diff --git a/README.md b/README.md index 699e1df..34cc053 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,14 @@ +## Updates +I've updated the CFC in a couple of ways + +* I've removed the native CF solution in favour of the Apache Commons Codec to implement Base32 encoding/decoding +* Added new function getOTPQRURL() which return the a QR code URL you can put straight in to an image tag + +## Intro + This is a ColdFusion native implementation of RFC6238 (TOTP: Time-Based One-Time Password Algorithm) specifically designed to work with the Google Authenticator app. You can use this for providing Two Factor Authentication for your applications. -It has been tested on Adobe Coldfusion 10 because that's what I run locally. It uses a few Java classes and bit twiddling, so YMMV on Railo. It should work on CF9, I don't think I've done anything CF10 specific - but feel free to do a Pull Request if there's a small change required to make this work on CF9 or Railo! +It has been tested on Adobe Coldfusion 10 because that's what I run locally. It uses a few Java classes and bit twiddling, so YMMV on Lucee/Railo. It should work on CF9, I don't think I've done anything CF10 specific - but feel free to do a Pull Request if there's a small change required to make this work on CF9 or Lucee/Railo! ## Background @@ -15,7 +23,7 @@ To use the Google Authenticator in your own app you would do something like: ## Implementation notes -This is a purely "native" CF solution - I could've saved some code and time by using Apache Commons Codec to implement Base32 encoding/decoding, however the version bundled with ACF10 is v1.3 and Base32 was added in v1.5 - I didn't want to introduce another dependency. In fact, the whole project might've been better to be implemented as a Java library since it makes so much use of Java arrays, bit twiddling, etc! Still it was a fun coding exercise! +This version uses Apache Commons Codec to implement Base32 encoding/decoding which will make it incompativle with ACF10. ## Notes on security @@ -26,11 +34,9 @@ This is a purely "native" CF solution - I could've saved some code and time by u There's a simple sample in the project where you can generate a secret key and then see the token values for that key (and compare to the Authenticator app). This sample is definitely *not* best practice or recommended to be used for anything other than playing around. -The samples use [qrcode.js](http://davidshimjs.github.io/qrcodejs/). - ## Tests -There are some [mxunit](http://mxunit.org/) based tests that can be run from `/tests/index.cfm`. They assume that mxunit is mapped at the server level to /mxunit. If we had Railo CLI I could make them not depend on a web server! +There are some [mxunit](http://mxunit.org/) based tests that can be run from `/tests/index.cfm`. They assume that mxunit is mapped at the server level to /mxunit. If we had Lucee/Railo CLI I could make them not depend on a web server! ## Licence diff --git a/authenticator/GoogleAuthenticator.cfc b/authenticator/GoogleAuthenticator.cfc index ea7c767..e8c6e7d 100644 --- a/authenticator/GoogleAuthenticator.cfc +++ b/authenticator/GoogleAuthenticator.cfc @@ -72,6 +72,11 @@ component output="false" { return 'otpauth://totp/#arguments.email#?secret=#arguments.key#'; } + public string function getOTPQRURL(required string OTPURL){ + local.qrURL = "https://chart.googleapis.com/chart?chs=200x200&cht=qr&chl=200x200&chld=M|0&cht=qr&chl="; + return local.qrURL & arguments.OTPURL; + } + /** * The core TOTP function that gets the current value of the token for a particular secret key and numeric counter * @@ -154,97 +159,8 @@ component output="false" { */ public string function Base32encode (required any inputBytes) { - var values = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567"; - if (arrayLen(inputBytes) == 0) - { - return ""; - } - var bytes = 0; - if (ArrayLen(inputBytes) % 5 != 0) - { - var paddedLength = ArrayLen(inputBytes) + (5 - (ArrayLen(inputBytes) % 5)); - var buffer = createObject("java", "java.nio.ByteBuffer").allocate(paddedLength); - buffer.put(inputBytes, 0, ArrayLen(inputBytes)); - bytes = buffer.array(); - } - else - { - bytes = inputBytes; - } - - var encoded = ""; - for (var i = 1; i <= arrayLen(bytes); i += 5) - { - byte = bytes[i]; - if (byte < 0) byte += 256; - byte = bitSHRN(byte, 3); - byte = bitAnd(byte, 31); - encoded &= Mid(values, byte + 1, 1); - - byte = bytes[i]; - if (byte < 0) byte += 256; - byte = bitAnd(byte, 7); - byte = bitSHLN(byte, 2); - byte2 = bytes[i+1]; - if (byte2 < 0) byte2 += 256; - byte2 = bitSHRN(byte2, 6); - byte2 = bitAnd(byte2, 3); - byte = bitOr(byte, byte2); - encoded &= Mid(values, byte + 1, 1); - - byte = bytes[i+1]; - if (byte < 0) byte += 256; - byte = bitAnd(byte, 62); - byte = bitSHRN(byte, 1); - encoded &= Mid(values, byte + 1, 1); - - byte = bytes[i+1]; - if (byte < 0) byte += 256; - byte = bitAnd(byte, 1); - byte = bitSHLN(byte, 4); - byte2 = bytes[i+2]; - if (byte2 < 0) byte2 += 256; - byte2 = bitSHRN(byte2, 4); - byte = bitOr(byte, byte2); - encoded &= Mid(values, byte + 1, 1); - - byte = bytes[i+2]; - if (byte < 0) byte += 256; - byte = bitAnd(byte, 15); - byte = bitSHLN(byte, 1); - byte2 = bytes[i+3]; - if (byte2 < 0) byte2 += 256; - byte2 = bitSHRN(byte2, 7); - byte = bitOr(byte, byte2); - encoded &= Mid(values, byte + 1, 1); - - byte = bytes[i+3]; - if (byte < 0) byte += 256; - byte = bitSHRN(byte, 2); - byte = bitAnd(byte, 31); - encoded &= Mid(values, byte + 1, 1); + return createObject("java", "org.apache.commons.codec.binary.Base32").encodeToString( arguments.inputBytes ); - byte = bytes[i+3]; - if (byte < 0) byte += 256; - byte = bitAnd(byte, 3); - byte = bitSHLN(byte, 3); - byte2 = bytes[i+4]; - if (byte2 < 0) byte2 += 256; - byte2 = bitSHRN(byte2, 5); - byte = bitOr(byte, byte2); - encoded &= Mid(values, byte + 1, 1); - - byte = bytes[i+4]; - if (byte < 0) byte += 256; - byte = bitAnd(byte, 31); - encoded &= Mid(values, byte + 1, 1); - } - - encoded = Left(encoded, (arrayLen(inputBytes) / 5) * 8 + 1); - if (len(encoded) % 8 != 0) { - encoded &= repeatString("=", 8 - (len(encoded) % 8) ); - } - return encoded; } /** @@ -254,18 +170,6 @@ component output="false" { { return base32encode(string.getBytes()); } - - /* borrowed from org.apache.commons.codec.binary.Base32 */ - this.DECODE_TABLE = [ - // 0 1 2 3 4 5 6 7 8 9 A B C D E F - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, // 00-0f - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, // 10-1f - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 63, // 20-2f - -1, -1, 26, 27, 28, 29, 30, 31, -1, -1, -1, -1, -1, -1, -1, -1, // 30-3f 2-7 - -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, // 40-4f A-N - 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25 // 50-5a O-Z - ]; - /** * Decodes a Base32 encoded string * @param encoded the encoded string to decode @@ -273,45 +177,7 @@ component output="false" { */ public any function base32decode (required string encoded) { - var decoded = ""; - var byte = 0; - var byte2 = 0; - var byte3 = 0; - var encodedBytes = javaCast("string", encoded).getBytes(); - var unpaddedLength = Len(replace(encoded, "=", "", "all")); - var decodedBytes = createObject("java", "java.io.ByteArrayOutputStream").init(); - for (var i = 1; i <= arrayLen(encodedBytes); i += 8) - { - if (encodedBytes[i + 1] == 61) break; - byte = bitSHLN(this.DECODE_TABLE[encodedBytes[i]], 3); - byte2 = bitSHRN(this.DECODE_TABLE[encodedBytes[i + 1]], 2); - decodedBytes.write(bitOr(byte, byte2)); - - if (encodedBytes[i + 3] == 61) break; - byte = bitSHLN(bitAnd(this.DECODE_TABLE[encodedBytes[i + 1]], 3), 6); - byte2 = bitSHLN(this.DECODE_TABLE[encodedBytes[i + 2]], 1); - byte3 = bitSHRN(this.DECODE_TABLE[encodedBytes[i + 3]], 4); - decodedBytes.write(bitOr(bitOr(byte, byte2), byte3)); - - if (encodedBytes[i + 4] == 61) break; - byte = bitSHLN(bitAnd(this.DECODE_TABLE[encodedBytes[i + 3]], 15), 4); - byte2 = bitSHRN(this.DECODE_TABLE[encodedBytes[i + 4]], 1); - decodedBytes.write(bitOr(byte, byte2)); - - if (encodedBytes[i + 5] == 61) break; - byte = bitSHLN(bitAnd(this.DECODE_TABLE[encodedBytes[i + 4]], 1), 7); - byte2 = bitSHLN(this.DECODE_TABLE[encodedBytes[i + 5]], 2); - byte3 = bitSHRN(this.DECODE_TABLE[encodedBytes[i + 6]], 3); - decodedBytes.write(bitOr(bitOr(byte, byte2), byte3)); - - if (encodedBytes[i + 7] == 61) break; - byte = bitSHLN(bitAnd(this.DECODE_TABLE[encodedBytes[i + 6]], 7), 5); - byte2 = this.DECODE_TABLE[encodedBytes[i + 7]]; - decodedBytes.write(bitOr(byte, byte2)); - - } - - return decodedBytes.toByteArray(); + return createObject("java", "org.apache.commons.codec.binary.Base32").decode( arguments.encoded ); } /** @@ -319,7 +185,7 @@ component output="false" { */ public string function Base32decodeString (required any string, string encoding = "utf-8") { - return charsetEncode(base32decode(string), encoding);//createObject("java", "java.lang.String").init(base32decode(string)); + return charsetEncode(base32decode(string), encoding); } private numeric function getCurrentTime() diff --git a/sample/qrcode.min.js b/sample/qrcode.min.js deleted file mode 100644 index 5e942d3..0000000 --- a/sample/qrcode.min.js +++ /dev/null @@ -1 +0,0 @@ -var QRCode;(function(){function a(a){this.mode=c.MODE_8BIT_BYTE,this.data=a}function b(a,b){this.typeNumber=a,this.errorCorrectLevel=b,this.modules=null,this.moduleCount=0,this.dataCache=null,this.dataList=[]}function i(a,b){if(void 0==a.length)throw Error(a.length+"/"+b);for(var c=0;a.length>c&&0==a[c];)c++;this.num=Array(a.length-c+b);for(var d=0;a.length-c>d;d++)this.num[d]=a[d+c]}function j(a,b){this.totalCount=a,this.dataCount=b}function k(){this.buffer=[],this.length=0}function m(){return"undefined"!=typeof CanvasRenderingContext2D}function n(){var a=!1,b=navigator.userAgent;return/android/i.test(b)&&(a=!0,aMat=(""+b).match(/android ([0-9]\.[0-9])/i),aMat&&aMat[1]&&(a=parseFloat(aMat[1]))),a}function p(a,b){for(var c=1,e=0,f=l.length;f>=e;e++){var g=0;switch(b){case d.L:g=l[e][0];break;case d.M:g=l[e][1];break;case d.Q:g=l[e][2];break;case d.H:g=l[e][3]}if(g>=a.length)break;c++}if(c>l.length)throw Error("Too long data");return c}a.prototype={getLength:function(){return this.data.length},write:function(a){for(var b=0;this.data.length>b;b++)a.put(this.data.charCodeAt(b),8)}},b.prototype={addData:function(b){var c=new a(b);this.dataList.push(c),this.dataCache=null},isDark:function(a,b){if(0>a||a>=this.moduleCount||0>b||b>=this.moduleCount)throw Error(a+","+b);return this.modules[a][b]},getModuleCount:function(){return this.moduleCount},make:function(){this.makeImpl(!1,this.getBestMaskPattern())},makeImpl:function(a,c){this.moduleCount=4*this.typeNumber+17,this.modules=Array(this.moduleCount);for(var d=0;this.moduleCount>d;d++){this.modules[d]=Array(this.moduleCount);for(var e=0;this.moduleCount>e;e++)this.modules[d][e]=null}this.setupPositionProbePattern(0,0),this.setupPositionProbePattern(this.moduleCount-7,0),this.setupPositionProbePattern(0,this.moduleCount-7),this.setupPositionAdjustPattern(),this.setupTimingPattern(),this.setupTypeInfo(a,c),this.typeNumber>=7&&this.setupTypeNumber(a),null==this.dataCache&&(this.dataCache=b.createData(this.typeNumber,this.errorCorrectLevel,this.dataList)),this.mapData(this.dataCache,c)},setupPositionProbePattern:function(a,b){for(var c=-1;7>=c;c++)if(!(-1>=a+c||a+c>=this.moduleCount))for(var d=-1;7>=d;d++)-1>=b+d||b+d>=this.moduleCount||(this.modules[a+c][b+d]=c>=0&&6>=c&&(0==d||6==d)||d>=0&&6>=d&&(0==c||6==c)||c>=2&&4>=c&&d>=2&&4>=d?!0:!1)},getBestMaskPattern:function(){for(var a=0,b=0,c=0;8>c;c++){this.makeImpl(!0,c);var d=f.getLostPoint(this);(0==c||a>d)&&(a=d,b=c)}return b},createMovieClip:function(a,b,c){var d=a.createEmptyMovieClip(b,c),e=1;this.make();for(var f=0;this.modules.length>f;f++)for(var g=f*e,h=0;this.modules[f].length>h;h++){var i=h*e,j=this.modules[f][h];j&&(d.beginFill(0,100),d.moveTo(i,g),d.lineTo(i+e,g),d.lineTo(i+e,g+e),d.lineTo(i,g+e),d.endFill())}return d},setupTimingPattern:function(){for(var a=8;this.moduleCount-8>a;a++)null==this.modules[a][6]&&(this.modules[a][6]=0==a%2);for(var b=8;this.moduleCount-8>b;b++)null==this.modules[6][b]&&(this.modules[6][b]=0==b%2)},setupPositionAdjustPattern:function(){for(var a=f.getPatternPosition(this.typeNumber),b=0;a.length>b;b++)for(var c=0;a.length>c;c++){var d=a[b],e=a[c];if(null==this.modules[d][e])for(var g=-2;2>=g;g++)for(var h=-2;2>=h;h++)this.modules[d+g][e+h]=-2==g||2==g||-2==h||2==h||0==g&&0==h?!0:!1}},setupTypeNumber:function(a){for(var b=f.getBCHTypeNumber(this.typeNumber),c=0;18>c;c++){var d=!a&&1==(1&b>>c);this.modules[Math.floor(c/3)][c%3+this.moduleCount-8-3]=d}for(var c=0;18>c;c++){var d=!a&&1==(1&b>>c);this.modules[c%3+this.moduleCount-8-3][Math.floor(c/3)]=d}},setupTypeInfo:function(a,b){for(var c=this.errorCorrectLevel<<3|b,d=f.getBCHTypeInfo(c),e=0;15>e;e++){var g=!a&&1==(1&d>>e);6>e?this.modules[e][8]=g:8>e?this.modules[e+1][8]=g:this.modules[this.moduleCount-15+e][8]=g}for(var e=0;15>e;e++){var g=!a&&1==(1&d>>e);8>e?this.modules[8][this.moduleCount-e-1]=g:9>e?this.modules[8][15-e-1+1]=g:this.modules[8][15-e-1]=g}this.modules[this.moduleCount-8][8]=!a},mapData:function(a,b){for(var c=-1,d=this.moduleCount-1,e=7,g=0,h=this.moduleCount-1;h>0;h-=2)for(6==h&&h--;;){for(var i=0;2>i;i++)if(null==this.modules[d][h-i]){var j=!1;a.length>g&&(j=1==(1&a[g]>>>e));var k=f.getMask(b,d,h-i);k&&(j=!j),this.modules[d][h-i]=j,e--,-1==e&&(g++,e=7)}if(d+=c,0>d||d>=this.moduleCount){d-=c,c=-c;break}}}},b.PAD0=236,b.PAD1=17,b.createData=function(a,c,d){for(var e=j.getRSBlocks(a,c),g=new k,h=0;d.length>h;h++){var i=d[h];g.put(i.mode,4),g.put(i.getLength(),f.getLengthInBits(i.mode,a)),i.write(g)}for(var l=0,h=0;e.length>h;h++)l+=e[h].dataCount;if(g.getLengthInBits()>8*l)throw Error("code length overflow. ("+g.getLengthInBits()+">"+8*l+")");for(8*l>=g.getLengthInBits()+4&&g.put(0,4);0!=g.getLengthInBits()%8;)g.putBit(!1);for(;;){if(g.getLengthInBits()>=8*l)break;if(g.put(b.PAD0,8),g.getLengthInBits()>=8*l)break;g.put(b.PAD1,8)}return b.createBytes(g,e)},b.createBytes=function(a,b){for(var c=0,d=0,e=0,g=Array(b.length),h=Array(b.length),j=0;b.length>j;j++){var k=b[j].dataCount,l=b[j].totalCount-k;d=Math.max(d,k),e=Math.max(e,l),g[j]=Array(k);for(var m=0;g[j].length>m;m++)g[j][m]=255&a.buffer[m+c];c+=k;var n=f.getErrorCorrectPolynomial(l),o=new i(g[j],n.getLength()-1),p=o.mod(n);h[j]=Array(n.getLength()-1);for(var m=0;h[j].length>m;m++){var q=m+p.getLength()-h[j].length;h[j][m]=q>=0?p.get(q):0}}for(var r=0,m=0;b.length>m;m++)r+=b[m].totalCount;for(var s=Array(r),t=0,m=0;d>m;m++)for(var j=0;b.length>j;j++)g[j].length>m&&(s[t++]=g[j][m]);for(var m=0;e>m;m++)for(var j=0;b.length>j;j++)h[j].length>m&&(s[t++]=h[j][m]);return s};for(var c={MODE_NUMBER:1,MODE_ALPHA_NUM:2,MODE_8BIT_BYTE:4,MODE_KANJI:8},d={L:1,M:0,Q:3,H:2},e={PATTERN000:0,PATTERN001:1,PATTERN010:2,PATTERN011:3,PATTERN100:4,PATTERN101:5,PATTERN110:6,PATTERN111:7},f={PATTERN_POSITION_TABLE:[[],[6,18],[6,22],[6,26],[6,30],[6,34],[6,22,38],[6,24,42],[6,26,46],[6,28,50],[6,30,54],[6,32,58],[6,34,62],[6,26,46,66],[6,26,48,70],[6,26,50,74],[6,30,54,78],[6,30,56,82],[6,30,58,86],[6,34,62,90],[6,28,50,72,94],[6,26,50,74,98],[6,30,54,78,102],[6,28,54,80,106],[6,32,58,84,110],[6,30,58,86,114],[6,34,62,90,118],[6,26,50,74,98,122],[6,30,54,78,102,126],[6,26,52,78,104,130],[6,30,56,82,108,134],[6,34,60,86,112,138],[6,30,58,86,114,142],[6,34,62,90,118,146],[6,30,54,78,102,126,150],[6,24,50,76,102,128,154],[6,28,54,80,106,132,158],[6,32,58,84,110,136,162],[6,26,54,82,110,138,166],[6,30,58,86,114,142,170]],G15:1335,G18:7973,G15_MASK:21522,getBCHTypeInfo:function(a){for(var b=a<<10;f.getBCHDigit(b)-f.getBCHDigit(f.G15)>=0;)b^=f.G15<=0;)b^=f.G18<>>=1;return b},getPatternPosition:function(a){return f.PATTERN_POSITION_TABLE[a-1]},getMask:function(a,b,c){switch(a){case e.PATTERN000:return 0==(b+c)%2;case e.PATTERN001:return 0==b%2;case e.PATTERN010:return 0==c%3;case e.PATTERN011:return 0==(b+c)%3;case e.PATTERN100:return 0==(Math.floor(b/2)+Math.floor(c/3))%2;case e.PATTERN101:return 0==b*c%2+b*c%3;case e.PATTERN110:return 0==(b*c%2+b*c%3)%2;case e.PATTERN111:return 0==(b*c%3+(b+c)%2)%2;default:throw Error("bad maskPattern:"+a)}},getErrorCorrectPolynomial:function(a){for(var b=new i([1],0),c=0;a>c;c++)b=b.multiply(new i([1,g.gexp(c)],0));return b},getLengthInBits:function(a,b){if(b>=1&&10>b)switch(a){case c.MODE_NUMBER:return 10;case c.MODE_ALPHA_NUM:return 9;case c.MODE_8BIT_BYTE:return 8;case c.MODE_KANJI:return 8;default:throw Error("mode:"+a)}else if(27>b)switch(a){case c.MODE_NUMBER:return 12;case c.MODE_ALPHA_NUM:return 11;case c.MODE_8BIT_BYTE:return 16;case c.MODE_KANJI:return 10;default:throw Error("mode:"+a)}else{if(!(41>b))throw Error("type:"+b);switch(a){case c.MODE_NUMBER:return 14;case c.MODE_ALPHA_NUM:return 13;case c.MODE_8BIT_BYTE:return 16;case c.MODE_KANJI:return 12;default:throw Error("mode:"+a)}}},getLostPoint:function(a){for(var b=a.getModuleCount(),c=0,d=0;b>d;d++)for(var e=0;b>e;e++){for(var f=0,g=a.isDark(d,e),h=-1;1>=h;h++)if(!(0>d+h||d+h>=b))for(var i=-1;1>=i;i++)0>e+i||e+i>=b||(0!=h||0!=i)&&g==a.isDark(d+h,e+i)&&f++;f>5&&(c+=3+f-5)}for(var d=0;b-1>d;d++)for(var e=0;b-1>e;e++){var j=0;a.isDark(d,e)&&j++,a.isDark(d+1,e)&&j++,a.isDark(d,e+1)&&j++,a.isDark(d+1,e+1)&&j++,(0==j||4==j)&&(c+=3)}for(var d=0;b>d;d++)for(var e=0;b-6>e;e++)a.isDark(d,e)&&!a.isDark(d,e+1)&&a.isDark(d,e+2)&&a.isDark(d,e+3)&&a.isDark(d,e+4)&&!a.isDark(d,e+5)&&a.isDark(d,e+6)&&(c+=40);for(var e=0;b>e;e++)for(var d=0;b-6>d;d++)a.isDark(d,e)&&!a.isDark(d+1,e)&&a.isDark(d+2,e)&&a.isDark(d+3,e)&&a.isDark(d+4,e)&&!a.isDark(d+5,e)&&a.isDark(d+6,e)&&(c+=40);for(var k=0,e=0;b>e;e++)for(var d=0;b>d;d++)a.isDark(d,e)&&k++;var l=Math.abs(100*k/b/b-50)/5;return c+=10*l}},g={glog:function(a){if(1>a)throw Error("glog("+a+")");return g.LOG_TABLE[a]},gexp:function(a){for(;0>a;)a+=255;for(;a>=256;)a-=255;return g.EXP_TABLE[a]},EXP_TABLE:Array(256),LOG_TABLE:Array(256)},h=0;8>h;h++)g.EXP_TABLE[h]=1<h;h++)g.EXP_TABLE[h]=g.EXP_TABLE[h-4]^g.EXP_TABLE[h-5]^g.EXP_TABLE[h-6]^g.EXP_TABLE[h-8];for(var h=0;255>h;h++)g.LOG_TABLE[g.EXP_TABLE[h]]=h;i.prototype={get:function(a){return this.num[a]},getLength:function(){return this.num.length},multiply:function(a){for(var b=Array(this.getLength()+a.getLength()-1),c=0;this.getLength()>c;c++)for(var d=0;a.getLength()>d;d++)b[c+d]^=g.gexp(g.glog(this.get(c))+g.glog(a.get(d)));return new i(b,0)},mod:function(a){if(0>this.getLength()-a.getLength())return this;for(var b=g.glog(this.get(0))-g.glog(a.get(0)),c=Array(this.getLength()),d=0;this.getLength()>d;d++)c[d]=this.get(d);for(var d=0;a.getLength()>d;d++)c[d]^=g.gexp(g.glog(a.get(d))+b);return new i(c,0).mod(a)}},j.RS_BLOCK_TABLE=[[1,26,19],[1,26,16],[1,26,13],[1,26,9],[1,44,34],[1,44,28],[1,44,22],[1,44,16],[1,70,55],[1,70,44],[2,35,17],[2,35,13],[1,100,80],[2,50,32],[2,50,24],[4,25,9],[1,134,108],[2,67,43],[2,33,15,2,34,16],[2,33,11,2,34,12],[2,86,68],[4,43,27],[4,43,19],[4,43,15],[2,98,78],[4,49,31],[2,32,14,4,33,15],[4,39,13,1,40,14],[2,121,97],[2,60,38,2,61,39],[4,40,18,2,41,19],[4,40,14,2,41,15],[2,146,116],[3,58,36,2,59,37],[4,36,16,4,37,17],[4,36,12,4,37,13],[2,86,68,2,87,69],[4,69,43,1,70,44],[6,43,19,2,44,20],[6,43,15,2,44,16],[4,101,81],[1,80,50,4,81,51],[4,50,22,4,51,23],[3,36,12,8,37,13],[2,116,92,2,117,93],[6,58,36,2,59,37],[4,46,20,6,47,21],[7,42,14,4,43,15],[4,133,107],[8,59,37,1,60,38],[8,44,20,4,45,21],[12,33,11,4,34,12],[3,145,115,1,146,116],[4,64,40,5,65,41],[11,36,16,5,37,17],[11,36,12,5,37,13],[5,109,87,1,110,88],[5,65,41,5,66,42],[5,54,24,7,55,25],[11,36,12],[5,122,98,1,123,99],[7,73,45,3,74,46],[15,43,19,2,44,20],[3,45,15,13,46,16],[1,135,107,5,136,108],[10,74,46,1,75,47],[1,50,22,15,51,23],[2,42,14,17,43,15],[5,150,120,1,151,121],[9,69,43,4,70,44],[17,50,22,1,51,23],[2,42,14,19,43,15],[3,141,113,4,142,114],[3,70,44,11,71,45],[17,47,21,4,48,22],[9,39,13,16,40,14],[3,135,107,5,136,108],[3,67,41,13,68,42],[15,54,24,5,55,25],[15,43,15,10,44,16],[4,144,116,4,145,117],[17,68,42],[17,50,22,6,51,23],[19,46,16,6,47,17],[2,139,111,7,140,112],[17,74,46],[7,54,24,16,55,25],[34,37,13],[4,151,121,5,152,122],[4,75,47,14,76,48],[11,54,24,14,55,25],[16,45,15,14,46,16],[6,147,117,4,148,118],[6,73,45,14,74,46],[11,54,24,16,55,25],[30,46,16,2,47,17],[8,132,106,4,133,107],[8,75,47,13,76,48],[7,54,24,22,55,25],[22,45,15,13,46,16],[10,142,114,2,143,115],[19,74,46,4,75,47],[28,50,22,6,51,23],[33,46,16,4,47,17],[8,152,122,4,153,123],[22,73,45,3,74,46],[8,53,23,26,54,24],[12,45,15,28,46,16],[3,147,117,10,148,118],[3,73,45,23,74,46],[4,54,24,31,55,25],[11,45,15,31,46,16],[7,146,116,7,147,117],[21,73,45,7,74,46],[1,53,23,37,54,24],[19,45,15,26,46,16],[5,145,115,10,146,116],[19,75,47,10,76,48],[15,54,24,25,55,25],[23,45,15,25,46,16],[13,145,115,3,146,116],[2,74,46,29,75,47],[42,54,24,1,55,25],[23,45,15,28,46,16],[17,145,115],[10,74,46,23,75,47],[10,54,24,35,55,25],[19,45,15,35,46,16],[17,145,115,1,146,116],[14,74,46,21,75,47],[29,54,24,19,55,25],[11,45,15,46,46,16],[13,145,115,6,146,116],[14,74,46,23,75,47],[44,54,24,7,55,25],[59,46,16,1,47,17],[12,151,121,7,152,122],[12,75,47,26,76,48],[39,54,24,14,55,25],[22,45,15,41,46,16],[6,151,121,14,152,122],[6,75,47,34,76,48],[46,54,24,10,55,25],[2,45,15,64,46,16],[17,152,122,4,153,123],[29,74,46,14,75,47],[49,54,24,10,55,25],[24,45,15,46,46,16],[4,152,122,18,153,123],[13,74,46,32,75,47],[48,54,24,14,55,25],[42,45,15,32,46,16],[20,147,117,4,148,118],[40,75,47,7,76,48],[43,54,24,22,55,25],[10,45,15,67,46,16],[19,148,118,6,149,119],[18,75,47,31,76,48],[34,54,24,34,55,25],[20,45,15,61,46,16]],j.getRSBlocks=function(a,b){var c=j.getRsBlockTable(a,b);if(void 0==c)throw Error("bad rs block @ typeNumber:"+a+"/errorCorrectLevel:"+b);for(var d=c.length/3,e=[],f=0;d>f;f++)for(var g=c[3*f+0],h=c[3*f+1],i=c[3*f+2],k=0;g>k;k++)e.push(new j(h,i));return e},j.getRsBlockTable=function(a,b){switch(b){case d.L:return j.RS_BLOCK_TABLE[4*(a-1)+0];case d.M:return j.RS_BLOCK_TABLE[4*(a-1)+1];case d.Q:return j.RS_BLOCK_TABLE[4*(a-1)+2];case d.H:return j.RS_BLOCK_TABLE[4*(a-1)+3];default:return void 0}},k.prototype={get:function(a){var b=Math.floor(a/8);return 1==(1&this.buffer[b]>>>7-a%8)},put:function(a,b){for(var c=0;b>c;c++)this.putBit(1==(1&a>>>b-c-1))},getLengthInBits:function(){return this.length},putBit:function(a){var b=Math.floor(this.length/8);b>=this.buffer.length&&this.buffer.push(0),a&&(this.buffer[b]|=128>>>this.length%8),this.length++}};var l=[[17,14,11,7],[32,26,20,14],[53,42,32,24],[78,62,46,34],[106,84,60,44],[134,106,74,58],[154,122,86,64],[192,152,108,84],[230,180,130,98],[271,213,151,119],[321,251,177,137],[367,287,203,155],[425,331,241,177],[458,362,258,194],[520,412,292,220],[586,450,322,250],[644,504,364,280],[718,560,394,310],[792,624,442,338],[858,666,482,382],[929,711,509,403],[1003,779,565,439],[1091,857,611,461],[1171,911,661,511],[1273,997,715,535],[1367,1059,751,593],[1465,1125,805,625],[1528,1190,868,658],[1628,1264,908,698],[1732,1370,982,742],[1840,1452,1030,790],[1952,1538,1112,842],[2068,1628,1168,898],[2188,1722,1228,958],[2303,1809,1283,983],[2431,1911,1351,1051],[2563,1989,1423,1093],[2699,2099,1499,1139],[2809,2213,1579,1219],[2953,2331,1663,1273]],o=m()?function(){function k(){c.src=b.toDataURL("image/png"),c.style.display="block",b.style.display="none"}function o(a,b){if(d=b,e=a,null===g){var c=document.createElement("img"),f=function(){g=!1,d&&d()},h=function(){g=!0,e&&e()};return c.onabort=f,c.onerror=f,c.onload=h,c.src="",void 0}g===!0&&e?e():g===!1&&d&&d()}var a=null,b=null,c=null,d=null,e=null,f=null,g=null,h=null,i=!1,j=n();if(j&&2.1>=j){var l=1/window.devicePixelRatio,m=CanvasRenderingContext2D.prototype.drawImage;CanvasRenderingContext2D.prototype.drawImage=function(a,b,c,d,e,f,g,h){if("nodeName"in a&&/img/i.test(a.nodeName))for(var j=arguments.length-1;j>=1;j--)arguments[j]=arguments[j]*l;else h===void 0&&(arguments[1]*=l,arguments[2]*=l,arguments[3]*=l,arguments[4]*=l);m.apply(this,arguments)}}var p=function(d,e){f=e,b=document.createElement("canvas"),b.width=e.width,b.height=e.height,d.appendChild(b),a=d,h=b.getContext("2d"),i=!1,c=document.createElement("img"),c.style.display="none",a.appendChild(c),g=null};return p.prototype.draw=function(a){c.style.display="none";var b=a.getModuleCount(),d=f.width/b,e=f.height/b,g=Math.round(d),j=Math.round(e);this.clear();for(var k=0;b>k;k++)for(var l=0;b>l;l++){var m=a.isDark(k,l),n=l*d,o=k*e;h.strokeStyle=m?f.colorDark:f.colorLight,h.lineWidth=1,h.fillStyle=m?f.colorDark:f.colorLight,h.fillRect(n,o,d,e),h.strokeRect(Math.floor(n)+.5,Math.floor(o)+.5,g,j),h.strokeRect(Math.ceil(n)-.5,Math.ceil(o)-.5,g,j)}i=!0},p.prototype.makeImage=function(){i&&o(k)},p.prototype.isPainted=function(){return i},p.prototype.clear=function(){h.clearRect(0,0,b.width,b.height),i=!1},p.prototype.round=function(a){return a?Math.floor(1e3*a)/1e3:a},p}():function(){var a=null,b=null,c=function(c,d){a=c,b=d};return c.prototype.draw=function(c){for(var d=c.getModuleCount(),e=Math.floor(b.width/d),f=Math.floor(b.height/d),g=[''],h=0;d>h;h++){g.push("");for(var i=0;d>i;i++)g.push('');g.push("")}g.push("
"),a.innerHTML=g.join("");var j=a.childNodes[0],k=(b.width-j.offsetWidth)/2,l=(b.height-j.offsetHeight)/2;k>0&&l>0&&(j.style.margin=l+"px "+k+"px")},c.prototype.clear=function(){a.innerHTML=""},c}();QRCode=function(a,b){if(this._htOption={width:256,height:256,typeNumber:4,colorDark:"#000000",colorLight:"#ffffff",correctLevel:d.H},"string"==typeof b&&(b={text:b}),b)for(var c in b)this._htOption[c]=b[c];"string"==typeof a&&(a=document.getElementById(a)),this._android=n(),this._el=a,this._oQRCode=null,this._oDrawing=new o(this._el,this._htOption),this._htOption.text&&this.makeCode(this._htOption.text)},QRCode.prototype.makeCode=function(a){this._oQRCode=new b(p(a,this._htOption.correctLevel),this._htOption.correctLevel),this._oQRCode.addData(a),this._oQRCode.make(),this._el.title=a,this._oDrawing.draw(this._oQRCode),this.makeImage()},QRCode.prototype.makeImage=function(){"function"==typeof this._oDrawing.makeImage&&(!this._android||this._android>=3)&&this._oDrawing.makeImage()},QRCode.prototype.clear=function(){this._oDrawing.clear()},QRCode.CorrectLevel=d})(); \ No newline at end of file diff --git a/sample/sample_generate.cfm b/sample/sample_generate.cfm index 19c9271..7553621 100644 --- a/sample/sample_generate.cfm +++ b/sample/sample_generate.cfm @@ -25,6 +25,8 @@ THE SOFTWARE. auth = new authenticator.GoogleAuthenticator(); key = auth.generateKey(form.password); + otpurl = auth.getOTPURL(required string email, required string key); + otpqrurl = auth.getOTPQRURL( otpurl );
@@ -34,10 +36,9 @@ THE SOFTWARE.
+

Your secret key is: #key#

-
- - +

Check token

Verify token

\ No newline at end of file