Documentation

TOTP extends Base
in package
implements MFAInterface

Time based One-Time Password.

Table of Contents

Interfaces

MFAInterface

Properties

$userID  : int|null

Methods

__construct()  : mixed
checkMFAData()  : bool
classIsAvailable()  : string|null
Checks if a given token is an enabled MFA class, and returns the fully qualified class name (or NULL)
classIsMFA()  : string|null
Does the class exist on the system.
clearPendingLogin()  : mixed
generateNew()  : string
Generate a new seed.
getAuthenticator()  : CiviGoogleAuthenticator
getAvailableClasses()  : array<string|int, mixed>
Returns an array of fully qualified or short class names that are available.
getCode()  : string
Generate the currently valid code.
getFormUrl()  : string
Returns an appropriate URL for a user to go to to either provide or set-up this MFA after correctly entering their username and password.
getMFAclasses()  : array<string|int, mixed>
This is the options callback for the standalone_mfa_enabled setting.
getPendingLogin()  : array<string|int, mixed>|null
Fetch the array of pending login data (userID, expiry, ...) if it exists and has not expired.
processMFAAttempt()  : bool
Handle the User.login request with MFA class + data.
storeSeed()  : mixed
Store encrypted seed against the User ID.
updatePendingLogin()  : array<string|int, mixed>
userHasCompletedSetup()  : bool
Returns whether this MFA is configured for the user.
verifyCode()  : bool
Does a given code currently match the given seed?

Properties

$userID

public int|null $userID

Methods

__construct()

public __construct(int $userID) : mixed
Parameters
$userID : int

checkMFAData()

public checkMFAData(mixed $data) : bool
Parameters
$data : mixed
Return values
bool

classIsAvailable()

Checks if a given token is an enabled MFA class, and returns the fully qualified class name (or NULL)

public static classIsAvailable(string $shortClassName) : string|null
Parameters
$shortClassName : string
Return values
string|null

classIsMFA()

Does the class exist on the system.

public static classIsMFA(string $shortClassName) : string|null
Parameters
$shortClassName : string
Return values
string|null

clearPendingLogin()

public clearPendingLogin() : mixed

generateNew()

Generate a new seed.

public generateNew() : string

This will be presented to the user so they can try it in their authenticator app. If they are successfully able to enter a correct TOTP code from the app, then we will store this against their record.

Return values
string

getAuthenticator()

public getAuthenticator() : CiviGoogleAuthenticator
Return values
CiviGoogleAuthenticator

getAvailableClasses()

Returns an array of fully qualified or short class names that are available.

public static getAvailableClasses([bool $short = FALSE ]) : array<string|int, mixed>

Available here means:

  • is configured in settings as available to users
  • is actually an MFA class.
Parameters
$short : bool = FALSE
Return values
array<string|int, mixed>

getCode()

Generate the currently valid code.

public getCode(string $seed) : string
Parameters
$seed : string
Return values
string

getFormUrl()

Returns an appropriate URL for a user to go to to either provide or set-up this MFA after correctly entering their username and password.

public getFormUrl() : string
Return values
string

getMFAclasses()

This is the options callback for the standalone_mfa_enabled setting.

public static getMFAclasses() : array<string|int, mixed>
Return values
array<string|int, mixed>

getPendingLogin()

Fetch the array of pending login data (userID, expiry, ...) if it exists and has not expired.

public static getPendingLogin() : array<string|int, mixed>|null

If it's expired, drop it from the session.

Return values
array<string|int, mixed>|null

processMFAAttempt()

Handle the User.login request with MFA class + data.

public processMFAAttempt(array<string|int, mixed> $pending, mixed $code) : bool
Parameters
$pending : array<string|int, mixed>
$code : mixed
Return values
bool

Should login continue?

storeSeed()

Store encrypted seed against the User ID.

public storeSeed(int $userID, string $seed) : mixed
Parameters
$userID : int
$seed : string

updatePendingLogin()

public updatePendingLogin(array<string|int, mixed> $changes) : array<string|int, mixed>
Parameters
$changes : array<string|int, mixed>
Return values
array<string|int, mixed>

userHasCompletedSetup()

Returns whether this MFA is configured for the user.

public userHasCompletedSetup() : bool
Return values
bool

verifyCode()

Does a given code currently match the given seed?

public verifyCode(string $seed, string $code) : bool
Parameters
$seed : string
$code : string
Return values
bool 

        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results