ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Static Public Member Functions | Data Fields | Protected Member Functions | Private Attributes
sspmod_authYubiKey_Auth_Source_YubiKey Class Reference
+ Inheritance diagram for sspmod_authYubiKey_Auth_Source_YubiKey:
+ Collaboration diagram for sspmod_authYubiKey_Auth_Source_YubiKey:

Public Member Functions

 __construct ($info, $config)
 Constructor for this authentication source. More...
 
 authenticate (&$state)
 Initialize login. More...
 
- Public Member Functions inherited from SimpleSAML_Auth_Source
 __construct ($info, &$config)
 Constructor for an authentication source. More...
 
 getAuthId ()
 Retrieve the ID of this authentication source. More...
 
 authenticate (&$state)
 Process a request. More...
 
 reauthenticate (array &$state)
 Reauthenticate an user. More...
 
 initLogin ($return, $errorURL=null, array $params=array())
 Start authentication. More...
 
 logout (&$state)
 Log out from this authentication source. More...
 

Static Public Member Functions

static handleLogin ($authStateId, $otp)
 Handle login request. More...
 
static getYubiKeyPrefix ($otp)
 Return the user id part of a one time passord. More...
 
- Static Public Member Functions inherited from SimpleSAML_Auth_Source
static getSourcesOfType ($type)
 Get sources of a specific type. More...
 
static completeAuth (&$state)
 Complete authentication. More...
 
static loginCompleted ($state)
 Called when a login operation has finished. More...
 
static completeLogout (&$state)
 Complete logout. More...
 
static getById ($authId, $type=null)
 Retrieve authentication source. More...
 
static logoutCallback ($state)
 Called when the authentication source receives an external logout request. More...
 
static getSources ()
 Retrieve list of authentication sources. More...
 

Data Fields

const STAGEID = 'sspmod_authYubiKey_Auth_Source_YubiKey.state'
 The string used to identify our states. More...
 
const TOKENSIZE = 32
 The number of characters of the OTP that is the secure token. More...
 
const AUTHID = 'sspmod_authYubiKey_Auth_Source_YubiKey.AuthId'
 The key of the AuthId field in the state. More...
 

Protected Member Functions

 login ($otp)
 Attempt to log in using the given username and password. More...
 
- Protected Member Functions inherited from SimpleSAML_Auth_Source
 addLogoutCallback ($assoc, $state)
 Add a logout callback association. More...
 
 callLogoutCallback ($assoc)
 Call a logout callback based on association. More...
 

Private Attributes

 $yubi_id
 The client id/key for use with the Auth_Yubico PHP module. More...
 
 $yubi_key
 

Additional Inherited Members

- Static Protected Member Functions inherited from SimpleSAML_Auth_Source
static validateSource ($source, $id)
 Make sure that the first element of an auth source is its identifier. More...
 
- Protected Attributes inherited from SimpleSAML_Auth_Source
 $authId
 

Detailed Description

Definition at line 42 of file YubiKey.php.

Constructor & Destructor Documentation

◆ __construct()

sspmod_authYubiKey_Auth_Source_YubiKey::__construct (   $info,
  $config 
)

Constructor for this authentication source.

Parameters
array$infoInformation about this authentication source.
array$configConfiguration.

Definition at line 72 of file YubiKey.php.

72 {
73 assert('is_array($info)');
74 assert('is_array($config)');
75
76 // Call the parent constructor first, as required by the interface
77 parent::__construct($info, $config);
78
79 if (array_key_exists('id', $config)) {
80 $this->yubi_id = $config['id'];
81 }
82
83 if (array_key_exists('key', $config)) {
84 $this->yubi_key = $config['key'];
85 }
86 }
$info
$info
Definition: index.php:5

References $config, and $info.

Member Function Documentation

◆ authenticate()

sspmod_authYubiKey_Auth_Source_YubiKey::authenticate ( $state)

Initialize login.

This function saves the information about the login, and redirects to a login page.

Parameters
array&$stateInformation about the current authentication.

Reimplemented from SimpleSAML_Auth_Source.

Definition at line 97 of file YubiKey.php.

97 {
98 assert('is_array($state)');
99
100 // We are going to need the authId in order to retrieve this authentication source later
101 $state[self::AUTHID] = $this->authId;
102
103 $id = SimpleSAML_Auth_State::saveState($state, self::STAGEID);
104
105 $url = SimpleSAML\Module::getModuleURL('authYubiKey/yubikeylogin.php');
106 \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('AuthState' => $id));
107 }
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
SimpleSAML\Module\getModuleURL
static getModuleURL($resource, array $parameters=array())
Get absolute URL to a specified module resource.
Definition: Module.php:303
SimpleSAML\Utils\HTTP\redirectTrustedURL
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:962
SimpleSAML_Auth_Source\$authId
$authId
Definition: Source.php:22
SimpleSAML_Auth_State\saveState
static saveState(&$state, $stage, $rawId=false)
Save the state.
Definition: State.php:194
sspmod_authYubiKey_Auth_Source_YubiKey\AUTHID
const AUTHID
The key of the AuthId field in the state.
Definition: YubiKey.php:58
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
$url
$url
Definition: proxy_ylocal.php:28

References SimpleSAML_Auth_Source\$authId, $id, $state, $url, AUTHID, SimpleSAML\Module\getModuleURL(), SimpleSAML\Utils\HTTP\redirectTrustedURL(), and SimpleSAML_Auth_State\saveState().

+ Here is the call graph for this function:

◆ getYubiKeyPrefix()

static sspmod_authYubiKey_Auth_Source_YubiKey::getYubiKeyPrefix (   $otp)
static

Return the user id part of a one time passord.

Definition at line 162 of file YubiKey.php.

162 {
163 $uid = substr ($otp, 0, strlen ($otp) - self::TOKENSIZE);
164 return $uid;
165 }

Referenced by login().

+ Here is the caller graph for this function:

◆ handleLogin()

static sspmod_authYubiKey_Auth_Source_YubiKey::handleLogin (   $authStateId,
  $otp 
)
static

Handle login request.

This function is used by the login form (core/www/loginuserpass.php) when the user enters a username and password. On success, it will not return. On wrong username/password failure, it will return the error code. Other failures will throw an exception.

Parameters
string$authStateIdThe identifier of the authentication state.
string$otpThe one time password entered-
Returns
string Error code in the case of an error.

Definition at line 122 of file YubiKey.php.

122 {
123 assert('is_string($authStateId)');
124 assert('is_string($otp)');
125
126 /* Retrieve the authentication state. */
127 $state = SimpleSAML_Auth_State::loadState($authStateId, self::STAGEID);
128
129 /* Find authentication source. */
130 assert('array_key_exists(self::AUTHID, $state)');
131 $source = SimpleSAML_Auth_Source::getById($state[self::AUTHID]);
132 if ($source === NULL) {
133 throw new Exception('Could not find authentication source with id ' . $state[self::AUTHID]);
134 }
135
136
137 try {
138 /* Attempt to log in. */
139 $attributes = $source->login($otp);
140 } catch (SimpleSAML_Error_Error $e) {
141 /* An error occurred during login. Check if it is because of the wrong
142 * username/password - if it is, we pass that error up to the login form,
143 * if not, we let the generic error handler deal with it.
144 */
145 if ($e->getErrorCode() === 'WRONGUSERPASS') {
146 return 'WRONGUSERPASS';
147 }
148
149 /* Some other error occurred. Rethrow exception and let the generic error
150 * handler deal with it.
151 */
152 throw $e;
153 }
154
155 $state['Attributes'] = $attributes;
156 SimpleSAML_Auth_Source::completeAuth($state);
157 }
$source
$source
Definition: linkback.php:22
SimpleSAML_Auth_Source\getById
static getById($authId, $type=null)
Retrieve authentication source.
Definition: Source.php:324
SimpleSAML_Auth_Source\completeAuth
static completeAuth(&$state)
Complete authentication.
Definition: Source.php:135
SimpleSAML_Auth_State\loadState
static loadState($id, $stage, $allowMissing=false)
Retrieve saved state.
Definition: State.php:259
SimpleSAML_Error_Error
Definition: Error.php:11
SimpleSAML_Error_Error\getErrorCode
getErrorCode()
Retrieve the error code given when throwing this error.
Definition: Error.php:129
$attributes
$attributes
Definition: serviceValidate.php:33
$authStateId
if(!array_key_exists('AuthState', $_REQUEST)) $authStateId
Definition: yubikeylogin.php:15

References $attributes, $authStateId, $source, $state, SimpleSAML_Auth_Source\completeAuth(), SimpleSAML_Auth_Source\getById(), SimpleSAML_Error_Error\getErrorCode(), and SimpleSAML_Auth_State\loadState().

+ Here is the call graph for this function:

◆ login()

sspmod_authYubiKey_Auth_Source_YubiKey::login (   $otp)
protected

Attempt to log in using the given username and password.

On a successful login, this function should return the users attributes. On failure, it should throw an exception. If the error was caused by the user entering the wrong username or password, a SimpleSAML_Error_Error('WRONGUSERPASS') should be thrown.

Note that both the username and the password are UTF-8 encoded.

Parameters
string$usernameThe username the user wrote.
string$passwordThe password the user wrote.
Returns
array Associative array with the users attributes.

Definition at line 180 of file YubiKey.php.

180 {
181 assert('is_string($otp)');
182
183 require_once dirname(dirname(dirname(dirname(__FILE__)))) . '/libextinc/Yubico.php';
184
185 $attributes = array();
186
187 try {
188 $yubi = new Auth_Yubico($this->yubi_id, $this->yubi_key);
189 $auth = $yubi->verify($otp);
190 $uid = self::getYubiKeyPrefix($otp);
191 $attributes = array('uid' => array($uid));
192 } catch (Exception $e) {
193 SimpleSAML\Logger::info('YubiKey:' . $this->authId . ': Validation error (otp ' . $otp . '), debug output: ' . $yubi->getLastResponse());
194
195 throw new SimpleSAML_Error_Error('WRONGUSERPASS', $e);
196 }
197
198 SimpleSAML\Logger::info('YubiKey:' . $this->authId . ': YubiKey otp ' . $otp . ' validated successfully: ' . $yubi->getLastResponse());
199
200 return $attributes;
201 }
$auth
$auth
Definition: metadata.php:48
SimpleSAML\Logger\info
static info($string)
Definition: Logger.php:201
sspmod_authYubiKey_Auth_Source_YubiKey\getYubiKeyPrefix
static getYubiKeyPrefix($otp)
Return the user id part of a one time passord.
Definition: YubiKey.php:162
Auth_Yubico

References $attributes, $auth, getYubiKeyPrefix(), and SimpleSAML\Logger\info().

+ Here is the call graph for this function:

Field Documentation

◆ $yubi_id

sspmod_authYubiKey_Auth_Source_YubiKey::$yubi_id
private

The client id/key for use with the Auth_Yubico PHP module.

Definition at line 63 of file YubiKey.php.

◆ $yubi_key

sspmod_authYubiKey_Auth_Source_YubiKey::$yubi_key
private

Definition at line 64 of file YubiKey.php.

◆ AUTHID

const sspmod_authYubiKey_Auth_Source_YubiKey::AUTHID = 'sspmod_authYubiKey_Auth_Source_YubiKey.AuthId'

The key of the AuthId field in the state.

Definition at line 58 of file YubiKey.php.

Referenced by authenticate().

◆ STAGEID

const sspmod_authYubiKey_Auth_Source_YubiKey::STAGEID = 'sspmod_authYubiKey_Auth_Source_YubiKey.state'

The string used to identify our states.

Definition at line 47 of file YubiKey.php.

◆ TOKENSIZE

const sspmod_authYubiKey_Auth_Source_YubiKey::TOKENSIZE = 32

The number of characters of the OTP that is the secure token.

The rest is the user id.

Definition at line 53 of file YubiKey.php.

The documentation for this class was generated from the following file: