Skip to content

Commit

Permalink
feat: Fixes openemr#6839 show mfa shared secret (openemr#6847)
Browse files Browse the repository at this point in the history
* Fixes openemr#6839 show mfa shared secret

In order to use a non-qr type TOTP code we need to show the shared
secret when going to add the code.

* Add MFA shared secret to setup page.

In order to use an mfa TOTP app that doesn't support qr scanning we need
to display a shared secret on the setup page.
  • Loading branch information
adunsulag authored Sep 13, 2023
1 parent 5fa36a3 commit b284377
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 3 deletions.
2 changes: 2 additions & 0 deletions interface/usergroup/mfa_totp.php
Original file line number Diff line number Diff line change
Expand Up @@ -185,6 +185,8 @@ function docancel() {
<br />
<img src="<?php echo attr($qr); ?>" class="img-responsive center-block" style="height:200px !Important"/>
<br />
<p><?php echo xlt("Or paste in the following code into your authenticator app"); ?></p>
<p><?php echo $mfaAuth->getSecret(); ?></p>
<p><?php echo xlt('Example authenticator apps include'); ?></p>:
<div class="col-sm-4 offset-sm-4">
<ul>
Expand Down
14 changes: 14 additions & 0 deletions library/classes/Installer.class.php
Original file line number Diff line number Diff line change
Expand Up @@ -490,6 +490,7 @@ public function on_care_coordination()

/**
* Generates the initial user's 2FA QR Code
* @deprecated Recommended to use get_initial_user_mfa_totp() instead
* @return bool|string|void
*/
public function get_initial_user_2fa_qr()
Expand All @@ -502,6 +503,19 @@ public function get_initial_user_2fa_qr()
return false;
}

/**
* Generates the initial user's 2FA QR Code
* @return bool|string|void
*/
public function get_initial_user_mfa_totp()
{
if (($this->i2faEnable) && (!empty($this->i2faSecret)) && (class_exists('Totp'))) {
$adminTotp = new Totp($this->i2faSecret, $this->iuser);
return $adminTotp;
}
return false;
}

/**
* Create site directory if it is missing.
* @global string $GLOBALS['OE_SITE_DIR'] contains the name of the site directory to create
Expand Down
10 changes: 7 additions & 3 deletions setup.php
Original file line number Diff line number Diff line change
Expand Up @@ -1375,9 +1375,11 @@ function cloneClicked() {
}

// If user has selected to set MFA App Based 2FA, display QR code to scan
$qr = $installer->get_initial_user_2fa_qr();
$qr_esc = attr($qr);
if ($qr) {
$mfa = $installer->get_initial_user_mfa_totp();
if ($mfa !== false) {
$qr = $mfa->generateQrCode();
$qr_esc = attr($qr);
$sharedSecret = text($mfa->getSecret());
$qrDisplay = <<<TOTP
<br />
<table>
Expand All @@ -1386,6 +1388,8 @@ function cloneClicked() {
<strong class='text-danger'>IMPORTANT!!</strong>
<p><strong>You must scan the following QR code with your preferred authenticator app.</strong></p>
<img src='$qr_esc' width="150" />
<p>Or paste in the following code into your authenticator app</p>
<p>$sharedSecret</p>
</td>
</tr>
<tr>
Expand Down

0 comments on commit b284377

Please sign in to comment.