Pro-Idler/AccountHub
1
0
Fork 0
forked from Business/AccountHub
Code Issues Pull Requests Projects Releases Wiki Activity

Add generatesynccode mobile API (Business/MobileApp/issues/15)

Browse Source
This commit is contained in:
Skylar Ittner 2018-11-08 21:19:25 -07:00
parent 4c135d6e59
commit eee5af3081
2 changed files with 46 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
langs/en/2fa.json
View File

@ -12,5 +12,6 @@
"secret key": "Secret key",
"label": "Label",
"issuer": "Issuer",
"no such code or code expired": "That code is incorrect or expired."
"no such code or code expired": "That code is incorrect or expired.",
"2-factor is enabled, you need to use the QR code or manual setup for security reasons": "2-factor is enabled, you need to use the QR code or manual setup for security reasons."
}

44
mobile/index.php
View File

@ -32,12 +32,19 @@ $username = strtolower($VARS['username']);
$key = strtoupper($VARS['key']);
// Make sure the username and key are actually legit
$user_key_valid = $database->has('mobile_codes', ['[>]accounts' => ['uid' => 'uid']], ["AND" => ['mobile_codes.code' => $key, 'accounts.username' => $username]]);
if ($user_key_valid !== TRUE) {
// Don't check key if we're trying to generate one
if ($VARS['action'] == "generatesynccode") {
if (!User::byUsername($username)->exists()) {
Log::insert(LogType::MOBILE_LOGIN_FAILED, null, "Username: " . $username . ", Key: " . $key);
die(json_encode(["status" => "ERROR", "msg" => "Invalid username and/or access key."]));
}
} else {
$user_key_valid = $database->has('mobile_codes', ['[>]accounts' => ['uid' => 'uid']], ["AND" => ['mobile_codes.code' => $key, 'accounts.username' => $username]]);
if ($user_key_valid !== TRUE) {
engageRateLimit();
//http_response_code(401);
Log::insert(LogType::MOBILE_BAD_KEY, null, "Username: " . $username . ", Key: " . $key);
die(json_encode(["status" => "ERROR", "msg" => "Invalid username and/or access key."]));
}
}
// Obscure key
@ -200,6 +207,37 @@ switch ($VARS['action']) {
exit(json_encode(["status" => "ERROR", "msg" => $ex->getMessage()]));
}
break;
case "hasotp":
if (!empty($VARS['username'])) {
$user = User::byUsername($VARS['username']);
} else if (!empty($VARS['uid'])) {
$user = new User($VARS['uid']);
} else {
http_response_code(400);
die("\"400 Bad Request\"");
}
exit(json_encode(["status" => "OK", "otp" => $user->has2fa()]));
break;
case "generatesynccode":
$user = User::byUsername($username);
if ($user->has2fa()) {
exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("2-factor is enabled, you need to use the QR code or manual setup for security reasons", false)]));
}
if ($user->getStatus()->get() != AccountStatus::NORMAL) {
Log::insert(LogType::MOBILE_LOGIN_FAILED, null, "Username: " . $username . ", Key: " . $key);
exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("login failed try on web", false)]));
}
if ($user->checkPassword($VARS['password'])) {
Log::insert(LogType::MOBILE_LOGIN_OK, $user->getUID(), "Key: " . $key);
$code = strtoupper(substr(md5(mt_rand() . uniqid("", true)), 0, 20));
$desc = htmlspecialchars($VARS['desc']);
$database->insert('mobile_codes', ['uid' => $user->getUID(), 'code' => $code, 'description' => $desc]);
exit(json_encode(["status" => "OK", "code" => $code]));
} else {
Log::insert(LogType::MOBILE_LOGIN_FAILED, null, "Username: " . $username . ", Key: " . $key);
exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("login incorrect", false)]));
}
default:
http_response_code(404);
die(json_encode(["status" => "ERROR", "msg" => "The requested action is not available."]));