eduVPN / vpn-server-api

        $service->post(

            '/set_totp_secret',

            function (Request $request, array $hookData) {

                AuthUtils::requireUser($hookData, ['vpn-user-portal']);

                $userId = InputValidation::userId($request->getPostParameter('user_id'));

                $totpKey = InputValidation::totpKey($request->getPostParameter('totp_key'));

                $totpSecret = InputValidation::totpSecret($request->getPostParameter('totp_secret'));

                $twoFactor = new TwoFactor($this->storage, new DateTime('now'));

                try {

                    $twoFactor->verifyTotp($userId, $totpKey, $totpSecret);

                } catch (TwoFactorException $e) {

                    return new ApiErrorResponse('set_totp_secret', $e->getMessage());

                }

                $this->storage->setTotpSecret($userId, $totpSecret);

                return new ApiResponse('set_totp_secret');

            }

        );

        $service->post(

        return new ApiResponse('disconnect');

    }

    public function verifyOtp(Request $request)

    {

        $commonName = InputValidation::commonName($request->getPostParameter('common_name'));

        // we do not need 'otp_type', as only 'totp' is supported at the moment

        InputValidation::otpType($request->getPostParameter('otp_type'));

        $totpKey = InputValidation::totpKey($request->getPostParameter('totp_key'));

        $certInfo = $this->storage->getUserCertificateInfo($commonName);

        $userId = $certInfo['user_id'];

        $twoFactor = new TwoFactor($this->storage, new DateTime('now'));

        try {

            $twoFactor->verifyTotp($userId, $totpKey);

        } catch (TwoFactorException $e) {

            return new ApiErrorResponse('verify_otp', $e->getMessage());

        }

        return new ApiResponse('verify_otp');

    }

    private function verifyConnection($profileId, $commonName)

    {