ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
YubiKey.php
Go to the documentation of this file.
1<?php
2
3/*
4 * Copyright (C) 2009 Andreas Åkre Solberg <andreas.solberg@uninett.no>
5 * Copyright (C) 2009 Simon Josefsson <simon@yubico.com>.
6 *
7 * This file is part of SimpleSAMLphp
8 *
9 * SimpleSAMLphp is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public License
11 * as published by the Free Software Foundation; either version 3 of
12 * the License, or (at your option) any later version.
13 *
14 * SimpleSAMLphp is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License License along with GNU SASL Library; if not, write to the
21 * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
22 * Boston, MA 02110-1301, USA.
23 *
24 */
25
42class sspmod_authYubiKey_Auth_Source_YubiKey extends SimpleSAML_Auth_Source {
43
47 const STAGEID = 'sspmod_authYubiKey_Auth_Source_YubiKey.state';
48
53 const TOKENSIZE = 32;
54
58 const AUTHID = 'sspmod_authYubiKey_Auth_Source_YubiKey.AuthId';
59
63 private $yubi_id;
64 private $yubi_key;
65
72 public function __construct($info, $config) {
73 assert('is_array($info)');
74 assert('is_array($config)');
75
76 // Call the parent constructor first, as required by the interface
77 parent::__construct($info, $config);
78
79 if (array_key_exists('id', $config)) {
80 $this->yubi_id = $config['id'];
81 }
82
83 if (array_key_exists('key', $config)) {
84 $this->yubi_key = $config['key'];
85 }
86 }
87
88
97 public function authenticate(&$state) {
98 assert('is_array($state)');
99
100 // We are going to need the authId in order to retrieve this authentication source later
101 $state[self::AUTHID] = $this->authId;
102
103 $id = SimpleSAML_Auth_State::saveState($state, self::STAGEID);
104
105 $url = SimpleSAML\Module::getModuleURL('authYubiKey/yubikeylogin.php');
106 \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('AuthState' => $id));
107 }
108
109
122 public static function handleLogin($authStateId, $otp) {
123 assert('is_string($authStateId)');
124 assert('is_string($otp)');
125
126 /* Retrieve the authentication state. */
127 $state = SimpleSAML_Auth_State::loadState($authStateId, self::STAGEID);
128
129 /* Find authentication source. */
130 assert('array_key_exists(self::AUTHID, $state)');
131 $source = SimpleSAML_Auth_Source::getById($state[self::AUTHID]);
132 if ($source === NULL) {
133 throw new Exception('Could not find authentication source with id ' . $state[self::AUTHID]);
134 }
135
136
137 try {
138 /* Attempt to log in. */
139 $attributes = $source->login($otp);
140 } catch (SimpleSAML_Error_Error $e) {
141 /* An error occurred during login. Check if it is because of the wrong
142 * username/password - if it is, we pass that error up to the login form,
143 * if not, we let the generic error handler deal with it.
144 */
145 if ($e->getErrorCode() === 'WRONGUSERPASS') {
146 return 'WRONGUSERPASS';
147 }
148
149 /* Some other error occurred. Rethrow exception and let the generic error
150 * handler deal with it.
151 */
152 throw $e;
153 }
154
155 $state['Attributes'] = $attributes;
156 SimpleSAML_Auth_Source::completeAuth($state);
157 }
158
162 public static function getYubiKeyPrefix($otp) {
163 $uid = substr ($otp, 0, strlen ($otp) - self::TOKENSIZE);
164 return $uid;
165 }
166
180 protected function login($otp) {
181 assert('is_string($otp)');
182
183 require_once dirname(dirname(dirname(dirname(__FILE__)))) . '/libextinc/Yubico.php';
184
185 $attributes = array();
186
187 try {
188 $yubi = new Auth_Yubico($this->yubi_id, $this->yubi_key);
189 $auth = $yubi->verify($otp);
190 $uid = self::getYubiKeyPrefix($otp);
191 $attributes = array('uid' => array($uid));
192 } catch (Exception $e) {
193 SimpleSAML\Logger::info('YubiKey:' . $this->authId . ': Validation error (otp ' . $otp . '), debug output: ' . $yubi->getLastResponse());
194
195 throw new SimpleSAML_Error_Error('WRONGUSERPASS', $e);
196 }
197
198 SimpleSAML\Logger::info('YubiKey:' . $this->authId . ': YubiKey otp ' . $otp . ' validated successfully: ' . $yubi->getLastResponse());
199
200 return $attributes;
201 }
202
203}
$auth
$auth
Definition: metadata.php:48
$source
$source
Definition: linkback.php:22
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
php
An exception for terminatinating execution or to throw for unit testing.
SimpleSAML\Logger\info
static info($string)
Definition: Logger.php:201
SimpleSAML\Module\getModuleURL
static getModuleURL($resource, array $parameters=array())
Get absolute URL to a specified module resource.
Definition: Module.php:303
SimpleSAML\Utils\HTTP\redirectTrustedURL
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:962
SimpleSAML_Auth_Source
Definition: Source.php:13
SimpleSAML_Auth_Source\getById
static getById($authId, $type=null)
Retrieve authentication source.
Definition: Source.php:324
SimpleSAML_Auth_Source\completeAuth
static completeAuth(&$state)
Complete authentication.
Definition: Source.php:135
SimpleSAML_Auth_Source\$authId
$authId
Definition: Source.php:22
SimpleSAML_Auth_State\saveState
static saveState(&$state, $stage, $rawId=false)
Save the state.
Definition: State.php:194
SimpleSAML_Auth_State\loadState
static loadState($id, $stage, $allowMissing=false)
Retrieve saved state.
Definition: State.php:259
SimpleSAML_Error_Error
Definition: Error.php:11
SimpleSAML_Error_Error\getErrorCode
getErrorCode()
Retrieve the error code given when throwing this error.
Definition: Error.php:129
sspmod_authYubiKey_Auth_Source_YubiKey
Definition: YubiKey.php:42
sspmod_authYubiKey_Auth_Source_YubiKey\__construct
__construct($info, $config)
Constructor for this authentication source.
Definition: YubiKey.php:72
sspmod_authYubiKey_Auth_Source_YubiKey\AUTHID
const AUTHID
The key of the AuthId field in the state.
Definition: YubiKey.php:58
sspmod_authYubiKey_Auth_Source_YubiKey\TOKENSIZE
const TOKENSIZE
The number of characters of the OTP that is the secure token.
Definition: YubiKey.php:53
sspmod_authYubiKey_Auth_Source_YubiKey\login
login($otp)
Attempt to log in using the given username and password.
Definition: YubiKey.php:180
sspmod_authYubiKey_Auth_Source_YubiKey\$yubi_id
$yubi_id
The client id/key for use with the Auth_Yubico PHP module.
Definition: YubiKey.php:63
sspmod_authYubiKey_Auth_Source_YubiKey\authenticate
authenticate(&$state)
Initialize login.
Definition: YubiKey.php:97
sspmod_authYubiKey_Auth_Source_YubiKey\handleLogin
static handleLogin($authStateId, $otp)
Handle login request.
Definition: YubiKey.php:122
sspmod_authYubiKey_Auth_Source_YubiKey\$yubi_key
$yubi_key
Definition: YubiKey.php:64
sspmod_authYubiKey_Auth_Source_YubiKey\getYubiKeyPrefix
static getYubiKeyPrefix($otp)
Return the user id part of a one time passord.
Definition: YubiKey.php:162
sspmod_authYubiKey_Auth_Source_YubiKey\STAGEID
const STAGEID
The string used to identify our states.
Definition: YubiKey.php:47
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
$info
$info
Definition: index.php:5
Auth_Yubico
$url
$url
Definition: proxy_ylocal.php:28
$attributes
$attributes
Definition: serviceValidate.php:33
$authStateId
if(!array_key_exists('AuthState', $_REQUEST)) $authStateId
Definition: yubikeylogin.php:15