterface $clock = null
+    ): self {
+        $totp = $secret !== null
-     * @param int         $digits
+            ? self::createFromSecret($secret, $clock)
+            : self::generate($clock)
-     * @param int         $epoch
+        ;
-     *
+        $totp->setPeriod($period);
-     * @return self
+        $totp->setDigest($digest);
-     */
-    public static function create($secret = null, int $period = 30, string $digest = 'sha1', int $digits = 6, int $epoch = 0): self
-    {
-        return new self($secret, $period, $digest, $digits, $epoch);
+        $totp->setDigits($digits);
         $totp->setEpoch($epoch);
+        return $totp;
+    }
+    public static function createFromSecret(string $secret, ?ClockInterface $clock = null): self
+    {
+        $totp = new self($secret, $clock);
-    /**
+        $totp->setPeriod(self::DEFAULT_PERIOD);
-     * @param int $period
-     */
-    protected function setPeriod(int $period)
-    {
+        $totp->setDigest(self::DEFAULT_DIGEST);
-        $this->setParameter('period', $period);
+        $totp->setDigits(self::DEFAULT_DIGITS);
-    }
+        $totp->setEpoch(self::DEFAULT_EPOCH);
-    /**
-     * {@inheritdoc}
-     */
-    public function getPeriod(): int
+        return $totp;
+    }
-        return $this->getParameter('period');
+    public static function generate(?ClockInterface $clock = null): self
+    {
+        return self::createFromSecret(self::generateSecret(), $clock);
+    }
-    /**
-     * @param int $epoch
      */
-    private function setEpoch(int $epoch)
+    public function getPeriod(): int
     {
+        $value = $this->getParameter('period');
+        (is_int($value) && $value > 0) || throw new InvalidArgumentException('Invalid "period" parameter.');
-        $this->setParameter('epoch', $epoch);
+        return $value;
-    }
-    /**
-     * {@inheritdoc}
+    }
      */
+    public function getEpoch(): int
+    {
-    public function getEpoch(): int
+        $value = $this->getParameter('epoch');
         (is_int($value) && $value >= 0) || throw new InvalidArgumentException('Invalid "epoch" parameter.');
         return $this->getParameter('epoch');
+        return $value;
+    }
-    }
     public function expiresIn(): int
-    /**
+    {
-     * {@inheritdoc}
+        $period = $this->getPeriod();
-     */
-    public function at(int $timestamp): string
+        return $period - ($this->clock->now()->getTimestamp() % $this->getPeriod());
-    {
-        return $this->generateOTP($this->timecode($timestamp));
     }
-    /**
      * {@inheritdoc}
-     */
+    /**
-    public function now(): string
-    {
+     * The OTP at the specified input.
-        return $this->at(time());
+     *
-    }
+     * @param 0|positive-int $input
-    /**
+     */
-     * If no timestamp is provided, the OTP is verified at the actual timestamp
+    public function at(int $input): string
-     * {@inheritdoc}
-     */
+    {
-    public function verify(string $otp, $timestamp = null, $window = null): bool
+        return $this->generateOTP($this->timecode($input));
+    }
-        $timestamp = $this->getTimestamp($timestamp);
+    public function now(): string
+    {
-        if (null === $window) {
+        $timestamp = $this->clock->now()
-            return $this->compareOTP($this->at($timestamp), $otp);
+            ->getTimestamp();
+        assert($timestamp >= 0, 'The timestamp must return a positive integer.');
-        }
+        return $this->at($timestamp);
+    }
-        return $this->verifyOtpWithWindow($otp, $timestamp, $window);
-    }
-    /**
-     * @param string $otp
-     * @param int    $timestamp
-     * @param int    $window
-     *
-     * @return bool
+    /**
-     */
+     * If no timestamp is provided, the OTP is verified at the actual timestamp. When used, the leeway parameter will
-    private function verifyOtpWithWindow(string $otp, int $timestamp, int $window): bool
-    {
-        $window = abs($window);
+     * allow time drift. The passed value is in seconds.
-        for ($i = 0; $i <= $window; $i++) {
-            $next = (int) $i * $this->getPeriod() + $timestamp;
+     *
-            $previous = (int) -$i * $this->getPeriod() + $timestamp;
+     * @param 0|positive-int $timestamp
-            $valid = $this->compareOTP($this->at($next), $otp) ||
+     * @param null|0|positive-int $leeway
-                $this->compareOTP($this->at($previous), $otp);
+     */
-            if ($valid) {
+    public function verify(string $otp, null|int $timestamp = null, null|int $leeway = null): bool
+    {
+        $timestamp ??= $this->clock->now()
-                return true;
+            ->getTimestamp();
+        $timestamp >= 0 || throw new InvalidArgumentException('Timestamp must be at least 0.');
-        }
-        return false;
         if ($leeway === null) {
             return $this->compareOTP($this->at($timestamp), $otp);
     /**
-     * @param int|null $timestamp
         $leeway = abs($leeway);
-     * @return int
+        $leeway < $this->getPeriod() || throw new InvalidArgumentException(
-     */
+            'The leeway must be lower than the TOTP period'
-    private function getTimestamp($timestamp): int
+        );
         $timestampMinusLeeway = $timestamp - $leeway;
-        $timestamp = $timestamp ?? time();
+        $timestampMinusLeeway >= 0 || throw new InvalidArgumentException(
-        Assertion::greaterOrEqualThan($timestamp, 0, 'Timestamp must be at least 0.');
+            'The timestamp must be greater than or equal to the leeway.'
-        return (int) $timestamp;
-    }
-    /**
-     * {@inheritdoc}
+        );
      */
-    public function getProvisioningUri(): string
+        return $this->compareOTP($this->at($timestampMinusLeeway), $otp)
+            || $this->compareOTP($this->at($timestamp), $otp)
+            || $this->compareOTP($this->at($timestamp + $leeway), $otp);
+    }
+    public function getProvisioningUri(): string
+    {
         $params = [];
-        if (30 !== $this->getPeriod()) {
+        if ($this->getPeriod() !== 30) {
             $params['period'] = $this->getPeriod();
+        }
-        if (0 !== $this->getEpoch()) {
+        if ($this->getEpoch() !== 0) {
             $params['epoch'] = $this->getEpoch();
-        }
+        }
-        return $this->generateURI('totp', $params);
-    }
+        return $this->generateURI('totp', $params);
+    }
-    /**
-     * @param int $timestamp
+    public function setPeriod(int $period): void
-     *
+    {
-     * @return int
-     */
+        $this->setParameter('period', $period);
-    private function timecode(int $timestamp): int
+    }
-    {
-        return (int) floor(($timestamp - $this->getEpoch()) / $this->getPeriod());
-    }
+    public function setEpoch(int $epoch): void
+    {
         $this->setParameter('epoch', $epoch);
     /**
-     * {@inheritdoc}
-     */
+    /**
-    protected function getParameterMap(): array
+     * @return array<non-empty-string, callable>
      */
-        $v = array_merge(
+    protected function getParameterMap(): array
-            parent::getParameterMap(),
+    {
         return [
-                'period' => function ($value) {
+            ...parent::getParameterMap(),
-                    Assertion::greaterThan((int) $value, 0, 'Period must be at least 1.');
+            'period' => static function ($value): int {
                 (int) $value > 0 || throw new InvalidArgumentException('Period must be at least 1.');
+                return (int) $value;
+            },
+            'epoch' => static function ($value): int {
+                (int) $value >= 0 || throw new InvalidArgumentException(
+                    'Epoch must be greater than or equal to 0.'
+                );
+                return (int) $value;
+            },
+        ];
+    }
-                    return (int) $value;
+    /**

Proyectos de Subversion Moodle

(root)/admin/tool/mfa/factor/totp/extlib/OTPHP/TOTP.php – Rev 1 → 1441