shortcode.php

См. документацию.

<?php
 
namespace Bitrix\Main\Authentication;
 
use Bitrix\Main;
use Bitrix\Main\Security\Mfa;
use Bitrix\Main\Authentication\Internal\UserAuthCodeTable;
 
class ShortCode
{
    protected $context;
    protected $type;
    protected $code;
    protected $checkInterval = 300; //seconds, a half of the real time window
    protected $resendInterval = 60; //seconds

    public function __construct(Context $context, $type = UserAuthCodeTable::TYPE_EMAIL)
    {
        $this->context = $context;
        $this->type = $type;
 
        if(!$this->load())
        {
            throw new Main\ObjectException("User probably not found: ".$context->getUserId());
        }
    }

    public function generate()
    {
        $totp = new Mfa\TotpAlgorithm();
        $totp->setInterval($this->checkInterval);
        $totp->setSecret($this->code->getOtpSecret());
 
        $timecode = $totp->timecode(time());
        $shortCode = $totp->generateOTP($timecode);
 
        return $shortCode;
    }

    public function verify($code)
    {
        $result = new Main\Result();
 
        $attempts = (int)$this->code->getAttempts();
 
        if($attempts >= 3)
        {
            $result->addError(new Main\Error("Retry count exceeded.", "ERR_RETRY_COUNT"));
            return $result;
        }
 
        $totp = new Main\Security\Mfa\TotpAlgorithm();
        $totp->setInterval($this->checkInterval);
        $totp->setSecret($this->code->getOtpSecret());
 
        $otpResult = false;
        try
        {
            list($otpResult, ) = $totp->verify($code);
        }
        catch(Main\ArgumentException $e)
        {
        }
 
        if($otpResult)
        {
            $this->code->setDateSent(null);
            $this->code->setDateResent(null);
        }
        else
        {
            $result->addError(new Main\Error("Incorrect code.", "ERR_CONFIRM_CODE"));
 
            $this->code->setAttempts($attempts + 1);
        }
 
        $this->code->save();
 
        return $result;
    }

    public function checkDateSent()
    {
        $result = new Main\Result();
 
        $resultData = [
            "checkInterval" => $this->checkInterval*2,
            "resendInterval" => $this->resendInterval,
        ];
 
        //alowed only once in a interval
        if($this->code->getDateResent())
        {
            $currentDateTime = new Main\Type\DateTime();
            $interval = $currentDateTime->getTimestamp() - $this->code->getDateResent()->getTimestamp();
 
            if($interval < $this->resendInterval)
            {
                $resultData["secondsLeft"] = $this->resendInterval - $interval;
                $resultData["secondsPassed"] = $interval;
                $result->addError(new Main\Error("Timeout not expired yet."));
            }
        }
 
        $result->setData($resultData);
 
        return $result;
    }

    public function saveDateSent()
    {
        $currentDateTime = new Main\Type\DateTime();
 
        if($this->code->getDateSent())
        {
            if(($currentDateTime->getTimestamp() - $this->code->getDateSent()->getTimestamp()) > $this->checkInterval*2)
            {
                //reset attempts only for the new code (when time passes)
                $this->code->setAttempts(0);
                $this->code->setDateSent(null);
            }
        }
 
        if(!$this->code->getDateSent())
        {
            //first time only
            $this->code->setDateSent($currentDateTime);
        }
        $this->code->setDateResent($currentDateTime);
 
        $this->code->save();
 
        return true;
    }

    public function getUser()
    {
        return $this->code->fillUser();
    }

    public static function deleteByUser($userId)
    {
        UserAuthCodeTable::deleteByFilter(["=USER_ID" => $userId]);
    }
 
    protected function load()
    {
        $userId = $this->context->getUserId();
        $primaryKey = [
            "USER_ID" => $userId,
            "CODE_TYPE" => $this->type,
        ];
 
        $code = UserAuthCodeTable::getById($primaryKey)->fetchObject();
 
        if(!$code)
        {
            //first time for the user, should create a record
            $code = UserAuthCodeTable::createObject();
            $code->setUserId($userId);
            $code->setCodeType($this->type);
 
            $result = $code->save();
            if(!$result->isSuccess())
            {
                return false;
            }
        }
 
        $this->code = $code;
 
        return true;
    }
}