‪TYPO3CMS  ‪main
Public Member Functions | Static Public Member Functions | Protected Member Functions | Private Attributes | List of all members
TYPO3\CMS\Core\Authentication\Mfa\Provider\Totp Class Reference

Public Member Functions

 __construct (protected readonly string $secret, protected readonly string $algo='sha1', protected readonly int $length=6, protected readonly int $step=30, protected readonly int $epoch=0)
 
string generateTotp (int $counter)
 
 verifyTotp (string $totp, int $gracePeriod=null)
 
 getTotpAuthUrl (string $issuer, string $account='', array $additionalParameters=[])
 

Static Public Member Functions

static generateEncodedSecret (array $additionalAuthFactors=[])
 

Protected Member Functions

 compare (string $totp, int $counter)
 
 getTimeCounter (int $timestamp)
 
 getDecodedSecret ()
 

Private Attributes

const ALLOWED_ALGOS = ['sha1', 'sha256', 'sha512']
 
const MIN_LENGTH = 6
 
const MAX_LENGTH = 8
 

Detailed Description

Time-based one-time password (TOTP) implementation according to rfc6238

should only be used by the TYPO3 Core

Definition at line 29 of file Totp.php.

Constructor & Destructor Documentation

◆ __construct()

TYPO3\CMS\Core\Authentication\Mfa\Provider\Totp::__construct ( protected readonly string  $secret,
protected readonly string  $algo = 'sha1',
protected readonly int  $length = 6,
protected readonly int  $step = 30,
protected readonly int  $epoch = 0 
)

Definition at line 35 of file Totp.php.

References TYPO3\CMS\Core\Security\ContentSecurityPolicy\length.

Member Function Documentation

◆ compare()

TYPO3\CMS\Core\Authentication\Mfa\Provider\Totp::compare ( string  $totp,
int  $counter 
)
protected

Compare given time-based one-time password with a time-based one-time password generated from the known $counter (the moving factor).

Parameters
string$totp‪The time-based one-time password to verify
int$counter‪The counter value, the moving factor

Definition at line 160 of file Totp.php.

References TYPO3\CMS\Core\Authentication\Mfa\Provider\Totp\generateTotp().

Referenced by TYPO3\CMS\Core\Authentication\Mfa\Provider\Totp\verifyTotp().

◆ generateEncodedSecret()

static TYPO3\CMS\Core\Authentication\Mfa\Provider\Totp::generateEncodedSecret ( array  $additionalAuthFactors = [])
static

Generate the shared secret (K) by using a random and applying additional authentication factors like username or email address.

Definition at line 177 of file Totp.php.

Referenced by TYPO3\CMS\Core\Tests\Unit\Authentication\Mfa\Provider\TotpTest\generateEncodedSecretTest(), and TYPO3\CMS\Core\Authentication\Mfa\Provider\TotpProvider\prepareSetupView().

◆ generateTotp()

string TYPO3\CMS\Core\Authentication\Mfa\Provider\Totp::generateTotp ( int  $counter)

Generate a time-based one-time password for the given counter according to rfc4226

Parameters
int$counter‪A timestamp (counter) according to rfc6238
Returns
‪string The generated TOTP

Definition at line 63 of file Totp.php.

References TYPO3\CMS\Core\Authentication\Mfa\Provider\Totp\getDecodedSecret(), and TYPO3\CMS\Core\Security\ContentSecurityPolicy\length.

Referenced by TYPO3\CMS\Core\Authentication\Mfa\Provider\Totp\compare().

◆ getDecodedSecret()

TYPO3\CMS\Core\Authentication\Mfa\Provider\Totp::getDecodedSecret ( )
protected

Definition at line 191 of file Totp.php.

Referenced by TYPO3\CMS\Core\Authentication\Mfa\Provider\Totp\generateTotp().

◆ getTimeCounter()

TYPO3\CMS\Core\Authentication\Mfa\Provider\Totp::getTimeCounter ( int  $timestamp)
protected

Generate the counter value (moving factor) from the given timestamp

Definition at line 168 of file Totp.php.

Referenced by TYPO3\CMS\Core\Authentication\Mfa\Provider\Totp\verifyTotp().

◆ getTotpAuthUrl()

TYPO3\CMS\Core\Authentication\Mfa\Provider\Totp::getTotpAuthUrl ( string  $issuer,
string  $account = '',
array  $additionalParameters = [] 
)

Generate and return the otpauth URL for TOTP

Definition at line 119 of file Totp.php.

References TYPO3\CMS\Core\Security\ContentSecurityPolicy\length.

◆ verifyTotp()

TYPO3\CMS\Core\Authentication\Mfa\Provider\Totp::verifyTotp ( string  $totp,
int  $gracePeriod = null 
)

Verify the given time-based one-time password

Parameters
string$totp‪The time-based one-time password to be verified
int | null$gracePeriod‪The grace period for the TOTP +- (mainly to circumvent transmission delays)

Definition at line 93 of file Totp.php.

References TYPO3\CMS\Core\Authentication\Mfa\Provider\Totp\compare(), and TYPO3\CMS\Core\Authentication\Mfa\Provider\Totp\getTimeCounter().

Member Data Documentation

◆ ALLOWED_ALGOS

const TYPO3\CMS\Core\Authentication\Mfa\Provider\Totp::ALLOWED_ALGOS = ['sha1', 'sha256', 'sha512']
private

Definition at line 31 of file Totp.php.

◆ MAX_LENGTH

const TYPO3\CMS\Core\Authentication\Mfa\Provider\Totp::MAX_LENGTH = 8
private

Definition at line 33 of file Totp.php.

◆ MIN_LENGTH

const TYPO3\CMS\Core\Authentication\Mfa\Provider\Totp::MIN_LENGTH = 6
private

Definition at line 32 of file Totp.php.