diff options
| author | Ivan Kohler <ivan@freeside.biz> | 2022-09-07 17:31:31 -0700 |
|---|---|---|
| committer | Ivan Kohler <ivan@freeside.biz> | 2022-09-07 17:31:31 -0700 |
| commit | 16cfeae489ff1cf4b4fdd5f1ca34d2c4d313174a (patch) | |
| tree | f54ff73a6a4c4bf1fdfb7c9656a6f0a0c32f8895 | |
| parent | 26ddb940ad27ce8ac5e87084eeed857a390987bc (diff) | |
google authenticator support, RT#86743
| -rw-r--r-- | FS/FS/Auth/internal.pm | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/FS/FS/Auth/internal.pm b/FS/FS/Auth/internal.pm index dfc5f30..92dff03 100644 --- a/FS/FS/Auth/internal.pm +++ b/FS/FS/Auth/internal.pm @@ -7,7 +7,7 @@ use FS::Record qw( qsearchs ); use FS::access_user; sub authenticate { - my($self, $username, $check_password ) = @_; + my($self, $username, $check_password, $totp_code ) = @_; my $access_user = ref($username) ? $username @@ -17,6 +17,7 @@ sub authenticate { ) or return 0; + my $pw_check; if ( $access_user->_password_encoding eq 'bcrypt' ) { my( $cost, $salt, $hash ) = split(',', $access_user->_password); @@ -29,17 +30,21 @@ sub authenticate { ) ); - $hash eq $check_hash; + $pw_check = $hash eq $check_hash; - } else { + } else { return 0 if $access_user->_password eq 'notyet' || $access_user->_password eq ''; - $access_user->_password eq $check_password; + $pw_check = $access_user->_password eq $check_password; } + return $pw_check if ! $pw_check || ! length($access_user->totp_secret32); + + #2fa + $access_user->google_auth->verify( $totp_code, 1 ); } sub autocreate { 0; } |