mirror of
https://git.phreedom.club/localhost_frssoft/fediauth.git
synced 2024-11-25 17:31:29 +00:00
+/-30 seconds otp validity
This commit is contained in:
parent
7a1827b5f7
commit
376d163d08
|
@ -200,3 +200,14 @@ function otp.is_player_enabled(name)
|
||||||
|
|
||||||
return has_secret and has_priv
|
return has_secret and has_priv
|
||||||
end
|
end
|
||||||
|
|
||||||
|
function otp.check_code(secret_b32, code, time)
|
||||||
|
time = time or os.time()
|
||||||
|
for _, t_offset in ipairs({0, -30, 30}) do
|
||||||
|
local expected_code = otp.generate_totp(secret_b32, time + t_offset)
|
||||||
|
if expected_code == code then
|
||||||
|
return true
|
||||||
|
end
|
||||||
|
end
|
||||||
|
return false
|
||||||
|
end
|
|
@ -28,12 +28,12 @@ mtt.register("otp.hmac", function(callback)
|
||||||
end)
|
end)
|
||||||
|
|
||||||
mtt.register("otp.generate_totp", function(callback)
|
mtt.register("otp.generate_totp", function(callback)
|
||||||
local expected_code = 699847
|
local expected_code = "699847"
|
||||||
local secret_b32 = "N6JGKMEKU2E6HQMLLNMJKBRRGVQ2ZKV7"
|
local secret_b32 = "N6JGKMEKU2E6HQMLLNMJKBRRGVQ2ZKV7"
|
||||||
local unix_time = 1640995200
|
local unix_time = 1640995200
|
||||||
|
|
||||||
local code, valid_seconds = otp.generate_totp(secret_b32, unix_time)
|
local code, valid_seconds = otp.generate_totp(secret_b32, unix_time)
|
||||||
assert(code == ""..expected_code)
|
assert(code == expected_code)
|
||||||
assert(valid_seconds > 0)
|
assert(valid_seconds > 0)
|
||||||
|
|
||||||
code, valid_seconds = otp.generate_totp(secret_b32)
|
code, valid_seconds = otp.generate_totp(secret_b32)
|
||||||
|
@ -41,6 +41,21 @@ mtt.register("otp.generate_totp", function(callback)
|
||||||
callback()
|
callback()
|
||||||
end)
|
end)
|
||||||
|
|
||||||
|
mtt.register("otp.check_code", function(callback)
|
||||||
|
local expected_code = "699847"
|
||||||
|
local secret_b32 = "N6JGKMEKU2E6HQMLLNMJKBRRGVQ2ZKV7"
|
||||||
|
local unix_time = 1640995200
|
||||||
|
|
||||||
|
assert(otp.check_code(secret_b32, expected_code, unix_time))
|
||||||
|
assert(otp.check_code(secret_b32, expected_code, unix_time+30))
|
||||||
|
assert(otp.check_code(secret_b32, expected_code, unix_time-30))
|
||||||
|
assert(not otp.check_code(secret_b32, expected_code, unix_time-60))
|
||||||
|
assert(not otp.check_code(secret_b32, expected_code, unix_time+60))
|
||||||
|
assert(not otp.check_code(secret_b32, expected_code))
|
||||||
|
|
||||||
|
callback()
|
||||||
|
end)
|
||||||
|
|
||||||
mtt.register("otp.create_qr_png", function(callback)
|
mtt.register("otp.create_qr_png", function(callback)
|
||||||
local url = "otpauth://totp/abc:myaccount?algorithm=SHA1&digits=6&issuer=abc&period=30&"
|
local url = "otpauth://totp/abc:myaccount?algorithm=SHA1&digits=6&issuer=abc&period=30&"
|
||||||
.. "secret=N6JGKMEKU2E6HQMLLNMJKBRRGVQ2ZKV7"
|
.. "secret=N6JGKMEKU2E6HQMLLNMJKBRRGVQ2ZKV7"
|
||||||
|
|
3
join.lua
3
join.lua
|
@ -55,8 +55,7 @@ minetest.register_on_player_receive_fields(function(player, formname, fields)
|
||||||
|
|
||||||
local playername = player:get_player_name()
|
local playername = player:get_player_name()
|
||||||
local secret_b32 = otp.get_player_secret_b32(playername)
|
local secret_b32 = otp.get_player_secret_b32(playername)
|
||||||
local expected_code = otp.generate_totp(secret_b32)
|
if otp.check_code(secret_b32, fields.code) then
|
||||||
if expected_code == fields.code then
|
|
||||||
minetest.chat_send_player(playername, "OTP Code validation succeeded")
|
minetest.chat_send_player(playername, "OTP Code validation succeeded")
|
||||||
otp_sessions[playername] = nil
|
otp_sessions[playername] = nil
|
||||||
otp.regrant_privs(playername)
|
otp.regrant_privs(playername)
|
||||||
|
|
|
@ -63,8 +63,7 @@ minetest.register_on_player_receive_fields(function(player, formname, fields)
|
||||||
if fields.code then
|
if fields.code then
|
||||||
local playername = player:get_player_name()
|
local playername = player:get_player_name()
|
||||||
local secret_b32 = otp.get_player_secret_b32(playername)
|
local secret_b32 = otp.get_player_secret_b32(playername)
|
||||||
local expected_code = otp.generate_totp(secret_b32)
|
if otp.check_code(secret_b32, fields.code) then
|
||||||
if expected_code == fields.code then
|
|
||||||
-- set priv
|
-- set priv
|
||||||
local privs = minetest.get_player_privs(playername)
|
local privs = minetest.get_player_privs(playername)
|
||||||
privs.otp_enabled = true
|
privs.otp_enabled = true
|
||||||
|
|
Loading…
Reference in a new issue