bookstack/app/Auth/Access/Mfa/TotpService.php

<?php

namespace BookStack\Auth\Access\Mfa;

use BaconQrCode\Renderer\Color\Rgb;
use BaconQrCode\Renderer\Image\SvgImageBackEnd;
use BaconQrCode\Renderer\ImageRenderer;
use BaconQrCode\Renderer\RendererStyle\Fill;
use BaconQrCode\Renderer\RendererStyle\RendererStyle;
use BaconQrCode\Writer;
use BookStack\Auth\User;
use PragmaRX\Google2FA\Google2FA;
use PragmaRX\Google2FA\Support\Constants;

class TotpService
{
    protected $google2fa;

    public function __construct(Google2FA $google2fa)
    {
        $this->google2fa = $google2fa;
        // Use SHA1 as a default, Personal testing of other options in 2021 found
        // many apps lack support for other algorithms yet still will scan
        // the code causing a confusing UX.
        $this->google2fa->setAlgorithm(Constants::SHA1);
    }

    /**
     * Generate a new totp secret key.
     */
    public function generateSecret(): string
    {
        /** @noinspection PhpUnhandledExceptionInspection */
        return $this->google2fa->generateSecretKey();
    }

    /**
     * Generate a TOTP URL from secret key.
     */
    public function generateUrl(string $secret, User $user): string
    {
        return $this->google2fa->getQRCodeUrl(
            setting('app-name'),
            $user->email,
            $secret
        );
    }

    /**
     * Generate a QR code to display a TOTP URL.
     */
    public function generateQrCodeSvg(string $url): string
    {
        $color = Fill::uniformColor(new Rgb(255, 255, 255), new Rgb(32, 110, 167));

        return (new Writer(
            new ImageRenderer(
                new RendererStyle(192, 4, null, null, $color),
                new SvgImageBackEnd()
            )
        ))->writeString($url);
    }

    /**
     * Verify that the user provided code is valid for the secret.
     * The secret must be known, not user-provided.
     */
    public function verifyCode(string $code, string $secret): bool
    {
        /** @noinspection PhpUnhandledExceptionInspection */
        return $this->google2fa->verifyKey($secret, $code);
    }
}
Complete base flow for TOTP setup - Includes DB storage and code validation. - Extracted TOTP work to its own service file. - Still needs testing to cover this side of things. 2021-07-01 05:10:02 +08:00			`<?php`

			`namespace BookStack\Auth\Access\Mfa;`

			`use BaconQrCode\Renderer\Color\Rgb;`
			`use BaconQrCode\Renderer\Image\SvgImageBackEnd;`
			`use BaconQrCode\Renderer\ImageRenderer;`
			`use BaconQrCode\Renderer\RendererStyle\Fill;`
			`use BaconQrCode\Renderer\RendererStyle\RendererStyle;`
			`use BaconQrCode\Writer;`
Fixed guest user email showing in TOTP setup url - Occured during enforced MFA setup upon login. - Added test to cover. Fixes #2971 2021-10-15 01:02:16 +08:00			`use BookStack\Auth\User;`
Complete base flow for TOTP setup - Includes DB storage and code validation. - Extracted TOTP work to its own service file. - Still needs testing to cover this side of things. 2021-07-01 05:10:02 +08:00			`use PragmaRX\Google2FA\Google2FA;`
Added attribution for new libs added - Also hard-set TOTP algorithm with comment from testing others. 2021-08-08 21:52:29 +08:00			`use PragmaRX\Google2FA\Support\Constants;`
Complete base flow for TOTP setup - Includes DB storage and code validation. - Extracted TOTP work to its own service file. - Still needs testing to cover this side of things. 2021-07-01 05:10:02 +08:00
			`class TotpService`
			`{`
			`protected $google2fa;`

			`public function __construct(Google2FA $google2fa)`
			`{`
			`$this->google2fa = $google2fa;`
Added attribution for new libs added - Also hard-set TOTP algorithm with comment from testing others. 2021-08-08 21:52:29 +08:00			`// Use SHA1 as a default, Personal testing of other options in 2021 found`
			`// many apps lack support for other algorithms yet still will scan`
			`// the code causing a confusing UX.`
			`$this->google2fa->setAlgorithm(Constants::SHA1);`
Complete base flow for TOTP setup - Includes DB storage and code validation. - Extracted TOTP work to its own service file. - Still needs testing to cover this side of things. 2021-07-01 05:10:02 +08:00			`}`

			`/**`
			`* Generate a new totp secret key.`
			`*/`
			`public function generateSecret(): string`
			`{`
			`/** @noinspection PhpUnhandledExceptionInspection */`
			`return $this->google2fa->generateSecretKey();`
			`}`

			`/**`
			`* Generate a TOTP URL from secret key.`
			`*/`
Fixed guest user email showing in TOTP setup url - Occured during enforced MFA setup upon login. - Added test to cover. Fixes #2971 2021-10-15 01:02:16 +08:00			`public function generateUrl(string $secret, User $user): string`
Complete base flow for TOTP setup - Includes DB storage and code validation. - Extracted TOTP work to its own service file. - Still needs testing to cover this side of things. 2021-07-01 05:10:02 +08:00			`{`
			`return $this->google2fa->getQRCodeUrl(`
			`setting('app-name'),`
Fixed guest user email showing in TOTP setup url - Occured during enforced MFA setup upon login. - Added test to cover. Fixes #2971 2021-10-15 01:02:16 +08:00			`$user->email,`
Complete base flow for TOTP setup - Includes DB storage and code validation. - Extracted TOTP work to its own service file. - Still needs testing to cover this side of things. 2021-07-01 05:10:02 +08:00			`$secret`
			`);`
			`}`

			`/**`
			`* Generate a QR code to display a TOTP URL.`
			`*/`
			`public function generateQrCodeSvg(string $url): string`
			`{`
			`$color = Fill::uniformColor(new Rgb(255, 255, 255), new Rgb(32, 110, 167));`
Apply fixes from StyleCI 2021-08-21 22:49:40 +08:00
Complete base flow for TOTP setup - Includes DB storage and code validation. - Extracted TOTP work to its own service file. - Still needs testing to cover this side of things. 2021-07-01 05:10:02 +08:00			`return (new Writer(`
			`new ImageRenderer(`
Added border to generated TOTP QR code To fix QR code not being scannable when in dark mode due to lack of border matching background of QR code. Fixes #2925 2021-09-13 21:23:54 +08:00			`new RendererStyle(192, 4, null, null, $color),`
Apply fixes from StyleCI 2021-08-21 22:49:40 +08:00			`new SvgImageBackEnd()`
Complete base flow for TOTP setup - Includes DB storage and code validation. - Extracted TOTP work to its own service file. - Still needs testing to cover this side of things. 2021-07-01 05:10:02 +08:00			`)`
			`))->writeString($url);`
			`}`

			`/**`
			`* Verify that the user provided code is valid for the secret.`
			`* The secret must be known, not user-provided.`
			`*/`
			`public function verifyCode(string $code, string $secret): bool`
			`{`
			`/** @noinspection PhpUnhandledExceptionInspection */`
			`return $this->google2fa->verifyKey($secret, $code);`
			`}`
Apply fixes from StyleCI 2021-08-21 22:49:40 +08:00			`}`