GUACAMOLE-96: Allow users to enter either the current or previous TOTP codes.
Project: http://git-wip-us.apache.org/repos/asf/guacamole-client/repo Commit: http://git-wip-us.apache.org/repos/asf/guacamole-client/commit/78c398f4 Tree: http://git-wip-us.apache.org/repos/asf/guacamole-client/tree/78c398f4 Diff: http://git-wip-us.apache.org/repos/asf/guacamole-client/diff/78c398f4 Branch: refs/heads/master Commit: 78c398f45d484ba4935870f6cd5a146a6f9d2f16 Parents: 8dd5537 Author: Michael Jumper <mjum...@apache.org> Authored: Mon Nov 20 01:19:39 2017 -0800 Committer: Michael Jumper <mjum...@apache.org> Committed: Sun Feb 4 19:45:17 2018 -0800 ---------------------------------------------------------------------- .../auth/totp/UserVerificationService.java | 2 +- .../apache/guacamole/totp/TOTPGenerator.java | 29 ++++++++++++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/78c398f4/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/UserVerificationService.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/UserVerificationService.java b/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/UserVerificationService.java index cb73730..823c5ef 100644 --- a/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/UserVerificationService.java +++ b/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/UserVerificationService.java @@ -142,7 +142,7 @@ public class UserVerificationService { // Verify provided TOTP against value produced by generator byte[] key = BASE32.decode(encodedKey); TOTPGenerator totp = new TOTPGenerator(key, TOTPGenerator.Mode.SHA1, 6); - if (code.equals(totp.generate())) + if (code.equals(totp.generate()) || code.equals(totp.previous())) return; } http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/78c398f4/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/totp/TOTPGenerator.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/totp/TOTPGenerator.java b/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/totp/TOTPGenerator.java index 004c23b..b8c0d95 100644 --- a/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/totp/TOTPGenerator.java +++ b/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/totp/TOTPGenerator.java @@ -399,4 +399,33 @@ public class TOTPGenerator { return generate(System.currentTimeMillis() / 1000); } + /** + * Returns the TOTP code which would have been generated immediately prior + * to the code returned by invoking generate() with the given timestamp. + * + * @param time + * The absolute timestamp to use to generate the TOTP code, in seconds + * since midnight, 1970-01-01, UTC (UNIX epoch). + * + * @return + * The TOTP code which would have been generated immediately prior to + * the the code returned by invoking generate() with the given + * timestamp. + */ + public String previous(long time) { + return generate(Math.max(startTime, time - timeStep)); + } + + /** + * Returns the TOTP code which would have been generated immediately prior + * to the code currently being returned by generate(). + * + * @return + * The TOTP code which would have been generated immediately prior to + * the code currently being returned by generate(). + */ + public String previous() { + return previous(System.currentTimeMillis() / 1000); + } + }