google authenticator support, RT#86743

author Ivan Kohler <ivan@freeside.biz>

Thu, 8 Sep 2022 00:31:31 +0000 (17:31 -0700)

committer Ivan Kohler <ivan@freeside.biz>

Thu, 8 Sep 2022 00:31:31 +0000 (17:31 -0700)
author Ivan Kohler <ivan@freeside.biz>
Thu, 8 Sep 2022 00:31:31 +0000 (17:31 -0700)
committer Ivan Kohler <ivan@freeside.biz>
Thu, 8 Sep 2022 00:31:31 +0000 (17:31 -0700)
diff --git a/FS/FS/Auth/internal.pm b/FS/FS/Auth/internal.pm

index dfc5f30..92dff03 100644 (file)
--- a/FS/FS/Auth/internal.pm
+++ b/FS/FS/Auth/internal.pm
@@ -7,7 +7,7 @@ use FS::Record qw( qsearchs );
  use FS::access_user;
  
  sub authenticate {
-  my($self, $username, $check_password ) = @_;
+  my($self, $username, $check_password, $totp_code ) = @_;
  
    my $access_user =
      ref($username) ? $username
@@ -17,6 +17,7 @@ sub authenticate {
                               )
      or return 0;
  
+  my $pw_check;
    if ( $access_user->_password_encoding eq 'bcrypt' ) {
  
      my( $cost, $salt, $hash ) = split(',', $access_user->_password);
@@ -29,17 +30,21 @@ sub authenticate {
                                             )
                                );
  
-    $hash eq $check_hash;
+    $pw_check = $hash eq $check_hash;
  
-  } else { 
+  } else {
  
      return 0 if $access_user->_password eq 'notyet'
               || $access_user->_password eq '';
  
-    $access_user->_password eq $check_password;
+    $pw_check = $access_user->_password eq $check_password;
  
    }
  
+  return $pw_check if ! $pw_check || ! length($access_user->totp_secret32);
+
+  #2fa
+  $access_user->google_auth->verify( $totp_code, 1 );
  }
  
  sub autocreate { 0; }
author	Ivan Kohler <ivan@freeside.biz>
	Thu, 8 Sep 2022 00:31:31 +0000 (17:31 -0700)
committer	Ivan Kohler <ivan@freeside.biz>
	Thu, 8 Sep 2022 00:31:31 +0000 (17:31 -0700)