mirror/php-auth
1
0
Fork 0
mirror of https://github.com/delight-im/PHP-Auth.git synced 2025-07-30 21:00:13 +02:00
Code Issues Releases Wiki Activity

Prefer numerical OTPs for setup and usage of 2FA via SMS and email

Browse Source
This commit is contained in:
Marco
2024-07-04 17:58:22 +02:00
parent d2602121ab
commit e5bc48eaa6
1 changed files with 20 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/Auth.php
View File

@@ -1360,8 +1360,26 @@ final class Auth extends UserManager {
private function generateAndStoreRandomOneTimePassword($userId, $mechanism) {
// generate a random one-time password
$otpLength = 6;
$otpValue = \strtoupper(\substr(\Delight\Otp\Otp::createSecret(\Delight\Otp\Otp::SHARED_SECRET_STRENGTH_LOW), 0, $otpLength));
$otpValue = null;
if (\PHP_VERSION_ID >= 70000) {
try {
$otpValue = \random_int(0, 999999);
$otpValue = \sprintf('%06d', $otpValue);
}
catch (\Exception $e) {
$otpValue = null;
}
}
if (empty($otpValue)) {
$otpValue = \Delight\Otp\Otp::createSecret(\Delight\Otp\Otp::SHARED_SECRET_STRENGTH_LOW);
$otpValue = \substr($otpValue, 0, 6);
$otpValue = \strtoupper($otpValue);
}
// create a selector/token pair from the generated one-time password
$otpValueSelector = self::createSelectorForOneTimePassword($otpValue, $userId);
$otpValueToken = \password_hash($otpValue, \PASSWORD_DEFAULT);