1 package Koha::Auth::TwoFactorAuth;
3 # This file is part of Koha.
5 # Koha is free software; you can redistribute it and/or modify it
6 # under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
10 # Koha is distributed in the hope that it will be useful, but
11 # WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with Koha; if not, see <http://www.gnu.org/licenses>.
20 use MIME::Base64 qw( encode_base64 );
24 use Koha::Exceptions::Patron;
26 use base qw( Auth::GoogleAuth );
30 Koha::Auth::TwoFactorAuth- Koha class deal with Two factor authentication
34 use Koha::Auth::TwoFactorAuth;
36 my $secret = Koha::AuthUtils::generate_salt( 'weak', 16 );
37 my $auth = Koha::Auth::TwoFactorAuth->new({ patron => $patron, secret => $secret });
38 my $image_src = $auth->qr_code;
39 my $ok = $auth->verify( $pin_code, 1 );
41 It's based on Auth::GoogleAuth
47 $obj = Koha::Auth::TwoFactorAuth->new({ patron => $p, secret => $s });
50 Secret is optional, defaults to patron's secret.
51 Passing secret32 overrules secret! Secret32 should be base32.
56 my ($class, $params) = @_;
57 my $patron = $params->{patron};
58 my $secret32 = $params->{secret32};
59 my $secret = $params->{secret};
61 # FIXME Raise an exception if the syspref is disabled
63 Koha::Exceptions::MissingParameter->throw("Mandatory patron parameter missing")
64 unless $patron && ref($patron) eq 'Koha::Patron';
66 my $type = 'secret32';
68 Koha::Exceptions::BadParameter->throw("Secret32 should be base32")
69 if $secret32 =~ /[^a-z2-7]/;
72 } elsif( $patron->secret ) {
73 $secret32 = $patron->decoded_secret; # saved already in base32
75 Koha::Exceptions::MissingParameter->throw("No secret passed or patron has no secret");
78 my $issuer = Encode::encode_utf8($patron->library->branchname);
79 my $key_id = sprintf "%s_%s",
80 $issuer, ( $patron->email || $patron->userid );
82 return $class->SUPER::new({
83 $type => $secret32 || $secret,
91 my $image_src = $auth->qr_code;
93 Replacement for (unsafer) Auth::GoogleAuth::qr_code.
94 Returns the data URL to fill the src attribute of the
95 image tag on the registration form.
102 my $otpauth = $self->SUPER::qr_code( undef, undef, undef, 1);
103 # no need to pass secret, key and issuer again
104 my $qrcode = GD::Barcode->new( 'QRcode', $otpauth, { Ecc => 'M', ModuleSize => 4 } );
105 my $data = $qrcode->plot->png;
106 return "data:image/png;base64,". encode_base64( $data, q{} ); # does not contain newlines