diff options
Diffstat (limited to 'classes/userhelper.php')
-rw-r--r-- | classes/userhelper.php | 34 |
1 files changed, 32 insertions, 2 deletions
diff --git a/classes/userhelper.php b/classes/userhelper.php index 2bb83a02a..ce26e6c71 100644 --- a/classes/userhelper.php +++ b/classes/userhelper.php @@ -240,6 +240,12 @@ class UserHelper { if ($user) { $user->otp_enabled = false; + + // force new OTP secret when next enabled + if (Config::get_schema_version() >= 143) { + $user->otp_secret = null; + } + $user->save(); return true; @@ -281,8 +287,32 @@ class UserHelper { $user = ORM::for_table('ttrss_users')->find_one($owner_uid); if ($user) { - if (!$user->otp_enabled || $show_if_enabled) - return \ParagonIE\ConstantTime\Base32::encodeUpperUnpadded(mb_substr(sha1($user->salt), 0, 12)); + + $salt_based_secret = mb_substr(sha1($user->salt), 0, 12); + + if (Config::get_schema_version() >= 143) { + $secret = $user->otp_secret; + + if (empty($secret)) { + + /* migrate secret if OTP is already enabled, otherwise make a new one */ + if ($user->otp_enabled) { + $user->otp_secret = $salt_based_secret; + } else { + $user->otp_secret = bin2hex(get_random_bytes(6)); + } + + $user->save(); + + $secret = $user->otp_secret; + } + } else { + $secret = $salt_based_secret; + } + + if (!$user->otp_enabled || $show_if_enabled) { + return \ParagonIE\ConstantTime\Base32::encodeUpperUnpadded($secret); + } } return null; |