public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-13 01:25:56 +00:00
Code Issues Releases Wiki Activity

use separate database column for OTP secrets (migrate previous format if needed)

Browse Source
This commit is contained in:
Andrew Dolgov
2021-03-05 17:40:17 +03:00
parent 2aed79d729
commit 2cd159e2ce
3 changed files with 38 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
classes/userhelper.php
View File

@@ -240,6 +240,12 @@ class UserHelper {
if ($user) {
$user->otp_enabled = false;
// force new OTP secret when next enabled
if (Config::get_schema_version() >= 143) {
$user->otp_secret = null;
}
$user->save();
return true;
@@ -281,8 +287,32 @@ class UserHelper {
$user = ORM::for_table('ttrss_users')->find_one($owner_uid);
if ($user) {
if (!$user->otp_enabled || $show_if_enabled)
return \ParagonIE\ConstantTime\Base32::encodeUpperUnpadded(mb_substr(sha1($user->salt), 0, 12));
$salt_based_secret = mb_substr(sha1($user->salt), 0, 12);
if (Config::get_schema_version() >= 143) {
$secret = $user->otp_secret;
if (empty($secret)) {
/* migrate secret if OTP is already enabled, otherwise make a new one */
if ($user->otp_enabled) {
$user->otp_secret = $salt_based_secret;
} else {
$user->otp_secret = bin2hex(get_random_bytes(6));
}
$user->save();
$secret = $user->otp_secret;
}
} else {
$secret = $salt_based_secret;
}
if (!$user->otp_enabled || $show_if_enabled) {
return \ParagonIE\ConstantTime\Base32::encodeUpperUnpadded($secret);
}
}
return null;