users with TOTP MFA could not utilize material theme yet.

Author: Billy Clark

README.md

@@ -169,7 +169,9 @@ If configured, an alert will be shown to the user filled with the content of tha
 5. Click **hub-discovery**
 6. Click **idp4**
 7. Login as a "totp" user: `username=`**has_totp** `password=`**a**
-7. TODO: add remaining steps
+8. Setup an app using this secret, `GFDHSMZ6EVBFGRB4`, [QR Code](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAALQAAAC0CAYAAAA9zQYyAAAAAklEQVR4AewaftIAAAdTSURBVO3BQQ4bOxbAQFLw/a/MyVIrAY22M/nCq7I/GOMSizEushjjIosxLrIY4yKLMS6yGOMiizEushjjIosxLrIY4yKLMS6yGOMiizEushjjIosxLvLhJZW/qWKnclLxhspJxYnKrmKnsqvYqewqdipvVJyo/E0VbyzGuMhijIssxrjIhy+r+CaVJyp2KruKncquYlfxRsVO5UTlROWkYqeyq9ip7CpOKr5J5ZsWY1xkMcZFFmNc5MOPqTxR8UTFTmVX8YTKExVPVOxUdhVvqPxNKk9U/NJijIssxrjIYoyLfPiPUzlR2VXsKr5JZVexU3lCZVfxTRU3WYxxkcUYF1mMcZEP/3EVO5UnVJ6o2Km8UbFTOVF5Q+Wk4r9sMcZFFmNcZDHGRT78WMW/RGVXcaKyU9lVvKFyUnGisqvYqewqvqniX7IY4yKLMS6yGOMiH75M5W9S2VXsVHYVO5VdxUnFTmVXsVPZVexUdhU7lV3FN6nsKk5U/mWLMS6yGOMiizEu8uGlin9ZxS9V7FROVE5UdhUnFTuVE5UnKv5LFmNcZDHGRRZjXMT+4AWVXcVO5aRip/JExYnKruIJlScqTlROKn5JZVdxorKrOFHZVexUTireWIxxkcUYF1mMcZEPP1ZxorKr+KaKncquYqfySxUnKruKN1R2FScqT6icqJxUfNNijIssxrjIYoyL2B98kcquYqdyUrFTOanYqXxTxU5lV7FTOal4QmVX8YbKruJEZVdxorKr+JsWY1xkMcZFFmNc5MOXVexU3qjYqZxUPKGyq3ijYqeyU9lVPKHyRMWJyi+p7Cp+aTHGRRZjXGQxxkU+vKTyRMWJyhMq36RyUrFTOan4pYqdyk7lpOJE5URlV3GiclLxxmKMiyzGuMhijIt8+LKKncpOZVdxUnGisqvYqZxU7FTeqNipnFScVJyo7CpOVE5U/ssWY1xkMcZFFmNc5MNLFScVO5UnVE4qdiq7ijcqTip2Kk+o7Cp2KruKE5WTip3KruJE5QmVXcVO5ZsWY1xkMcZFFmNc5MOXqbxR8YTKEyonFTuVXcUbFTuVnco3VexUdhU7lV3FrmKnclJxUvFNizEushjjIosxLvLhJZUnKp5QeUNlV7FTOanYqfxSxYnKrmKnslPZVexUfkllV/FLizEushjjIosxLmJ/8EUqb1Q8ofJGxRsqu4oTlScqnlD5mypOVJ6oeGMxxkUWY1xkMcZFPnxZxYnKicpJxRMVO5Wdyv9TxYnKrmKnsqt4Q2VXcaKyq/h/WoxxkcUYF1mMcZEPL6n8UsUTFd9U8YTKruKbVHYVJyonFbuKncquYlexUzmp2Kl802KMiyzGuMhijIvYH3yRyq7iROWNip3KruIJlZOKncpJxRMqu4pvUtlV7FR2FScqJxU7lZOKNxZjXGQxxkUWY1zkw0squ4qdyhMV36Syq9ipPKFyUnGiclKxUzmpeKJip/JGxU7l/2kxxkUWY1xkMcZF7A++SGVXsVPZVexUnqg4UdlVnKjsKk5UTiqeUHmiYqdyUvFNKicVO5VdxTctxrjIYoyLLMa4yIeXVHYVO5VdxRMVJyq7im9SOak4UdlVvFHxRMU3qTyhcqKyq3hjMcZFFmNcZDHGRT58mcqu4kTlROWkYqeyqzhReaLim1SeUHlD5aTiiYoTlV3FLy3GuMhijIssxrjIh5cqdio7lV3FrmKnsqt4Q2VXcVKxUzlR2VW8UXGisqvYqTxRcaKyqzhROVE5qXhjMcZFFmNcZDHGRT78Yyp2KruKk4qdyknFTmVXsVN5Q+WNiidUnlDZVZyo7Cp2KicV37QY4yKLMS6yGOMiH15S2VXsVJ5Q2VWcqJxUfFPFTuWk4gmVXcVO5aRip/JExU7lCZUnVHYVbyzGuMhijIssxriI/cEPqfxSxRMqu4qdyhsVb6icVJyo/MsqfmkxxkUWY1xkMcZFPvxYxS+p7CqeUDmpeEJlV3Gisqs4UTmp2Kk8UfGEyr9kMcZFFmNcZDHGRT68pPI3VZyonFScqPw/qewqdhU7lZOKE5UTlV3FScUTKruKNxZjXGQxxkUWY1zkw5dVfJPKGxVvqJxU7CpOVHYVJyq7il3FicobFU+o7Cp2KruKb1qMcZHFGBdZjHGRDz+m8kTFExU7lZ3KScWu4ptUdhVvqDxRcaKyU/kvW4xxkcUYF1mMcZEP/3Equ4onVN6oeEPliYqdyq5ip7KreKNip3Kisqv4pcUYF1mMcZHFGBf5cDmVXcVJxRMqJxU7lZOKJypOKnYqb6icVOxUdiq7im9ajHGRxRgXWYxxkQ8/VvFLFTuVE5VdxU5lV/FNFTuVE5U3Kk4qTlROKnYqu4q/aTHGRRZjXGQxxkU+fJnK36TyRMUbKruKE5U3Kp5QeULlb1I5qXhjMcZFFmNcZDHGRewPxrjEYoyLLMa4yGKMiyzGuMhijIssxrjIYoyLLMa4yGKMiyzGuMhijIssxrjIYoyLLMa4yGKMi/wPXRyfsu/8YKUAAAAASUVORK5CYII=)
+9. Enter code from app to verify
+10. Click **Logout**
 
 #### Key (U2F)
 1. Goto [http://ssp-hub.local](http://ssp-hub.local)

development/idp4/m991231_235959_insert_mfa_test_users.php

@@ -39,10 +39,10 @@ public function safeUp()
         $this->batchInsert('{{mfa}}',
             ['id','user_id','type'      ,'external_uuid'                       ,'verified','created_utc'        ],[
             [ 1  , 3       ,'backupcode',NULL                                  , 1        , MySqlDateTime::now()],
-            [ 2  , 4       ,'totp'      ,''                                    , 1        , MySqlDateTime::now()],
+            [ 2  , 4       ,'totp'      ,'2f062961-00af-4abf-a7ad-5986778789c1', 1        , MySqlDateTime::now()], // GFDHSMZ6EVBFGRB4
             [ 3  , 5       ,'u2f'       ,'c4f7d437-ad38-4393-a226-22f35cb1bcce', 1        , MySqlDateTime::now()],
             [ 4  , 6       ,'backupcode',NULL                                  , 1        , MySqlDateTime::now()],
-            [ 5  , 6       ,'totp'      ,''                                    , 1        , MySqlDateTime::now()],
+            [ 5  , 6       ,'totp'      ,'2f062961-00af-4abf-a7ad-5986778789c1', 1        , MySqlDateTime::now()], // GFDHSMZ6EVBFGRB4
             [ 6  , 6       ,'u2f'       ,'c4f7d437-ad38-4393-a226-22f35cb1bcce', 1        , MySqlDateTime::now()],
         ]);
 

dictionaries/mfa.definition.json

@@ -36,6 +36,30 @@
 		"fr": "TODO",
 		"ko": "TODO"
 	},
+	"totp_header": {
+		"en": "Verification app",
+		"es": "TODO",
+		"fr": "TODO",
+		"ko": "TODO"
+	},
+	"totp_icon": {
+		"en": "Verification app icon",
+		"es": "TODO",
+		"fr": "TODO",
+		"ko": "TODO"
+	},
+	"totp_instructions": {
+		"en": "You will need to check your verification app for the current code.",
+		"es": "TODO",
+		"fr": "TODO",
+		"ko": "TODO"
+	},
+	"totp_input": {
+		"en": "Enter 6-digit code",
+		"es": "TODO",
+		"fr": "TODO",
+		"ko": "TODO"
+	},
 	"button_verify": {
 		"en": "Verify",
 		"es": "TODO",

themes/material/mfa/prompt-for-mfa-backupcode.php

@@ -36,7 +36,7 @@
                     </h1>
                 </div>
 
-                <div class="mdl-card__title" >
+                <div class="mdl-card__title center" >
                     <p class="mdl-card__subtitle-text">
                         <?= $this->t('{material:mfa:backup_code_reminder}') ?>
                     </p>

themes/material/mfa/prompt-for-mfa-totp.php

@@ -0,0 +1,99 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <title><?= $this->t('{material:mfa:title}') ?></title>
+
+    <?php include __DIR__ . '/../common-head-elements.php' ?>
+</head>
+<body class="gradient-bg">
+<div class="mdl-layout mdl-layout--fixed-header fill-viewport">
+    <header class="mdl-layout__header">
+        <div class="mdl-layout__header-row">
+            <span class="mdl-layout-title">
+                <?= $this->t('{material:mfa:header}') ?>
+            </span>
+        </div>
+    </header>
+    <main class="mdl-layout__content" layout-children="column">
+        <form layout-children="column" method="POST">
+            <?php
+            foreach ($this->data['formData'] as $name => $value) {
+             ?>
+            <input type="hidden" name="<?= htmlentities($name); ?>"
+                   value="<?= htmlentities($value); ?>"/>
+            <?php
+            }
+            ?>
+            <div class="mdl-card mdl-shadow--8dp">
+                <div class="mdl-card__media white-bg margin" layout-children="column">
+                    <img src="/module.php/material/mfa-totp-app.svg"
+                         alt="<?= $this->t('{material:mfa:totp_icon}') ?>">
+                </div>
+
+                <div class="mdl-card__title center">
+                    <h1 class="mdl-card__title-text">
+                        <?= $this->t('{material:mfa:totp_header}') ?>
+                    </h1>
+                </div>
+
+                <div class="mdl-card__title center" >
+                    <p class="mdl-card__subtitle-text">
+                        <?= $this->t('{material:mfa:totp_instructions}') ?>
+                    </p>
+                </div>
+
+                <div class="mdl-card__supporting-text" layout-children="column">
+                    <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
+                        <label for="mfaSubmission" class="mdl-textfield__label">
+                            <?= $this->t('{material:mfa:totp_input}') ?>
+                        </label>
+                        <input name="mfaSubmission" class="mdl-textfield__input" autofocus
+                               id="mfaSubmission"/>
+                    </div>
+                </div>
+
+                <?php
+                $message = $this->data['errorMessage'];
+
+                if (! empty($message)) {
+                ?>
+                <div class="mdl-card__supporting-text" layout-children="column">
+                    <p class="mdl-color-text--red error">
+                        <i class="material-icons">error</i>
+
+                        <span class="mdl-typography--caption">
+                            <?= htmlentities($message) ?>
+                        </span>
+                    </p>
+                </div>
+
+                <script>
+                    ga('send','event','error','totp', <?= $message ?>');
+                </script>
+                <?php
+                }
+                ?>
+
+                <div class="mdl-card__actions" layout-children="row">
+                    <span flex></span>
+                    <button type="submit" name="submitMfa"
+                            class="mdl-button mdl-button--raised mdl-button--primary">
+                        <?= $this->t('{material:mfa:button_verify}') ?>
+                    </button>
+                </div>
+            </div>
+
+            <div>
+                <label class="mdl-checkbox mdl-js-checkbox mdl-js-ripple-effect">
+                    <span class="mdl-checkbox__label">
+                        <?= $this->t('{material:mfa:remember_this}') ?>
+                    </span>
+                    <input type="checkbox" name="rememberMe" value="true" checked
+                           class="mdl-checkbox__input"/>
+                </label>
+            </div>
+        </form>
+    </main>
+</div>
+</body>
+</html>