1<?php
2// must be run within Dokuwiki
3if(!defined('DOKU_INC')) die();
4//Load the PHPGangsta_GoogleAuthenticator Class
5require_once(dirname(__FILE__).'/GoogleAuthenticator.php');
6require_once(dirname(__FILE__).'/TokenHelper.php');
7/**
8 * Google Authenticator Two Factor Authentication
9 *
10 * @author Andreas Böhler <dev@aboehler.at>
11 * @author Daniel Popp dan@danpopp.net
12 */
13class auth_plugin_authg2fa extends auth_plugin_authplain  {
14    function __construct() {
15        parent::__construct();
16    }
17    function __destruct() {
18        //parent::__destruct();
19    }
20
21    function checkPass($user,$pass) {
22        $th = new TokenHelper();
23        $secret = $th->getSecret($user);
24        if($secret != "") {
25          define('GOOGLE_AUTH_SECRET', $secret);
26          $twofactor = true;
27        }
28        else {
29          $twofactor = false;
30        }
31        $tslack = $this->getConf("g2fa_timeout_slack");
32        $enable = $this->getConf("g2fa_enable");
33        $force = $this->getConf("g2fa_force");
34        $hint = $this->getConf("g2fa_hint");
35        if($enable == 1) { // The plugin is at least enabled!
36          if(!$twofactor) { // There is no secret for the given user..
37            if($force) {
38              msg($this->getLang('force'));
39              $log = array('message' => 'authg2fa: login failed. No token found for the current user', 'user' => $user);
40              trigger_event('PLUGIN_LOGLOG_LOG', $log);
41              return false;
42            }
43            else if($hint) {
44              $log = array('message' => 'authg2fa: passing login to parent. No token found for the current user', 'user' => $user);
45              trigger_event('PLUGIN_LOGLOG_LOG', $log);
46              msg($this->getLang('hint'));
47            }
48          }
49          else { // 2FA is enabled AND we have a secret, so let's check it
50            if(isset($_POST['p'])) {
51              $ga = new PHPGangsta_GoogleAuthenticator();
52              $twofa = $_POST['t'];
53              $checkResult = $ga->verifyCode($secret, $twofa, $tslack);
54            }
55            else {
56              $checkResult = false;
57            }
58            if(!$checkResult) { // 2FA code didn't match OR no password supplied
59              $log = array('message' => 'authg2fa: login failed. Token did not match or no token supplied', 'user' => $user);
60              trigger_event('PLUGIN_LOGLOG_LOG', $log);
61              return false;
62            }
63          }
64        }
65        return parent::checkPass($user,$pass);
66    }
67}
68?>
69