Nosial/socialbox-php
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add OTP support with implementation for creation, deletion, and verification.

Browse source
This commit is contained in:
netkas 2025-01-07 14:15:07 -05:00
parent d9c8208310
commit 866bb90f2a
8 changed files with 572 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

93
src/Socialbox/Classes/StandardMethods/SettingsDeleteOtp.php Normal file
View file

@ -0,0 +1,93 @@
<?php
namespace Socialbox\Classes\StandardMethods;
use Exception;
use Socialbox\Abstracts\Method;
use Socialbox\Classes\Configuration;
use Socialbox\Classes\Cryptography;
use Socialbox\Enums\Flags\SessionFlags;
use Socialbox\Enums\StandardError;
use Socialbox\Exceptions\DatabaseOperationException;
use Socialbox\Exceptions\StandardException;
use Socialbox\Interfaces\SerializableInterface;
use Socialbox\Managers\OneTimePasswordManager;
use Socialbox\Managers\PasswordManager;
use Socialbox\Managers\SessionManager;
use Socialbox\Objects\ClientRequest;
use Socialbox\Objects\RpcRequest;
class SettingsDeleteOtp extends Method
{
/**
* @inheritDoc
*/
public static function execute(ClientRequest $request, RpcRequest $rpcRequest): ?SerializableInterface
{
if(Configuration::getRegistrationConfiguration()->isOtpRequired())
{
return $rpcRequest->produceError(StandardError::METHOD_NOT_ALLOWED, 'One Time Password is required for this server');
}
$peer = $request->getPeer();
try
{
if (!OneTimePasswordManager::usesOtp($peer->getUuid()))
{
return $rpcRequest->produceError(StandardError::METHOD_NOT_ALLOWED, "Cannot delete One Time Password when none is set");
}
}
catch (DatabaseOperationException $e)
{
throw new StandardException('Failed to check One Time Password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e);
}
try
{
$usesPassword = PasswordManager::usesPassword($peer);
}
catch (DatabaseOperationException $e)
{
throw new StandardException('Failed to check password usage due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e);
}
// Password verification is required to set an OTP if a password is set
if($usesPassword)
{
if(!$rpcRequest->containsParameter('password'))
{
return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, 'When a password is set, the current password must be provided to delete an OTP');
}
if(!Cryptography::validateSha512($rpcRequest->getParameter('password')))
{
return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, 'The provided password is not a valid SHA-512 hash');
}
try
{
if(!PasswordManager::verifyPassword($peer, $rpcRequest->getParameter('password')))
{
return $rpcRequest->produceError(StandardError::FORBIDDEN, 'The provided password is incorrect');
}
}
catch(Exception $e)
{
throw new StandardException('Failed to verify password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e);
}
}
try
{
// Delete the OTP
OneTimePasswordManager::deleteOtp($peer);
}
catch(Exception $e)
{
throw new StandardException('Failed to set password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e);
}
return $rpcRequest->produceResponse(true);
}
}

90
src/Socialbox/Classes/StandardMethods/SettingsSetOtp.php Normal file
View file

@ -0,0 +1,90 @@
<?php
namespace Socialbox\Classes\StandardMethods;
use Exception;
use Socialbox\Abstracts\Method;
use Socialbox\Classes\Cryptography;
use Socialbox\Enums\Flags\SessionFlags;
use Socialbox\Enums\StandardError;
use Socialbox\Exceptions\DatabaseOperationException;
use Socialbox\Exceptions\StandardException;
use Socialbox\Interfaces\SerializableInterface;
use Socialbox\Managers\OneTimePasswordManager;
use Socialbox\Managers\PasswordManager;
use Socialbox\Managers\SessionManager;
use Socialbox\Objects\ClientRequest;
use Socialbox\Objects\RpcRequest;
class SettingsSetOtp extends Method
{
/**
* @inheritDoc
*/
public static function execute(ClientRequest $request, RpcRequest $rpcRequest): ?SerializableInterface
{
$peer = $request->getPeer();
try
{
if (OneTimePasswordManager::usesOtp($peer->getUuid()))
{
return $rpcRequest->produceError(StandardError::METHOD_NOT_ALLOWED, "Cannot set One Time Password when one is already set, use 'settingsUpdateOtp' instead");
}
}
catch (DatabaseOperationException $e)
{
throw new StandardException('Failed to check One Time Password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e);
}
try
{
$usesPassword = PasswordManager::usesPassword($peer);
}
catch (DatabaseOperationException $e)
{
throw new StandardException('Failed to check password usage due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e);
}
// Password verification is required to set an OTP if a password is set
if($usesPassword)
{
if(!$rpcRequest->containsParameter('password'))
{
return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, 'When a password is set, the current password must be provided to set an OTP');
}
if(!Cryptography::validateSha512($rpcRequest->getParameter('password')))
{
return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, 'The provided password is not a valid SHA-512 hash');
}
try
{
if(!PasswordManager::verifyPassword($peer, $rpcRequest->getParameter('password')))
{
return $rpcRequest->produceError(StandardError::FORBIDDEN, 'The provided password is incorrect');
}
}
catch(Exception $e)
{
throw new StandardException('Failed to verify password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e);
}
}
try
{
// Create a new OTP and return the OTP URI to the client
$totpUri = OneTimePasswordManager::createOtp($peer);
// Remove the SET_PASSWORD flag & update the session flow if necessary
SessionManager::updateFlow($request->getSession(), [SessionFlags::SET_OTP]);
}
catch(Exception $e)
{
throw new StandardException('Failed to set password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e);
}
return $rpcRequest->produceResponse($totpUri);
}
}

63
src/Socialbox/Classes/StandardMethods/VerificationOtpAuthentication.php Normal file
View file

@ -0,0 +1,63 @@
<?php
namespace Socialbox\Classes\StandardMethods;
use Exception;
use Socialbox\Abstracts\Method;
use Socialbox\Classes\Configuration;
use Socialbox\Enums\Flags\SessionFlags;
use Socialbox\Enums\StandardError;
use Socialbox\Exceptions\CryptographyException;
use Socialbox\Exceptions\StandardException;
use Socialbox\Interfaces\SerializableInterface;
use Socialbox\Managers\OneTimePasswordManager;
use Socialbox\Managers\SessionManager;
use Socialbox\Objects\ClientRequest;
use Socialbox\Objects\RpcRequest;
class VerificationOtpAuthentication extends Method
{
/**
* @inheritDoc
*/
public static function execute(ClientRequest $request, RpcRequest $rpcRequest): ?SerializableInterface
{
if(!$rpcRequest->containsParameter('code'))
{
return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Missing 'code' parameter");
}
if(strlen($rpcRequest->getParameter('code')) !== Configuration::getSecurityConfiguration()->getOtpDigits())
{
return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Invalid 'code' parameter length");
}
$session = $request->getSession();
if(!$session->flagExists(SessionFlags::VER_OTP))
{
return $rpcRequest->produceError(StandardError::FORBIDDEN, 'One Time Password verification is not required at this time');
}
try
{
$result = OneTimePasswordManager::verifyOtp($request->getPeer(), $rpcRequest->getParameter('code'));
if($result)
{
// If the OTP is verified, remove the OTP verification flag
SessionManager::updateFlow($session, [SessionFlags::VER_OTP]);
}
}
catch (CryptographyException)
{
return $rpcRequest->produceResponse(false);
}
catch (Exception $e)
{
throw new StandardException('Failed to verify password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e);
}
return $rpcRequest->produceResponse($result);
}
}