class GALoginHotpSetup in Google Authenticator login 8
HOTP setup class to setup HOTP validation.
Plugin annotation
@TfaSetup(
id = "ga_login_hotp_setup",
label = @Translation("GA Login Hotp Setup"),
description = @Translation("GA Login Hotp Setup Plugin"),
helpLinks = {
"Google Authenticator (Android/iPhone/BlackBerry)" = "https://support.google.com/accounts/answer/1066447?hl=en",
"Authy (Android/iPhone)" = "http://authy.com/download/",
"FreeOTP (Android)" = "https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp",
"GAuth Authenticator (desktop)" = "https://github.com/gbraad/html5-google-authenticator"
},
setupMessages = {
"saved" = @Translation("Application code verified."),
"skipped" = @Translation("Application codes not enabled.")
}
)
Hierarchy
- class \Drupal\Component\Plugin\PluginBase implements DerivativeInspectionInterface, PluginInspectionInterface
- class \Drupal\tfa\Plugin\TfaBasePlugin uses DependencySerializationTrait, TfaDataTrait
- class \Drupal\ga_login\Plugin\TfaValidation\GALoginHotpValidation implements ContainerFactoryPluginInterface, TfaValidationInterface uses StringTranslationTrait
- class \Drupal\ga_login\Plugin\TfaSetup\GALoginHotpSetup implements TfaSetupInterface
- class \Drupal\ga_login\Plugin\TfaValidation\GALoginHotpValidation implements ContainerFactoryPluginInterface, TfaValidationInterface uses StringTranslationTrait
- class \Drupal\tfa\Plugin\TfaBasePlugin uses DependencySerializationTrait, TfaDataTrait
Expanded class hierarchy of GALoginHotpSetup
File
- src/
Plugin/ TfaSetup/ GALoginHotpSetup.php, line 38
Namespace
Drupal\ga_login\Plugin\TfaSetupView source
class GALoginHotpSetup extends GALoginHotpValidation implements TfaSetupInterface {
/**
* Un-encrypted seed.
*
* @var string
*/
protected $seed;
/**
* {@inheritdoc}
*/
public function __construct(array $configuration, $plugin_id, $plugin_definition, UserDataInterface $user_data, EncryptionProfileManagerInterface $encryption_profile_manager, EncryptServiceInterface $encrypt_service, ConfigFactoryInterface $config_factory, TimeInterface $time) {
parent::__construct($configuration, $plugin_id, $plugin_definition, $user_data, $encryption_profile_manager, $encrypt_service, $config_factory, $time);
// Generate seed.
$this
->setSeed($this
->createSeed());
}
/**
* {@inheritdoc}
*/
public function getSetupForm(array $form, FormStateInterface $form_state) {
$help_links = $this
->getHelpLinks();
$items = [];
foreach ($help_links as $item => $link) {
$items[] = Link::fromTextAndUrl($item, Url::fromUri($link, [
'attributes' => [
'target' => '_blank',
],
]));
}
$form['apps'] = [
'#theme' => 'item_list',
'#items' => $items,
'#title' => $this
->t('Install authentication code application on your mobile or desktop device:'),
];
$form['info'] = [
'#type' => 'html_tag',
'#tag' => 'p',
'#value' => $this
->t('The two-factor authentication application will be used during this setup and for generating codes during regular authentication. If the application supports it, scan the QR code below to get the setup code otherwise you can manually enter the text code.'),
];
$form['seed'] = [
'#type' => 'textfield',
'#value' => $this->seed,
'#disabled' => TRUE,
'#description' => $this
->t('Enter this code into your two-factor authentication app or scan the QR code below.'),
];
// QR image of seed.
$form['qr_image'] = [
'#prefix' => '<div class="ga-login-qr-code"',
'#theme' => 'image',
'#uri' => $this
->getQrCodeUri(),
'#alt' => $this
->t('QR code for TFA setup'),
'#suffix' => '</div>',
];
// QR code css giving it a fixed width.
$form['page']['#attached']['html_head'][] = [
[
'#tag' => 'style',
'#value' => ".ga-login-qr-code { width:200px }",
],
'qrcode-css',
];
// Include code entry form.
$form = $this
->getForm($form, $form_state);
$form['actions']['login']['#value'] = $this
->t('Verify and save');
// Alter code description.
$form['code']['#description'] = $this
->t('A verification code will be generated after you scan the above QR code or manually enter the setup code. The verification code is six digits long.');
return $form;
}
/**
* {@inheritdoc}
*/
public function validateSetupForm(array $form, FormStateInterface $form_state) {
if (!$this
->validate($form_state
->getValue('code'))) {
$this->errorMessages['code'] = $this
->t('Invalid application code. Please try again.');
return FALSE;
}
$this
->storeAcceptedCode($form_state
->getValue('code'));
return TRUE;
}
/**
* {@inheritdoc}
*/
protected function validate($code) {
// The counter is set as 1 because that is the initial value.
// This ensures that things work even if we reset the application.
$code = preg_replace('/\\s+/', '', $code);
$counter = $this->auth->otp
->checkHotpResync(Encoding::base32DecodeUpper($this->seed), 1, $code, $this->counterWindow);
$this
->setUserData('tfa', [
'tfa_hotp_counter' => ++$counter,
], $this->uid, $this->userData);
return (bool) $counter;
}
/**
* {@inheritdoc}
*/
public function submitSetupForm(array $form, FormStateInterface $form_state) {
// Write seed for user.
$this
->storeSeed($this->seed);
return TRUE;
}
/**
* Get a base64 qrcode image uri of seed.
*
* @return string
* QR-code uri.
*/
protected function getQrCodeUri() {
return (new QRCode())
->render('otpauth://hotp/' . $this
->accountName() . '?secret=' . $this->seed . '&counter=1&issuer=' . urlencode($this->issuer));
}
/**
* Create OTP seed for account.
*
* @return string
* Un-encrypted seed.
*/
protected function createSeed() {
return $this->auth->ga
->generateRandom();
}
/**
* Setter for OTP secret key.
*
* @param string $seed
* The OTP secret key.
*/
public function setSeed($seed) {
$this->seed = $seed;
}
/**
* Get account name for QR image.
*
* @return string
* URL encoded string.
*/
protected function accountName() {
/** @var \Drupal\user\Entity\User $account */
$account = User::load($this->configuration['uid']);
$prefix = $this->siteNamePrefix ? preg_replace('@[^a-z0-9-]+@', '-', strtolower(\Drupal::config('system.site')
->get('name'))) : $this->namePrefix;
return urlencode($prefix . '-' . $account
->getAccountName());
}
/**
* {@inheritdoc}
*/
public function getOverview(array $params) {
$plugin_text = $this
->t('Validation Plugin: @plugin', [
'@plugin' => str_replace(' Setup', '', $this
->getLabel()),
]);
$output = [
'heading' => [
'#type' => 'html_tag',
'#tag' => 'h2',
'#value' => $this
->t('TFA application'),
],
'validation_plugin' => [
'#type' => 'markup',
'#markup' => '<p>' . $plugin_text . '</p>',
],
'description' => [
'#type' => 'html_tag',
'#tag' => 'p',
'#value' => $this
->t('Generate verification codes from a mobile or desktop application.'),
],
'link' => [
'#theme' => 'links',
'#links' => [
'admin' => [
'title' => !$params['enabled'] ? $this
->t('Set up application') : $this
->t('Reset application'),
'url' => Url::fromRoute('tfa.validation.setup', [
'user' => $params['account']
->id(),
'method' => $params['plugin_id'],
]),
],
],
],
];
return $output;
}
/**
* {@inheritdoc}
*/
public function getHelpLinks() {
return $this->pluginDefinition['helpLinks'];
}
/**
* {@inheritdoc}
*/
public function getSetupMessages() {
return $this->pluginDefinition['setupMessages'] ?: '';
}
}
Members
Name | Modifiers | Type | Description | Overrides |
---|---|---|---|---|
DependencySerializationTrait:: |
protected | property | An array of entity type IDs keyed by the property name of their storages. | |
DependencySerializationTrait:: |
protected | property | An array of service IDs keyed by property name used for serialization. | |
DependencySerializationTrait:: |
public | function | 1 | |
DependencySerializationTrait:: |
public | function | 2 | |
GALoginHotpSetup:: |
protected | property | Un-encrypted seed. | |
GALoginHotpSetup:: |
protected | function | Get account name for QR image. | |
GALoginHotpSetup:: |
protected | function | Create OTP seed for account. | |
GALoginHotpSetup:: |
public | function |
Returns a list of links containing helpful information for plugin use. Overrides TfaSetupInterface:: |
|
GALoginHotpSetup:: |
public | function |
Plugin overview page. Overrides TfaSetupInterface:: |
|
GALoginHotpSetup:: |
protected | function | Get a base64 qrcode image uri of seed. | |
GALoginHotpSetup:: |
public | function |
Get the setup form for the validation method. Overrides TfaSetupInterface:: |
|
GALoginHotpSetup:: |
public | function |
Returns a list of messages for plugin step. Overrides TfaSetupInterface:: |
|
GALoginHotpSetup:: |
public | function | Setter for OTP secret key. | |
GALoginHotpSetup:: |
public | function |
Submit the setup form. Overrides TfaSetupInterface:: |
|
GALoginHotpSetup:: |
protected | function |
Validate code. Overrides GALoginHotpValidation:: |
|
GALoginHotpSetup:: |
public | function |
Validate the setup data. Overrides TfaSetupInterface:: |
|
GALoginHotpSetup:: |
public | function |
Constructs a new Tfa plugin object. Overrides GALoginHotpValidation:: |
|
GALoginHotpValidation:: |
protected | property |
Whether the code has already been used or not. Overrides TfaBasePlugin:: |
|
GALoginHotpValidation:: |
public | property | Object containing the external validation library. | |
GALoginHotpValidation:: |
protected | property | The counter window in which the validation should be done. | |
GALoginHotpValidation:: |
protected | property | Configurable name of the issuer. | |
GALoginHotpValidation:: |
protected | property | Name prefix. | |
GALoginHotpValidation:: |
protected | property | Whether or not the prefix should use the site name. | |
GALoginHotpValidation:: |
protected | property | The Datetime service. | |
GALoginHotpValidation:: |
public | function | The configuration form for this validation plugin. | |
GALoginHotpValidation:: |
public static | function |
Creates an instance of the plugin. Overrides ContainerFactoryPluginInterface:: |
|
GALoginHotpValidation:: |
protected | function | Delete the seed of the current validated user. | |
GALoginHotpValidation:: |
public | function |
Get TFA process form from plugin. Overrides TfaValidationInterface:: |
|
GALoginHotpValidation:: |
public | function | Get the HOTP counter. | |
GALoginHotpValidation:: |
protected | function | Get seed for this account. | |
GALoginHotpValidation:: |
public | function | Returns whether code has already been used or not. | |
GALoginHotpValidation:: |
public | function |
Determine if the plugin can run for the current TFA context. Overrides TfaBasePlugin:: |
|
GALoginHotpValidation:: |
public | function | Save seed for account. | |
GALoginHotpValidation:: |
public | function |
Validate form. Overrides TfaValidationInterface:: |
|
GALoginHotpValidation:: |
public | function | Simple validate for web services. | |
PluginBase:: |
protected | property | Configuration information passed into the plugin. | 1 |
PluginBase:: |
protected | property | The plugin implementation definition. | 1 |
PluginBase:: |
protected | property | The plugin_id. | |
PluginBase:: |
constant | A string which is used to separate base plugin IDs from the derivative ID. | ||
PluginBase:: |
public | function |
Gets the base_plugin_id of the plugin instance. Overrides DerivativeInspectionInterface:: |
|
PluginBase:: |
public | function |
Gets the derivative_id of the plugin instance. Overrides DerivativeInspectionInterface:: |
|
PluginBase:: |
public | function |
Gets the definition of the plugin implementation. Overrides PluginInspectionInterface:: |
3 |
PluginBase:: |
public | function |
Gets the plugin_id of the plugin instance. Overrides PluginInspectionInterface:: |
|
PluginBase:: |
public | function | Determines if the plugin is configurable. | |
StringTranslationTrait:: |
protected | property | The string translation service. | 1 |
StringTranslationTrait:: |
protected | function | Formats a string containing a count of items. | |
StringTranslationTrait:: |
protected | function | Returns the number of plurals supported by a given language. | |
StringTranslationTrait:: |
protected | function | Gets the string translation service. | |
StringTranslationTrait:: |
public | function | Sets the string translation service to use. | 2 |
StringTranslationTrait:: |
protected | function | Translates a string to the current language or to a given language. | |
TfaBasePlugin:: |
protected | property | The user submitted code to be validated. | |
TfaBasePlugin:: |
protected | property | The allowed code length. | |
TfaBasePlugin:: |
protected | property | Encryption profile. | |
TfaBasePlugin:: |
protected | property | Encryption service. | |
TfaBasePlugin:: |
protected | property | The error for the current validation. | |
TfaBasePlugin:: |
protected | property | Whether the validation succeeded or not. | |
TfaBasePlugin:: |
protected | property | The user id. | |
TfaBasePlugin:: |
protected | property | Provides the user data service object. | |
TfaBasePlugin:: |
protected | function | Whether code has already been used. | |
TfaBasePlugin:: |
protected | function | Decrypt a encrypted string. | |
TfaBasePlugin:: |
protected | function | Encrypt a plaintext string. | |
TfaBasePlugin:: |
public | function | Get error messages suitable for form_set_error(). | |
TfaBasePlugin:: |
public | function | Get the plugin label. | |
TfaBasePlugin:: |
protected | function | Store validated code to prevent replay attack. | |
TfaBasePlugin:: |
public | function | Submit form. | 1 |
TfaDataTrait:: |
protected | function | Deletes data stored for the current validated user account. | |
TfaDataTrait:: |
protected | function | Returns data stored for the current validated user account. | |
TfaDataTrait:: |
protected | function | Store user specific information. | |
TfaDataTrait:: |
protected | function | Get TFA data for an account. | |
TfaDataTrait:: |
public | function | Save TFA data for an account. |