2022-10-11 11:20:07 +02:00
|
|
|
<?php
|
|
|
|
|
|
|
|
namespace App\Services\Migrators;
|
|
|
|
|
2022-11-22 15:15:52 +01:00
|
|
|
use App\Exceptions\InvalidMigrationDataException;
|
2022-10-11 11:20:07 +02:00
|
|
|
use App\Models\TwoFAccount;
|
|
|
|
use Illuminate\Support\Arr;
|
2022-11-22 15:15:52 +01:00
|
|
|
use Illuminate\Support\Collection;
|
|
|
|
use Illuminate\Support\Facades\Log;
|
2022-10-11 11:20:07 +02:00
|
|
|
|
|
|
|
class TwoFASMigrator extends Migrator
|
|
|
|
{
|
|
|
|
// {
|
|
|
|
// "groups":
|
|
|
|
// [
|
|
|
|
// {
|
|
|
|
// "id": "C2F69014-C4C7-4EEC-9225-D24E750F77FD",
|
|
|
|
// "name": "Test",
|
|
|
|
// "isExpanded": true
|
|
|
|
// }
|
|
|
|
// ],
|
|
|
|
// "schemaVersion": 2,
|
|
|
|
// "appOrigin": "ios",
|
|
|
|
// "appVersionCode": 32001,
|
|
|
|
// "services":
|
|
|
|
// [
|
|
|
|
// {
|
|
|
|
// "secret": "NRTWO2DLNJUGO23KM5UA",
|
|
|
|
// "badge":
|
|
|
|
// {
|
|
|
|
// "color": "Default"
|
|
|
|
// },
|
|
|
|
// "order":
|
|
|
|
// {
|
|
|
|
// "position": 0
|
|
|
|
// },
|
|
|
|
// "otp":
|
|
|
|
// {
|
|
|
|
// "account": "My account",
|
|
|
|
// "digits": 6,
|
|
|
|
// "counter": 0,
|
|
|
|
// "period": 30,
|
|
|
|
// "algorithm": "SHA1",
|
|
|
|
// "tokenType": "TOTP"
|
|
|
|
// },
|
|
|
|
// "updatedAt": 1657529936000,
|
|
|
|
// "type": "ManuallyAdded",
|
|
|
|
// "name": "My Service",
|
|
|
|
// "icon":
|
|
|
|
// {
|
|
|
|
// "selected": "Brand",
|
|
|
|
// "brand":
|
|
|
|
// {
|
|
|
|
// "id": "ManuallyAdded"
|
|
|
|
// },
|
|
|
|
// "label":
|
|
|
|
// {
|
|
|
|
// "text": "OW",
|
|
|
|
// "backgroundColor": "LightBlue"
|
|
|
|
// }
|
|
|
|
// }
|
|
|
|
// }
|
|
|
|
// ],
|
|
|
|
// "appVersionName": "3.20.1"
|
|
|
|
// }
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Convert migration data to a TwoFAccounts collection.
|
|
|
|
*
|
|
|
|
* @param mixed $migrationPayload
|
2022-11-21 11:16:43 +01:00
|
|
|
* @return \Illuminate\Support\Collection<int|string, \App\Models\TwoFAccount> The converted accounts
|
2022-10-11 11:20:07 +02:00
|
|
|
*/
|
|
|
|
public function migrate(mixed $migrationPayload) : Collection
|
|
|
|
{
|
|
|
|
$json = json_decode(htmlspecialchars_decode($migrationPayload), true);
|
|
|
|
|
|
|
|
if (is_null($json) || Arr::has($json, 'services') == false) {
|
|
|
|
Log::error('Aegis JSON migration data cannot be read');
|
|
|
|
throw new InvalidMigrationDataException('2FAS Auth');
|
|
|
|
}
|
|
|
|
|
2022-11-22 15:15:52 +01:00
|
|
|
$twofaccounts = [];
|
2022-10-11 11:20:07 +02:00
|
|
|
|
2022-11-22 15:15:52 +01:00
|
|
|
foreach ($json['services'] as $key => $otp_parameters) {
|
|
|
|
$parameters = [];
|
|
|
|
$parameters['otp_type'] = $otp_parameters['otp']['tokenType'];
|
|
|
|
$parameters['service'] = $otp_parameters['name'];
|
|
|
|
$parameters['account'] = $otp_parameters['otp']['account'] ?? $parameters['service'];
|
|
|
|
$parameters['secret'] = $this->padToValidBase32Secret($otp_parameters['secret']);
|
|
|
|
$parameters['algorithm'] = $otp_parameters['otp']['algorithm'];
|
|
|
|
$parameters['digits'] = $otp_parameters['otp']['digits'];
|
|
|
|
$parameters['counter'] = $otp_parameters['otp']['counter'] ?? null;
|
|
|
|
$parameters['period'] = $otp_parameters['otp']['period'] ?? null;
|
2022-10-11 11:20:07 +02:00
|
|
|
|
|
|
|
try {
|
2022-11-22 15:15:52 +01:00
|
|
|
$twofaccounts[$key] = new TwoFAccount;
|
|
|
|
$twofaccounts[$key]->fillWithOtpParameters($parameters);
|
|
|
|
} catch (\Exception $exception) {
|
2022-10-11 11:20:07 +02:00
|
|
|
Log::error(sprintf('Cannot instanciate a TwoFAccount object with 2FAS imported item #%s', $key));
|
|
|
|
Log::error($exception->getMessage());
|
|
|
|
|
|
|
|
// The token failed to generate a valid account so we create a fake account to be returned.
|
2022-11-22 15:15:52 +01:00
|
|
|
$fakeAccount = new TwoFAccount();
|
|
|
|
$fakeAccount->id = TwoFAccount::FAKE_ID;
|
|
|
|
$fakeAccount->otp_type = $otp_parameters['otp']['tokenType'] ?? TwoFAccount::TOTP;
|
2022-10-11 11:20:07 +02:00
|
|
|
// Only basic fields are filled to limit the risk of another exception.
|
2022-11-22 15:15:52 +01:00
|
|
|
$fakeAccount->account = $otp_parameters['otp']['account'] ?? __('twofaccounts.import.invalid_account');
|
|
|
|
$fakeAccount->service = $otp_parameters['name'] ?? __('twofaccounts.import.invalid_service');
|
2022-10-11 11:20:07 +02:00
|
|
|
// The secret field is used to pass the error, not very clean but will do the job for now.
|
2022-11-22 15:15:52 +01:00
|
|
|
$fakeAccount->secret = $exception->getMessage();
|
2022-10-11 11:20:07 +02:00
|
|
|
|
|
|
|
$twofaccounts[$key] = $fakeAccount;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return collect($twofaccounts);
|
|
|
|
}
|
|
|
|
}
|