ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Static Public Member Functions | Data Fields | Protected Member Functions | Private Attributes
sspmod_authYubiKey_Auth_Source_YubiKey Class Reference
+ Inheritance diagram for sspmod_authYubiKey_Auth_Source_YubiKey:
+ Collaboration diagram for sspmod_authYubiKey_Auth_Source_YubiKey:

Public Member Functions

 __construct ($info, $config)
 Constructor for this authentication source. More...
 
 authenticate (&$state)
 Initialize login. More...
 
- Public Member Functions inherited from SimpleSAML_Auth_Source
 __construct ($info, &$config)
 Constructor for an authentication source. More...
 
 getAuthId ()
 Retrieve the ID of this authentication source. More...
 
 authenticate (&$state)
 Process a request. More...
 
 reauthenticate (array &$state)
 Reauthenticate an user. More...
 
 initLogin ($return, $errorURL=null, array $params=array())
 Start authentication. More...
 
 logout (&$state)
 Log out from this authentication source. More...
 

Static Public Member Functions

static handleLogin ($authStateId, $otp)
 Handle login request. More...
 
static getYubiKeyPrefix ($otp)
 Return the user id part of a one time passord. More...
 
- Static Public Member Functions inherited from SimpleSAML_Auth_Source
static getSourcesOfType ($type)
 Get sources of a specific type. More...
 
static completeAuth (&$state)
 Complete authentication. More...
 
static loginCompleted ($state)
 Called when a login operation has finished. More...
 
static completeLogout (&$state)
 Complete logout. More...
 
static getById ($authId, $type=null)
 Retrieve authentication source. More...
 
static logoutCallback ($state)
 Called when the authentication source receives an external logout request. More...
 
static getSources ()
 Retrieve list of authentication sources. More...
 

Data Fields

const STAGEID = 'sspmod_authYubiKey_Auth_Source_YubiKey.state'
 The string used to identify our states. More...
 
const TOKENSIZE = 32
 The number of characters of the OTP that is the secure token. More...
 
const AUTHID = 'sspmod_authYubiKey_Auth_Source_YubiKey.AuthId'
 The key of the AuthId field in the state. More...
 

Protected Member Functions

 login ($otp)
 Attempt to log in using the given username and password. More...
 
- Protected Member Functions inherited from SimpleSAML_Auth_Source
 addLogoutCallback ($assoc, $state)
 Add a logout callback association. More...
 
 callLogoutCallback ($assoc)
 Call a logout callback based on association. More...
 

Private Attributes

 $yubi_id
 The client id/key for use with the Auth_Yubico PHP module. More...
 
 $yubi_key
 

Additional Inherited Members

- Static Protected Member Functions inherited from SimpleSAML_Auth_Source
static validateSource ($source, $id)
 Make sure that the first element of an auth source is its identifier. More...
 
- Protected Attributes inherited from SimpleSAML_Auth_Source
 $authId
 

Detailed Description

Definition at line 42 of file YubiKey.php.

Constructor & Destructor Documentation

◆ __construct()

sspmod_authYubiKey_Auth_Source_YubiKey::__construct (   $info,
  $config 
)

Constructor for this authentication source.

Parameters
array$infoInformation about this authentication source.
array$configConfiguration.

Definition at line 72 of file YubiKey.php.

References $config, and $info.

72  {
73  assert('is_array($info)');
74  assert('is_array($config)');
75 
76  // Call the parent constructor first, as required by the interface
77  parent::__construct($info, $config);
78 
79  if (array_key_exists('id', $config)) {
80  $this->yubi_id = $config['id'];
81  }
82 
83  if (array_key_exists('key', $config)) {
84  $this->yubi_key = $config['key'];
85  }
86  }
$info
$info
Definition: index.php:5

Member Function Documentation

◆ authenticate()

sspmod_authYubiKey_Auth_Source_YubiKey::authenticate ( $state)

Initialize login.

This function saves the information about the login, and redirects to a login page.

Parameters
array&$stateInformation about the current authentication.

Definition at line 97 of file YubiKey.php.

References SimpleSAML_Auth_Source\$authId, $id, $state, $url, array, SimpleSAML\Module\getModuleURL(), SimpleSAML\Utils\HTTP\redirectTrustedURL(), and SimpleSAML_Auth_State\saveState().

97  {
98  assert('is_array($state)');
99 
100  // We are going to need the authId in order to retrieve this authentication source later
101  $state[self::AUTHID] = $this->authId;
102 
103  $id = SimpleSAML_Auth_State::saveState($state, self::STAGEID);
104 
105  $url = SimpleSAML\Module::getModuleURL('authYubiKey/yubikeylogin.php');
106  \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('AuthState' => $id));
107  }
SimpleSAML_Auth_Source\$authId
$authId
Definition: Source.php:22
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
SimpleSAML\Utils\HTTP\redirectTrustedURL
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:962
SimpleSAML\Module\getModuleURL
static getModuleURL($resource, array $parameters=array())
Get absolute URL to a specified module resource.
Definition: Module.php:303
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$url
$url
Definition: proxy_ylocal.php:28
SimpleSAML_Auth_State\saveState
static saveState(&$state, $stage, $rawId=false)
Save the state.
Definition: State.php:194
+ Here is the call graph for this function:

◆ getYubiKeyPrefix()

static sspmod_authYubiKey_Auth_Source_YubiKey::getYubiKeyPrefix (   $otp)
static

Return the user id part of a one time passord.

Definition at line 162 of file YubiKey.php.

162  {
163  $uid = substr ($otp, 0, strlen ($otp) - self::TOKENSIZE);
164  return $uid;
165  }

◆ handleLogin()

static sspmod_authYubiKey_Auth_Source_YubiKey::handleLogin (   $authStateId,
  $otp 
)
static

Handle login request.

This function is used by the login form (core/www/loginuserpass.php) when the user enters a username and password. On success, it will not return. On wrong username/password failure, it will return the error code. Other failures will throw an exception.

Parameters
string$authStateIdThe identifier of the authentication state.
string$otpThe one time password entered-
Returns
string Error code in the case of an error.

Definition at line 122 of file YubiKey.php.

References $attributes, $authStateId, $source, $state, SimpleSAML_Auth_Source\completeAuth(), SimpleSAML_Auth_Source\getById(), SimpleSAML_Error_Error\getErrorCode(), and SimpleSAML_Auth_State\loadState().

122  {
123  assert('is_string($authStateId)');
124  assert('is_string($otp)');
125 
126  /* Retrieve the authentication state. */
127  $state = SimpleSAML_Auth_State::loadState($authStateId, self::STAGEID);
128 
129  /* Find authentication source. */
130  assert('array_key_exists(self::AUTHID, $state)');
131  $source = SimpleSAML_Auth_Source::getById($state[self::AUTHID]);
132  if ($source === NULL) {
133  throw new Exception('Could not find authentication source with id ' . $state[self::AUTHID]);
134  }
135 
136 
137  try {
138  /* Attempt to log in. */
139  $attributes = $source->login($otp);
140  } catch (SimpleSAML_Error_Error $e) {
141  /* An error occurred during login. Check if it is because of the wrong
142  * username/password - if it is, we pass that error up to the login form,
143  * if not, we let the generic error handler deal with it.
144  */
145  if ($e->getErrorCode() === 'WRONGUSERPASS') {
146  return 'WRONGUSERPASS';
147  }
148 
149  /* Some other error occurred. Rethrow exception and let the generic error
150  * handler deal with it.
151  */
152  throw $e;
153  }
154 
155  $state['Attributes'] = $attributes;
156  SimpleSAML_Auth_Source::completeAuth($state);
157  }
$attributes
$attributes
Definition: serviceValidate.php:33
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
SimpleSAML_Error_Error
Definition: Error.php:10
SimpleSAML_Auth_State\loadState
static loadState($id, $stage, $allowMissing=false)
Retrieve saved state.
Definition: State.php:259
SimpleSAML_Auth_Source\completeAuth
static completeAuth(&$state)
Complete authentication.
Definition: Source.php:135
$source
$source
Definition: linkback.php:22
SimpleSAML_Auth_Source\getById
static getById($authId, $type=null)
Retrieve authentication source.
Definition: Source.php:324
$authStateId
if(!array_key_exists('AuthState', $_REQUEST)) $authStateId
Definition: yubikeylogin.php:15
SimpleSAML_Error_Error\getErrorCode
getErrorCode()
Retrieve the error code given when throwing this error.
Definition: Error.php:129
+ Here is the call graph for this function:

◆ login()

sspmod_authYubiKey_Auth_Source_YubiKey::login (   $otp)
protected

Attempt to log in using the given username and password.

On a successful login, this function should return the users attributes. On failure, it should throw an exception. If the error was caused by the user entering the wrong username or password, a SimpleSAML_Error_Error('WRONGUSERPASS') should be thrown.

Note that both the username and the password are UTF-8 encoded.

Parameters
string$usernameThe username the user wrote.
string$passwordThe password the user wrote.
Returns
array Associative array with the users attributes.

Definition at line 180 of file YubiKey.php.

References $attributes, $auth, array, and SimpleSAML\Logger\info().

180  {
181  assert('is_string($otp)');
182 
183  require_once dirname(dirname(dirname(dirname(__FILE__)))) . '/libextinc/Yubico.php';
184 
185  $attributes = array();
186 
187  try {
188  $yubi = new Auth_Yubico($this->yubi_id, $this->yubi_key);
189  $auth = $yubi->verify($otp);
190  $uid = self::getYubiKeyPrefix($otp);
191  $attributes = array('uid' => array($uid));
192  } catch (Exception $e) {
193  SimpleSAML\Logger::info('YubiKey:' . $this->authId . ': Validation error (otp ' . $otp . '), debug output: ' . $yubi->getLastResponse());
194 
195  throw new SimpleSAML_Error_Error('WRONGUSERPASS', $e);
196  }
197 
198  SimpleSAML\Logger::info('YubiKey:' . $this->authId . ': YubiKey otp ' . $otp . ' validated successfully: ' . $yubi->getLastResponse());
199 
200  return $attributes;
201  }
Auth_Yubico
$auth
$auth
Definition: metadata.php:48
$attributes
$attributes
Definition: serviceValidate.php:33
SimpleSAML\Logger\info
static info($string)
Definition: Logger.php:201
SimpleSAML_Error_Error
Definition: Error.php:10
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
+ Here is the call graph for this function:

Field Documentation

◆ $yubi_id

sspmod_authYubiKey_Auth_Source_YubiKey::$yubi_id
private

The client id/key for use with the Auth_Yubico PHP module.

Definition at line 63 of file YubiKey.php.

◆ $yubi_key

sspmod_authYubiKey_Auth_Source_YubiKey::$yubi_key
private

Definition at line 64 of file YubiKey.php.

◆ AUTHID

const sspmod_authYubiKey_Auth_Source_YubiKey::AUTHID = 'sspmod_authYubiKey_Auth_Source_YubiKey.AuthId'

The key of the AuthId field in the state.

Definition at line 58 of file YubiKey.php.

◆ STAGEID

const sspmod_authYubiKey_Auth_Source_YubiKey::STAGEID = 'sspmod_authYubiKey_Auth_Source_YubiKey.state'

The string used to identify our states.

Definition at line 47 of file YubiKey.php.

◆ TOKENSIZE

const sspmod_authYubiKey_Auth_Source_YubiKey::TOKENSIZE = 32

The number of characters of the OTP that is the secure token.

The rest is the user id.

Definition at line 53 of file YubiKey.php.

The documentation for this class was generated from the following file: