tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
pandorafms/pandora_console/include/auth/GAuth/Auth.php

356 lines
8.2 KiB
PHP
Raw Normal View History

Added a class to perform google autenticator checks
2014-12-11 16:09:17 +01:00
<?php
// The MIT License (MIT)
// Copyright (c) 2013 Chris Cornutt
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
// in the Software without restriction, including without limitation the rights
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
// copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
// The above copyright notice and this permission notice shall be included in
// all copies or substantial portions of the Software.
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
namespace GAuth;
/**
* A class for generating the codes compatible with the Google Authenticator
* clients.
*
* NOTE: A lot of the logic from this class has been borrowed from this class:
* http://www.idontplaydarts.com/wp-content/uploads/2011/07/ga.php_.txt
*
* @author Chris Cornutt <ccornutt@phpdeveloper.org>
* @package GAuth
* @license MIT
*/
class Auth
{
/**
* Internal lookup table
* @var array
*/
private $lookup = array();
/**
* Initialization key
* @var string
*/
private $initKey = null;
/**
* Seconds between key refreshes
* @var integer
*/
private $refreshSeconds = 30;
/**
* Length of codes to generate
* @var integer
*/
private $codeLength = 6;
/**
* Range plus/minus for "window of opportunity" on allowed codes
* @var integer
*/
private $range = 2;
/**
* Initialize the object and set up the lookup table
* Optionally the Initialization key
*
* @param string $initKey Initialization key
*/
public function __construct($initKey = null)
{
$this->buildLookup();
if ($initKey !== null) {
$this->setInitKey($initKey);
}
}
/**
* Build the base32 lookup table
*
* @return null
*/
public function buildLookup()
{
$lookup = array_combine(
array_merge(range('A', 'Z'), range(2, 7)),
range(0, 31)
);
$this->setLookup($lookup);
}
/**
* Get the current "range" value
* @return integer Range value
*/
public function getRange()
{
return $this->range;
}
/**
* Set the "range" value
*
* @param integer $range Range value
* @return \GAuth\Auth instance
*/
public function setRange($range)
{
if (!is_numeric($range)) {
throw new \InvalidArgumentException('Invalid window range');
}
$this->range = $range;
return $this;
}
/**
* Set the initialization key for the object
*
* @param string $key Initialization key
* @throws \InvalidArgumentException If hash is not valid base32
* @return \GAuth\Auth instance
*/
public function setInitKey($key)
{
if (preg_match('/^['.implode('', array_keys($this->getLookup())).']+$/', $key) == false) {
throw new \InvalidArgumentException('Invalid base32 hash!');
}
$this->initKey = $key;
return $this;
}
/**
* Get the current Initialization key
*
* @return string Initialization key
*/
public function getInitKey()
{
return $this->initKey;
}
/**
* Set the contents of the internal lookup table
*
* @param array $lookup Lookup data set
* @throws \InvalidArgumentException If lookup given is not an array
* @return \GAuth\Auth instance
*/
public function setLookup($lookup)
{
if (!is_array($lookup)) {
throw new \InvalidArgumentException('Lookup value must be an array');
}
$this->lookup = $lookup;
return $this;
}
/**
* Get the current lookup data set
*
* @return array Lookup data
*/
public function getLookup()
{
return $this->lookup;
}
/**
* Get the number of seconds for code refresh currently set
*
* @return integer Refresh in seconds
*/
public function getRefresh()
{
return $this->refreshSeconds;
}
/**
* Set the number of seconds to refresh codes
*
* @param integer $seconds Seconds to refresh
* @throws \InvalidArgumentException If seconds value is not numeric
* @return \GAuth\Auth instance
*/
public function setRefresh($seconds)
{
if (!is_numeric($seconds)) {
throw \InvalidArgumentException('Seconds must be numeric');
}
$this->refreshSeconds = $seconds;
return $this;
}
/**
* Get the current length for generated codes
*
* @return integer Code length
*/
public function getCodeLength()
{
return $this->codeLength;
}
/**
* Set the length of the generated codes
*
* @param integer $length Code length
* @return \GAuth\Auth instance
*/
public function setCodeLength($length)
{
$this->codeLength = $length;
return $this;
}
/**
* Validate the given code
*
* @param string $code Code entered by user
* @param string $initKey Initialization key
* @param string $timestamp Timestamp for calculation
* @param integer $range Seconds before/after to validate hash against
* @throws \InvalidArgumentException If incorrect code length
* @return boolean Pass/fail of validation
*/
public function validateCode($code, $initKey = null, $timestamp = null, $range = null)
{
if (strlen($code) !== $this->getCodeLength()) {
throw new \InvalidArgumentException('Incorrect code length');
}
$range = ($range == null) ? $this->getRange() : $range;
$timestamp = ($timestamp == null) ? $this->generateTimestamp() : $timestamp;
$initKey = ($initKey == null) ? $this->getInitKey() : $initKey;
$binary = $this->base32_decode($initKey);
for ($time = ($timestamp - $range); $time <= ($timestamp + $range); $time++) {
if ($this->generateOneTime($binary, $time) == $code) {
return true;
}
}
return false;
}
/**
* Generate a one-time code
*
* @param string $initKey Initialization key [optional]
* @param string $timestamp Timestamp for calculation [optional]
* @return string Geneerated code/hash
*/
public function generateOneTime($initKey = null, $timestamp = null)
{
$initKey = ($initKey == null) ? $this->getInitKey() : $initKey;
$timestamp = ($timestamp == null) ? $this->generateTimestamp() : $timestamp;
$hash = hash_hmac (
'sha1',
pack('N*', 0) . pack('N*', $timestamp),
$initKey,
true
);
return str_pad($this->truncateHash($hash), $this->getCodeLength(), '0', STR_PAD_LEFT);
}
/**
* Generate a code/hash
* Useful for making Initialization codes
*
* @param integer $length Length for the generated code
* @return string Generated code
*/
public function generateCode($length = 16)
{
$lookup = implode('', array_keys($this->getLookup()));
$code = '';
for ($i = 0; $i < $length; $i++) {
$code .= $lookup[mt_rand(0, strlen($lookup)-1)];
}
return $code;
}
/**
* Geenrate the timestamp for the calculation
*
* @return integer Timestamp
*/
public function generateTimestamp()
{
return floor(microtime(true)/$this->getRefresh());
}
/**
* Truncate the given hash down to just what we need
*
* @param string $hash Hash to truncate
* @return string Truncated hash value
*/
public function truncateHash($hash)
{
$offset = ord($hash[19]) & 0xf;
return (
((ord($hash[$offset+0]) & 0x7f) << 24 ) |
((ord($hash[$offset+1]) & 0xff) << 16 ) |
((ord($hash[$offset+2]) & 0xff) << 8 ) |
(ord($hash[$offset+3]) & 0xff)
) % pow(10, $this->getCodeLength());
}
/**
* Base32 decoding function
*
* @param string base32 encoded hash
* @throws \InvalidArgumentException When hash is not valid
* @return string Binary value of hash
*/
public function base32_decode($hash)
{
$lookup = $this->getLookup();
if (preg_match('/^['.implode('', array_keys($lookup)).']+$/', $hash) == false) {
throw new \InvalidArgumentException('Invalid base32 hash!');
}
$hash = strtoupper($hash);
$buffer = 0;
$length = 0;
$binary = '';
for ($i = 0; $i < strlen($hash); $i++) {
$buffer = $buffer << 5;
$buffer += $lookup[$hash[$i]];
$length += 5;
if ($length >= 8) {
$length -= 8;
$binary .= chr(($buffer & (0xFF << $length)) >> $length);
}
}
return $binary;
}
}