wip

SoObjects/SOGo/SOGoUser.h

@@ -124,7 +124,7 @@
 
 - (BOOL) isSuperUser;
 - (BOOL) canAuthenticate;
-- (NSString *) totpKey;
+- (NSString *) totpKey: (bool) isCheck;
 
 /* resource */
 - (BOOL) isResource;

SoObjects/SOGo/SOGoUser.m

@@ -1299,7 +1299,7 @@ static const NSString *kEncryptedUserNamePrefix = @"uenc";
   return [authValue boolValue];
 }
 
-- (NSString *) totpKey
+- (NSString *) totpKey: (bool) isCheck
 {
 #if defined(MFA_CONFIG)
   NSString *key, *result;
@@ -1308,7 +1308,24 @@ static const NSString *kEncryptedUserNamePrefix = @"uenc";
 
   size_t s_len, secret_len;
 
-  key = [[[self userSettings] userPrivateSalt] substringToIndex: 12];
+  //Until 5.12.4, SOGo had two problems with totp:
+  // * It was not renew after a user disable it/renable it.
+  // * The length was too small: 12 instead of the recommanded 20
+
+  if(![_defaults totpEnabled])
+  {
+    //Totp was not enabled
+    //Only renew if this is not a check (happen when the user enable it for the first time and save its preferences
+    //the saveAction will check the totp code but [_defaults totpEnabled] is still False )
+    key = [[self userSettings] userCurrentTotpKey: !isCheck];
+  }
+  else
+  {
+    //Totp currently enabled
+    key = [[self userSettings] userCurrentTotpKey: NO];
+  }
+
+  //key = [[[self userSettings] userPrivateSalt] substringToIndex: 12];
   s = [key UTF8String];
   s_len = strlen(s);
 

SoObjects/SOGo/SOGoUserSettings.h

@@ -35,6 +35,7 @@
 - (NSArray *) subscribedCalendars;
 - (NSArray *) subscribedAddressBooks;
 - (NSString *) userPrivateSalt;
+- (NSString *) userCurrentTotpKey: (bool) renew;
 - (NSString *) userPublicSalt;
 - (void)enableForceResetPassword;
 - (void)disableForceResetPassword;

SoObjects/SOGo/SOGoUserSettings.m

@@ -116,6 +116,29 @@ static Class SOGoUserProfileKlass = Nil;
   return salt;
 }
 
+- (NSString *) userCurrentTotpKey: (bool) renew
+{
+  NSMutableDictionary *values;
+  NSString *key;
+
+  key = [[self dictionaryForKey: @"General"] objectForKey: @"totpKey"];
+
+  if (!key || renew)
+    {
+      key = [[[[NSProcessInfo processInfo] globallyUniqueString] asSHA1String] substringToIndex: 20];
+      values = [self objectForKey: @"General"];
+
+      if (!values)
+        values = [NSMutableDictionary dictionary];
+
+      [values setObject: key forKey: @"totpKey"];
+      [self setObject: values forKey: @"General"];
+      [self synchronize];
+    }
+
+  return key;
+}
+
 - (void) enableForceResetPassword
 {
   [self setObject: [NSNumber numberWithInt:1]  forKey: @"ForceResetPassword"];

UI/MainUI/SOGoRootPage.m

@@ -338,7 +338,7 @@ static const NSString *kJwtKey = @"jwt";
               const auto time_step = OATH_TOTP_DEFAULT_TIME_STEP_SIZE;
               const auto digits = 6;
 
-              real_secret = [[loggedInUser totpKey] UTF8String];
+              real_secret = [[loggedInUser totpKey: YES] UTF8String];
 
               auto result = oath_init();
               auto t = time(NULL);
@@ -372,7 +372,7 @@ static const NSString *kJwtKey = @"jwt";
                   return [self responseWithStatus: 403
                             andJSONRepresentation: json];
                 }
-            } //  if ([verificationCode length] == 6 && [verificationCode unsignedIntValue] > 0)
+            } 
           else
             {
               if ([us dictionaryForKey: @"General"] && ![[us dictionaryForKey: @"General"] objectForKey: @"PrivateSalt"])

UI/PreferencesUI/UIxPreferences.m

@@ -1123,7 +1123,7 @@ static NSArray *reminderValues = nil;
 
 - (NSString *) totpKey
 {
-  return [[context activeUser] totpKey];
+  return [[context activeUser] totpKey: NO];
 }
 
 //
@@ -1910,7 +1910,7 @@ static NSArray *reminderValues = nil;
               const auto time_step = OATH_TOTP_DEFAULT_TIME_STEP_SIZE;
               const auto digits = 6;
 
-              real_secret = [[user totpKey] UTF8String];
+              real_secret = [[user totpKey: YES] UTF8String];
 
               auto result = oath_init();
               auto t = time(NULL);