mirror of https://tt-rss.org/git/tt-rss.git
OTP: generate longer secrets, also make them easier to read/copy
This commit is contained in:
parent
0b82afabd5
commit
0acd33abe3
|
@ -469,8 +469,8 @@ class Pref_Prefs extends Handler_Protected {
|
||||||
<?= \Controls\hidden_tag("method", "otpenable") ?>
|
<?= \Controls\hidden_tag("method", "otpenable") ?>
|
||||||
|
|
||||||
<fieldset>
|
<fieldset>
|
||||||
<label><?= __("OTP Key:") ?></label>
|
<label><?= __("OTP secret:") ?></label>
|
||||||
<input dojoType='dijit.form.ValidationTextBox' disabled='disabled' value="<?= $otp_secret ?>" style='width : 215px'>
|
<code><?= $this->format_otp_secret($otp_secret) ?></code>
|
||||||
</fieldset>
|
</fieldset>
|
||||||
|
|
||||||
<!-- TODO: return JSON from the backend call -->
|
<!-- TODO: return JSON from the backend call -->
|
||||||
|
@ -496,7 +496,7 @@ class Pref_Prefs extends Handler_Protected {
|
||||||
</fieldset>
|
</fieldset>
|
||||||
|
|
||||||
<fieldset>
|
<fieldset>
|
||||||
<label><?= __("One time password:") ?></label>
|
<label><?= __("Verification code:") ?></label>
|
||||||
<input dojoType='dijit.form.ValidationTextBox' autocomplete='off' required='1' name='otp'>
|
<input dojoType='dijit.form.ValidationTextBox' autocomplete='off' required='1' name='otp'>
|
||||||
</fieldset>
|
</fieldset>
|
||||||
|
|
||||||
|
@ -1518,4 +1518,8 @@ class Pref_Prefs extends Handler_Protected {
|
||||||
}
|
}
|
||||||
return "";
|
return "";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private function format_otp_secret($secret) {
|
||||||
|
return implode(" ", str_split($secret, 4));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -299,7 +299,7 @@ class UserHelper {
|
||||||
if ($user->otp_enabled) {
|
if ($user->otp_enabled) {
|
||||||
$user->otp_secret = $salt_based_secret;
|
$user->otp_secret = $salt_based_secret;
|
||||||
} else {
|
} else {
|
||||||
$user->otp_secret = bin2hex(get_random_bytes(6));
|
$user->otp_secret = bin2hex(get_random_bytes(10));
|
||||||
}
|
}
|
||||||
|
|
||||||
$user->save();
|
$user->save();
|
||||||
|
|
|
@ -109,7 +109,7 @@ class Auth_Internal extends Auth_Base {
|
||||||
<?= \Controls\hidden_tag("op", "login") ?>
|
<?= \Controls\hidden_tag("op", "login") ?>
|
||||||
|
|
||||||
<fieldset>
|
<fieldset>
|
||||||
<label><?= __("Please enter your one time password:") ?></label>
|
<label><?= __("Please enter verification code (OTP):") ?></label>
|
||||||
<input id="otp" dojoType="dijit.form.ValidationTextBox" required="1" autocomplete="off" size="6" name="otp" value=""/>
|
<input id="otp" dojoType="dijit.form.ValidationTextBox" required="1" autocomplete="off" size="6" name="otp" value=""/>
|
||||||
<?= \Controls\submit_tag(__("Continue")) ?>
|
<?= \Controls\submit_tag(__("Continue")) ?>
|
||||||
</fieldset>
|
</fieldset>
|
||||||
|
|
Loading…
Reference in New Issue