mirror of
https://github.com/PawelSuwinski/moodle-auth_emailotp.git
synced 2026-05-16 21:41:27 +02:00
user_login: otpperiod logchecker
This commit is contained in:
Paweł Suwiński
64
auth.php
64
auth.php
@@ -80,10 +80,10 @@ class auth_plugin_emailotp extends auth_plugin_base {
|
|||||||
if (isset($_SESSION[self::COMPONENT_NAME]) &&
|
if (isset($_SESSION[self::COMPONENT_NAME]) &&
|
||||||
$_SESSION[self::COMPONENT_NAME]['credentials'] === static::get_credentials($username)) {
|
$_SESSION[self::COMPONENT_NAME]['credentials'] === static::get_credentials($username)) {
|
||||||
if (empty($password)) {
|
if (empty($password)) {
|
||||||
return (bool) $this->redirect($username, notification::NOTIFY_INFO);
|
return (bool) $this->redirect($username, 'otpsent', notification::NOTIFY_INFO);
|
||||||
} else if (password_verify($password, $_SESSION[self::COMPONENT_NAME]['password'])) {
|
} else if (password_verify($password, $_SESSION[self::COMPONENT_NAME]['password'])) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// OTP request - do not proceed on preventaccountcreation when user not exits.
|
// OTP request - do not proceed on preventaccountcreation when user not exits.
|
||||||
if (!isset($_SESSION[self::COMPONENT_NAME]) && empty($password) && (
|
if (!isset($_SESSION[self::COMPONENT_NAME]) && empty($password) && (
|
||||||
@@ -93,23 +93,24 @@ class auth_plugin_emailotp extends auth_plugin_base {
|
|||||||
'auth' => $this->authtype,
|
'auth' => $this->authtype,
|
||||||
'deleted' => 0,
|
'deleted' => 0,
|
||||||
]))) {
|
]))) {
|
||||||
if ($this->gen_otp($username)) {
|
if (!$this->min_request_period_fulfilled($username)) {
|
||||||
|
$this->redirect($username, 'otpperiod', notification::NOTIFY_WARNING);
|
||||||
|
} else if ($this->gen_otp($username)) {
|
||||||
\auth_emailotp\event\otp_generated::create(array(
|
\auth_emailotp\event\otp_generated::create(array(
|
||||||
'other' => array('email' => $username),
|
'other' => array('email' => $username),
|
||||||
))->trigger();
|
))->trigger();
|
||||||
$this->redirect($username, notification::NOTIFY_SUCCESS);
|
$this->redirect($username, 'otpsent', notification::NOTIFY_SUCCESS);
|
||||||
} else {
|
} else {
|
||||||
$this->redirect($username, notification::NOTIFY_ERROR);
|
$this->redirect($username, 'otpsent', notification::NOTIFY_ERROR);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// OTP exits but validation failed - reset if revoke threshold is set.
|
// OTP exits but validation failed - reset if revoke threshold is set.
|
||||||
if (isset($_SESSION[self::COMPONENT_NAME])) {
|
if (isset($_SESSION[self::COMPONENT_NAME])) {
|
||||||
$_SESSION[self::COMPONENT_NAME]['login_failed_count']++;
|
$_SESSION[self::COMPONENT_NAME]['login_failed_count']++;
|
||||||
if (!empty($this->config->revokethreshold) &&
|
if (!empty($this->config->revokethreshold) &&
|
||||||
$_SESSION[self::COMPONENT_NAME]['login_failed_count'] >= $this->config->revokethreshold) {
|
$_SESSION[self::COMPONENT_NAME]['login_failed_count'] >= $this->config->revokethreshold) {
|
||||||
unset($_SESSION[self::COMPONENT_NAME]);
|
unset($_SESSION[self::COMPONENT_NAME]);
|
||||||
\core\notification::add(
|
\core\notification::add(get_string('otprevoked', self::COMPONENT_NAME),
|
||||||
(string)new lang_string('otprevoked', self::COMPONENT_NAME, null, $CFG->lang),
|
|
||||||
notification::NOTIFY_WARNING
|
notification::NOTIFY_WARNING
|
||||||
);
|
);
|
||||||
\auth_emailotp\event\otp_revoked::create(array(
|
\auth_emailotp\event\otp_revoked::create(array(
|
||||||
@@ -216,12 +217,9 @@ class auth_plugin_emailotp extends auth_plugin_base {
|
|||||||
'email' => $username,
|
'email' => $username,
|
||||||
),
|
),
|
||||||
core_user::get_support_user(),
|
core_user::get_support_user(),
|
||||||
sprintf(
|
sprintf('%s: %s', format_string(get_site()->fullname),
|
||||||
'%s: %s',
|
get_string('otpgeneratedsubj', self::COMPONENT_NAME, $a)),
|
||||||
format_string(get_site()->fullname),
|
get_string('otpgeneratedtext', self::COMPONENT_NAME, $a)
|
||||||
(string)new lang_string('otpgeneratedsubj', self::COMPONENT_NAME, $a, $CFG->lang)
|
|
||||||
),
|
|
||||||
(string)new lang_string('otpgeneratedtext', self::COMPONENT_NAME, $a, $CFG->lang)
|
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -232,13 +230,35 @@ class auth_plugin_emailotp extends auth_plugin_base {
|
|||||||
* @param string $msg
|
* @param string $msg
|
||||||
* @return void
|
* @return void
|
||||||
*/
|
*/
|
||||||
protected function redirect(string $username, string $msg) {
|
protected function redirect(string $username, string $msg, string $level) {
|
||||||
global $CFG;
|
global $CFG;
|
||||||
redirect(
|
redirect(get_login_url().'?username='.urlencode($username),
|
||||||
get_login_url().'?username='.urlencode($username),
|
get_string($msg.$level, self::COMPONENT_NAME), null, $level);
|
||||||
(string)new lang_string('otpsent'.$msg, self::COMPONENT_NAME, null, $CFG->lang),
|
}
|
||||||
null,
|
|
||||||
$msg
|
/**
|
||||||
);
|
* min_request_period_fulfilled
|
||||||
|
*
|
||||||
|
* @param string $email
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
protected function min_request_period_fulfilled(string $email) {
|
||||||
|
// Min request period security disabled.
|
||||||
|
if(empty($this->config->minrequestperiod)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
// Log reader required - silently return failure on absence.
|
||||||
|
if(!$reader = reset(get_log_manager()->get_readers('\core\log\sql_reader'))) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
return $reader->get_events_select_count(
|
||||||
|
'component = ? AND action = ? AND timecreated >= ? AND other = ?',
|
||||||
|
array(
|
||||||
|
self::COMPONENT_NAME,
|
||||||
|
'generated',
|
||||||
|
time() - $this->config->minrequestperiod,
|
||||||
|
json_encode(['email' => $email]),
|
||||||
|
)
|
||||||
|
) === 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user