mirror of
https://git.phreedom.club/localhost_frssoft/fediauth.git
synced 2024-11-25 17:31:29 +00:00
+/-30 seconds otp validity
This commit is contained in:
parent
7a1827b5f7
commit
376d163d08
|
@ -200,3 +200,14 @@ function otp.is_player_enabled(name)
|
|||
|
||||
return has_secret and has_priv
|
||||
end
|
||||
|
||||
function otp.check_code(secret_b32, code, time)
|
||||
time = time or os.time()
|
||||
for _, t_offset in ipairs({0, -30, 30}) do
|
||||
local expected_code = otp.generate_totp(secret_b32, time + t_offset)
|
||||
if expected_code == code then
|
||||
return true
|
||||
end
|
||||
end
|
||||
return false
|
||||
end
|
|
@ -28,12 +28,12 @@ mtt.register("otp.hmac", function(callback)
|
|||
end)
|
||||
|
||||
mtt.register("otp.generate_totp", function(callback)
|
||||
local expected_code = 699847
|
||||
local expected_code = "699847"
|
||||
local secret_b32 = "N6JGKMEKU2E6HQMLLNMJKBRRGVQ2ZKV7"
|
||||
local unix_time = 1640995200
|
||||
|
||||
local code, valid_seconds = otp.generate_totp(secret_b32, unix_time)
|
||||
assert(code == ""..expected_code)
|
||||
assert(code == expected_code)
|
||||
assert(valid_seconds > 0)
|
||||
|
||||
code, valid_seconds = otp.generate_totp(secret_b32)
|
||||
|
@ -41,6 +41,21 @@ mtt.register("otp.generate_totp", function(callback)
|
|||
callback()
|
||||
end)
|
||||
|
||||
mtt.register("otp.check_code", function(callback)
|
||||
local expected_code = "699847"
|
||||
local secret_b32 = "N6JGKMEKU2E6HQMLLNMJKBRRGVQ2ZKV7"
|
||||
local unix_time = 1640995200
|
||||
|
||||
assert(otp.check_code(secret_b32, expected_code, unix_time))
|
||||
assert(otp.check_code(secret_b32, expected_code, unix_time+30))
|
||||
assert(otp.check_code(secret_b32, expected_code, unix_time-30))
|
||||
assert(not otp.check_code(secret_b32, expected_code, unix_time-60))
|
||||
assert(not otp.check_code(secret_b32, expected_code, unix_time+60))
|
||||
assert(not otp.check_code(secret_b32, expected_code))
|
||||
|
||||
callback()
|
||||
end)
|
||||
|
||||
mtt.register("otp.create_qr_png", function(callback)
|
||||
local url = "otpauth://totp/abc:myaccount?algorithm=SHA1&digits=6&issuer=abc&period=30&"
|
||||
.. "secret=N6JGKMEKU2E6HQMLLNMJKBRRGVQ2ZKV7"
|
||||
|
|
3
join.lua
3
join.lua
|
@ -55,8 +55,7 @@ minetest.register_on_player_receive_fields(function(player, formname, fields)
|
|||
|
||||
local playername = player:get_player_name()
|
||||
local secret_b32 = otp.get_player_secret_b32(playername)
|
||||
local expected_code = otp.generate_totp(secret_b32)
|
||||
if expected_code == fields.code then
|
||||
if otp.check_code(secret_b32, fields.code) then
|
||||
minetest.chat_send_player(playername, "OTP Code validation succeeded")
|
||||
otp_sessions[playername] = nil
|
||||
otp.regrant_privs(playername)
|
||||
|
|
|
@ -63,8 +63,7 @@ minetest.register_on_player_receive_fields(function(player, formname, fields)
|
|||
if fields.code then
|
||||
local playername = player:get_player_name()
|
||||
local secret_b32 = otp.get_player_secret_b32(playername)
|
||||
local expected_code = otp.generate_totp(secret_b32)
|
||||
if expected_code == fields.code then
|
||||
if otp.check_code(secret_b32, fields.code) then
|
||||
-- set priv
|
||||
local privs = minetest.get_player_privs(playername)
|
||||
privs.otp_enabled = true
|
||||
|
|
Loading…
Reference in a new issue