• Home
• io.github.shmilyhe
• uas-core
• 1.4.7
• source code
• SmsTfa.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.eshore.tfa.SmsTfa Maven / Gradle / Ivy

package com.eshore.tfa;

import javax.servlet.http.HttpServletRequest;

import com.eshore.tools.Bytes;
import com.eshore.tools.Tokens;
import com.eshore.tools.pbkdf2.Hash;
import com.eshore.tools.pbkdf2.Sha256;
import com.eshore.uas.conf.GlobalConf;
import com.eshore.uas.extensions.Glue;
import com.eshore.uas.extensions.ISmsLogin;
import com.eshore.uas.server.api.User;

/**
 * 
 * @author eshore
 *
 */
public class SmsTfa implements ITFAAbility{
	

	@Override
	public String tfaToken(User u,HttpServletRequest req) {
		String sec = Glue.getShare().getSecret();
		ISmsLogin sms = Glue.getSmsLogin();
		if(sms==null)return "2FA_NOT_AVAILABLE";
		sms.sendCode(u.getCellphone(), req);
		req.setAttribute("msg", maskPhone(u.getCellphone()));
		return tk(u);
	}

	private static String maskPhone(String phoneNumber) {
		if(phoneNumber==null)return "";
		if(phoneNumber.length()<5)return phoneNumber;
		return phoneNumber.substring(0, phoneNumber.length()-4)+"****";
	}
	
	public static void main(String[] args) {
		System.out.println(maskPhone("13712341232"));
		System.out.println(maskPhone("1371234123222323"));
		System.out.println(maskPhone("137123"));
		System.out.println(maskPhone("137123412"));
		System.out.println(maskPhone("1371"));
	}
	
	@Override
	public User tfalogin(String token, String code,HttpServletRequest req) {
		ISmsLogin sms = Glue.getSmsLogin();
		if(sms==null)return null;
		User u =tk2user(token);
		if(sms.verifyCode(u.getCellphone(), code))return u;
		return null;
	}

	private String tk(User u) {
		Hash h = new Sha256();
		String domain=u.getDomain();
		if(domain==null)domain="";
		String id=u.getId();
		String random=Tokens.randomString(4);
		String time =String.valueOf((System.currentTimeMillis()/1000)+15);
		h.write(id.getBytes());
		h.write(domain.getBytes());
		h.write(random.getBytes());
		h.write(time.getBytes());
		String code =Bytes.toHexString(h.sum(null));
		return Tokens.serialization("2FA",id,domain,random,time,code);
	}
	
	private User tk2user(String tk) {
		String ts [] = Tokens.deserialization(tk);
		if(ts==null||ts.length<6)return null;
		String id=ts[1];
		String domain=ts[2];
		String random=ts[3];
		String time=ts[4];
		String code=ts[5];
		
		Hash h = new Sha256();
		h.write(id.getBytes());
		h.write(domain.getBytes());
		h.write(random.getBytes());
		h.write(time.getBytes());
		String code2 =Bytes.toHexString(h.sum(null));
		if(!code2.equals(code))return null;
		
		//return Glue.getUserCache().byId(id+"@"+domain);
		return GlobalConf.getUserProvider(domain).findByID(id, domain);
		
	}

	@Override
	public String reflash(String token, HttpServletRequest req) {
		ISmsLogin sms = Glue.getSmsLogin();
		if(sms==null)return null;
		User u =tk2user(token);
		if(u==null)return "操作不合法";
		sms.sendCode(u.getCellphone(), req);
		String msg = (String)req.getAttribute("msg");
		if(msg==null) {
			req.setAttribute("code","0");
			req.setAttribute("msg", maskPhone(u.getCellphone()));
		}
		return msg==null?"短信已发送，请查收":msg;
	}
	
}