Added TOTP feature

.gitmodules

@@ -0,0 +1,6 @@
+[submodule "lib/vendor/base32"]
+	path = lib/vendor/base32
+	url = https://github.com/tuupola/base32.git
+[submodule "lib/vendor/phpqrcode"]
+	path = lib/vendor/phpqrcode
+	url = https://git.code.sf.net/p/phpqrcode/git

README.md

@@ -39,6 +39,14 @@ It has the following features:
 * valid PHP mail server configuration (reset mail)
 * valid PHP session configuration (reset mail)
 
+### For Time based One Time Password (TOTP)
+There are two git submodules that must be initialized:
+
+```
+git submodule update --init lib/vendor/phpqrcode
+git submodule update --init lib/vendor/base32
+```
+
 ## Documentation
 
 Documentation is available on http://ltb-project.org/wiki/documentation/self-service-password

conf/config.inc.php

@@ -74,6 +74,7 @@
 # clear (the default)
 # auto (will check the hash of current password)
 # This option is not used with ad_mode = true
+# This option is forced to "clear" when TOTP
 $hash = "clear";
 
 # Prefix to use for salt with CRYPT
@@ -279,6 +280,7 @@
 # change
 # sendtoken
 # sendsms
+# changetotp
 $default_action = "change";
 
 ## Extra messages
@@ -288,3 +290,12 @@
 
 # Launch a posthook script after successful password change
 #$posthook = "/usr/share/self-service-password/posthook.sh";
+
+## TOTP
+# Must be configured TOTP module on LDAP ( https://github.com/openldap/openldap/tree/master/contrib/slapd-modules/passwd/totp )
+$use_totp = false;
+$totp_period = 30;
+$totp_digits = 6;
+#totp_algorithm: SHA1, SHA256, SHA512
+$totp_algorithm = "SHA1";
+$totp_issuer = "www.example.com";

index.php

@@ -109,6 +109,7 @@
 if ( $use_questions ) { array_push( $available_actions, "resetbyquestions", "setquestions"); }
 if ( $use_tokens ) { array_push( $available_actions, "resetbytoken", "sendtoken"); }
 if ( $use_sms ) { array_push( $available_actions, "resetbytoken", "sendsms"); }
+if ( $use_totp ) { array_push( $available_actions, "resetbytoken", "changetotp"); }
 
 # Ensure requested action is available, or fall back to default
 if ( ! in_array($action, $available_actions) ) { $action = $default_action; }

lang/ca.inc.php

@@ -133,3 +133,6 @@
 $messages['changehelpsshkey'] = "<a href=\"?action=changesshkey\">Canviar la clau d'SSH</a>";
 $messages['changesshkeyhelp'] = "Introduïu la contrasenya i la clau SSH.";
 $messages['changesshkeymessage'] = "Hola {login},\n\nLa claus SSH s'ha canviat.\n\nSi no va iniciar aquest canvi, poseu-vos en contacte amb l'administrador immediatament.";
+$messages['menutotp'] = "TOTP";
+$messages['changehelptotp'] = "<a href=\"?action=changetotp\">Change your TOTP key</a>";
+$messages['scantotp'] = "Scan the QR code before send the form. This is the last chance to scan the QR code.";

lang/cn.inc.php

@@ -129,3 +129,6 @@
 $messages['sshkeyrequired'] = "需要SSH密钥";
 $messages['changesshkeymessage'] = "您好{login},\n\n您的SSH金钥已变更。\n\n如果您没有启动这项变更，请立即与您的管理员联络。";
 $messages['changesshkeyhelp'] = "输入您的密码和新的SSH密钥。";
+$messages['menutotp'] = "TOTP";
+$messages['changehelptotp'] = "<a href=\"?action=changetotp\">Change your TOTP key</a>";
+$messages['scantotp'] = "Scan the QR code before send the form. This is the last chance to scan the QR code.";

lang/cs.inc.php

@@ -129,3 +129,6 @@
 $messages['sshkeyerror'] = "SSH klíč byl odmítnut v adresáři LDAP";
 $messages['sshkey'] = "SSH klíč";
 $messages['menusshkey'] = "SSH klíč";
+$messages['menutotp'] = "TOTP";
+$messages['changehelptotp'] = "<a href=\"?action=changetotp\">Change your TOTP key</a>";
+$messages['scantotp'] = "Scan the QR code before send the form. This is the last chance to scan the QR code.";

lang/de.inc.php

@@ -131,3 +131,6 @@
 $messages['changesshkeymessage'] = "Hallo {login}, \n\nDer SSH-Schlüssel wurde geändert.\n\nWenn Sie diese Änderung nicht eingeleitet haben, wenden Sie sich bitte umgehend an Ihren Administrator.";
 $messages['menusshkey'] = "SSH Schlüssel";
 $messages['changesshkeysubject'] = "Ihr SSH-Schlüssel wurde geändert";
+$messages['menutotp'] = "TOTP";
+$messages['changehelptotp'] = "<a href=\"?action=changetotp\">Change your TOTP key</a>";
+$messages['scantotp'] = "Scan the QR code before send the form. This is the last chance to scan the QR code.";

lang/el.inc.php

@@ -129,3 +129,6 @@
 $messages['menusshkey'] = "SSH Key";
 $messages['changehelpsshkey'] = "<a href=\"?action=changesshkey\">Αλλάξτε SSH Key σας</a>";
 $messages['sshkey'] = "SSH Key";
+$messages['menutotp'] = "TOTP";
+$messages['changehelptotp'] = "<a href=\"?action=changetotp\">Change your TOTP key</a>";
+$messages['scantotp'] = "Scan the QR code before send the form. This is the last chance to scan the QR code.";

lang/en.inc.php

@@ -129,3 +129,6 @@
 $messages['emptysendsmsform'] = "Get a reset code";
 $messages['sameaslogin'] = "Your new password is identical to your login";
 $messages['policydifflogin'] = "Your new password may not be the same as your login";
+$messages['menutotp'] = "TOTP";
+$messages['changehelptotp'] = "<a href=\"?action=changetotp\">Change your TOTP key</a>";
+$messages['scantotp'] = "Scan the QR code before send the form. This is the last chance to scan the QR code.";

lang/es.inc.php

@@ -130,3 +130,6 @@
 $messages['emptysshkeychangeform'] = "Cambiar su clave SSH";
 $messages['changesshkeyhelp'] = "Introduzca su contraseña y la nueva clave SSH.";
 $messages['sshkeyerror'] = "La clave SSH fue rechazada por el directorio LDAP";
+$messages['menutotp'] = "TOTP";
+$messages['changehelptotp'] = "<a href=\"?action=changetotp\">Cambie su clave TOTP</a>";
+$messages['scantotp'] = "Escanee el código QR antes de pulsar el botón \"Enviar\". Esta es la última vez que verá este código QR.";

lang/fr.inc.php

@@ -129,3 +129,6 @@
 $messages['emptysshkeychangeform'] = "Changez votre clé SSH";
 $messages['changesshkeyhelp'] = "Entrez votre mot de passe et la nouvelle clé SSH.";
 $messages['sshkeyerror'] = "La clé SSH a été refusée par l'annuaire  LDAP";
+$messages['menutotp'] = "TOTP";
+$messages['changehelptotp'] = "<a href=\"?action=changetotp\">Change your TOTP key</a>";
+$messages['scantotp'] = "Scan the QR code before send the form. This is the last chance to scan the QR code.";

lang/hu.inc.php

@@ -129,3 +129,6 @@
 $messages['emptysshkeychangeform'] = "Változás az SSH kulcs";
 $messages['changesshkeyhelp'] = "Írja be a jelszót és az új SSH kulcs.";
 $messages['sshkeyerror'] = "Az LDAP könyvtár elutasította az SSH kulcsot";
+$messages['menutotp'] = "TOTP";
+$messages['changehelptotp'] = "<a href=\"?action=changetotp\">Change your TOTP key</a>";
+$messages['scantotp'] = "Scan the QR code before send the form. This is the last chance to scan the QR code.";

lang/it.inc.php

@@ -129,3 +129,6 @@
 $messages['emptysshkeychangeform'] = "Cambia la tua chiave SSH";
 $messages['changesshkeyhelp'] = "Inserire la password e la nuova chiave SSH.";
 $messages['sshkeyerror'] = "SSH Key è stata rifiutata dalla directory LDAP";
+$messages['menutotp'] = "TOTP";
+$messages['changehelptotp'] = "<a href=\"?action=changetotp\">Change your TOTP key</a>";
+$messages['scantotp'] = "Scan the QR code before send the form. This is the last chance to scan the QR code.";

lang/ja.inc.php

@@ -129,3 +129,6 @@
 $messages['emptysshkeychangeform'] = "SSHキーを変更する";
 $messages['changesshkeyhelp'] = "パスワードと新しいSSHキーを入力してください。";
 $messages['sshkeyerror'] = "SSHキーがLDAPディレクトリによって拒否されました";
+$messages['menutotp'] = "TOTP";
+$messages['changehelptotp'] = "<a href=\"?action=changetotp\">Change your TOTP key</a>";
+$messages['scantotp'] = "Scan the QR code before send the form. This is the last chance to scan the QR code.";

lang/nl.inc.php

@@ -131,3 +131,6 @@
 $messages['emptysshkeychangeform'] = "Verander je SSH Key";
 $messages['changesshkeyhelp'] = "Voer uw wachtwoord in en nieuwe SSH sleutel.";
 $messages['sshkeyerror'] = "SSH Key werd geweigerd door de LDAP-directory";
+$messages['menutotp'] = "TOTP";
+$messages['changehelptotp'] = "<a href=\"?action=changetotp\">Change your TOTP key</a>";
+$messages['scantotp'] = "Scan the QR code before send the form. This is the last chance to scan the QR code.";

lang/pl.inc.php

@@ -131,3 +131,6 @@
 $messages['emptysshkeychangeform'] = "Zmień swój klucz SSH";
 $messages['changesshkeyhelp'] = "Wprowadź swoje hasło i nowy klucz SSH.";
 $messages['sshkeyerror'] = "SSH Key został odrzucony przez katalogu LDAP";
+$messages['menutotp'] = "TOTP";
+$messages['changehelptotp'] = "<a href=\"?action=changetotp\">Change your TOTP key</a>";
+$messages['scantotp'] = "Scan the QR code before send the form. This is the last chance to scan the QR code.";

lang/pt-BR.inc.php

@@ -129,3 +129,6 @@
 $messages['emptysshkeychangeform'] = "Alterar a chave SSH";
 $messages['changesshkeyhelp'] = "Digite sua senha e a nova chave SSH.";
 $messages['sshkeyerror'] = "A chave SSH foi recusada pelo diretório LDAP";
+$messages['menutotp'] = "TOTP";
+$messages['changehelptotp'] = "<a href=\"?action=changetotp\">Change your TOTP key</a>";
+$messages['scantotp'] = "Scan the QR code before send the form. This is the last chance to scan the QR code.";

lang/pt-PT.inc.php

@@ -129,3 +129,6 @@
 $messages['emptysshkeychangeform'] = "Alterar a chave SSH";
 $messages['changesshkeyhelp'] = "Digite sua senha e a nova chave SSH.";
 $messages['sshkeyerror'] = "A chave SSH foi recusada pelo diretório LDAP";
+$messages['menutotp'] = "TOTP";
+$messages['changehelptotp'] = "<a href=\"?action=changetotp\">Change your TOTP key</a>";
+$messages['scantotp'] = "Scan the QR code before send the form. This is the last chance to scan the QR code.";

lang/ru.inc.php

@@ -129,3 +129,6 @@
 $messages['emptysshkeychangeform'] = "Изменение ключа SSH";
 $messages['changesshkeyhelp'] = "Введите свой пароль и новый ключ SSH.";
 $messages['sshkeyerror'] = "Ключ SSH был отклонен каталогом LDAP";
+$messages['menutotp'] = "TOTP";
+$messages['changehelptotp'] = "<a href=\"?action=changetotp\">Change your TOTP key</a>";
+$messages['scantotp'] = "Scan the QR code before send the form. This is the last chance to scan the QR code.";

lang/sk.inc.php

@@ -129,3 +129,6 @@
 $messages['emptysshkeychangeform'] = "Zmeňte svoj SSH kľúč";
 $messages['changesshkeyhelp'] = "Zadajte heslo a nové SSH kľúč.";
 $messages['sshkeyerror'] = "SSH kľúč bol odmietnutý v adresári LDAP";
+$messages['menutotp'] = "TOTP";
+$messages['changehelptotp'] = "<a href=\"?action=changetotp\">Change your TOTP key</a>";
+$messages['scantotp'] = "Scan the QR code before send the form. This is the last chance to scan the QR code.";

lang/sl.inc.php

@@ -129,3 +129,6 @@
 $messages['emptysshkeychangeform'] = "Spreminjanje SSH ključ";
 $messages['changesshkeyhelp'] = "Vnesite geslo in nov ključ SSH.";
 $messages['sshkeyerror'] = "SSH Ključna je bila zavrnjena z imeniku LDAP";
+$messages['menutotp'] = "TOTP";
+$messages['changehelptotp'] = "<a href=\"?action=changetotp\">Change your TOTP key</a>";
+$messages['scantotp'] = "Scan the QR code before send the form. This is the last chance to scan the QR code.";

lang/sv.inc.php

@@ -129,3 +129,6 @@
 $messages['emptysshkeychangeform'] = "Ändra din SSH Key";
 $messages['changesshkeyhelp'] = "Ange ditt lösenord och ny SSH-nyckel.";
 $messages['sshkeyerror'] = "SSH Key avslogs av LDAP-katalogen";
+$messages['menutotp'] = "TOTP";
+$messages['changehelptotp'] = "<a href=\"?action=changetotp\">Change your TOTP key</a>";
+$messages['scantotp'] = "Scan the QR code before send the form. This is the last chance to scan the QR code.";

lang/tr.inc.php

@@ -129,3 +129,6 @@
 $messages['emptysshkeychangeform'] = "SSH Anahtarınızı Değiştirin";
 $messages['changesshkeyhelp'] = "Parolanızı ve yeni SSH anahtarınızı girin.";
 $messages['sshkeyerror'] = "SSH Anahtarı LDAP dizini tarafından reddedildi";
+$messages['menutotp'] = "TOTP";
+$messages['changehelptotp'] = "<a href=\"?action=changetotp\">Change your TOTP key</a>";
+$messages['scantotp'] = "Scan the QR code before send the form. This is the last chance to scan the QR code.";

lang/uk.inc.php

@@ -130,3 +130,6 @@
 $messages['emptysshkeychangeform'] = "Змінити ключ SSH";
 $messages['changesshkeyhelp'] = "Введіть свій пароль і новий ключ SSH.";
 $messages['sshkeyerror'] = "SSH Key була відхилена каталогом LDAP";
+$messages['menutotp'] = "TOTP";
+$messages['changehelptotp'] = "<a href=\"?action=changetotp\">Change your TOTP key</a>";
+$messages['scantotp'] = "Scan the QR code before send the form. This is the last chance to scan the QR code.";

lang/zh-CN.inc.php

@@ -129,3 +129,6 @@
 $messages['emptysendsmsform'] = "Get a reset code";
 $messages['sameaslogin'] = "您的新密码与您的用户名相同";
 $messages['policydifflogin'] = "您的新密码不能与您的用户名相同";
+$messages['menutotp'] = "TOTP";
+$messages['changehelptotp'] = "<a href=\"?action=changetotp\">Change your TOTP key</a>";
+$messages['scantotp'] = "Scan the QR code before send the form. This is the last chance to scan the QR code.";

pages/change.php

@@ -219,6 +219,7 @@
     'use_tokens' => $use_tokens,
     'use_sms' => $use_sms,
     'change_sshkey' => $change_sshkey,
+    'use_totp' => $use_totp,
     'action' => $action,
     'source' => $source,
 ));

pages/changesshkey.php

@@ -179,6 +179,7 @@
     'use_tokens' => $use_tokens,
     'use_sms' => $use_sms,
     'change_sshkey' => $change_sshkey,
+    'use_totp' => $use_totp,
     'action' => $action,
     'source' => $source,
 ));