d1/d0c/YubiKey_8php_source.html

 <?php

 /*
  * Copyright (C) 2009  Andreas Åkre Solberg <andreas.solberg@uninett.no>
  * Copyright (C) 2009  Simon Josefsson <simon@yubico.com>.
  *
  * This file is part of SimpleSAMLphp
  *
  * SimpleSAMLphp is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public License
  * as published by the Free Software Foundation; either version 3 of
  * the License, or (at your option) any later version.
  *
  * SimpleSAMLphp is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  * Lesser General Public License for more details.
  *
  * You should have received a copy of the GNU Lesser General Public
  * License License along with GNU SASL Library; if not, write to the
  * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
  * Boston, MA 02110-1301, USA.
  *
  */

 class sspmod_authYubiKey_Auth_Source_YubiKey extends SimpleSAML_Auth_Source
 {
     const STAGEID = 'sspmod_authYubiKey_Auth_Source_YubiKey.state';

     const TOKENSIZE = 32;

     const AUTHID = 'sspmod_authYubiKey_Auth_Source_YubiKey.AuthId';

     private $yubi_id;
     private $yubi_key;

     public function __construct($info, $config)
     {
         assert(is_array($info));
         assert(is_array($config));

         // Call the parent constructor first, as required by the interface
         parent::__construct($info, $config);

         if (array_key_exists('id', $config)) {
             $this->yubi_id = $config['id'];
         }

         if (array_key_exists('key', $config)) {
             $this->yubi_key = $config['key'];
         }
     }


     public function authenticate(&$state)
     {
         assert(is_array($state));

         // We are going to need the authId in order to retrieve this authentication source later
         $state[self::AUTHID] = $this->authId;

         $id = SimpleSAML_Auth_State::saveState($state, self::STAGEID);
         $url = SimpleSAML\Module::getModuleURL('authYubiKey/yubikeylogin.php');
         \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('AuthState' => $id));
     }


     public static function handleLogin($authStateId, $otp)
     {
         assert(is_string($authStateId));
         assert(is_string($otp));

         /* Retrieve the authentication state. */
         $state = SimpleSAML_Auth_State::loadState($authStateId, self::STAGEID);

         /* Find authentication source. */
         assert(array_key_exists(self::AUTHID, $state));
         $source = SimpleSAML_Auth_Source::getById($state[self::AUTHID]);
         if ($source === null) {
             throw new Exception('Could not find authentication source with id '.$state[self::AUTHID]);
         }

         try {
             /* Attempt to log in. */
             $attributes = $source->login($otp);
         } catch (SimpleSAML_Error_Error $e) {
             /* An error occurred during login. Check if it is because of the wrong
              * username/password - if it is, we pass that error up to the login form,
              * if not, we let the generic error handler deal with it.
              */
             if ($e->getErrorCode() === 'WRONGUSERPASS') {
                 return 'WRONGUSERPASS';
             }

             /* Some other error occurred. Rethrow exception and let the generic error
              * handler deal with it.
              */
             throw $e;
         }

         $state['Attributes'] = $attributes;
         SimpleSAML_Auth_Source::completeAuth($state);
     }

     public static function getYubiKeyPrefix($otp)
     {
         $uid = substr($otp, 0, strlen ($otp) - self::TOKENSIZE);
         return $uid;
     }

     protected function login($otp)
     {
         assert(is_string($otp));

         require_once dirname(dirname(dirname(dirname(__FILE__)))).'/libextinc/Yubico.php';

         try {
             $yubi = new Auth_Yubico($this->yubi_id, $this->yubi_key);
             $yubi->verify($otp);
             $uid = self::getYubiKeyPrefix($otp);
             $attributes = array('uid' => array($uid));
         } catch (Exception $e) {
             SimpleSAML\Logger::info('YubiKey:'.$this->authId.': Validation error (otp '.$otp.'), debug output: '.$yubi->getLastResponse());
             throw new SimpleSAML_Error_Error('WRONGUSERPASS', $e);
         }

         SimpleSAML\Logger::info('YubiKey:'.$this->authId.': YubiKey otp '.$otp.' validated successfully: '.$yubi->getLastResponse());
         return $attributes;
     }
 }
Auth_Yubico

sspmod_authYubiKey_Auth_Source_YubiKey\getYubiKeyPrefix
static getYubiKeyPrefix($otp)
Return the user id part of a one time passord.
Definition: YubiKey.php:164

sspmod_authYubiKey_Auth_Source_YubiKey\$yubi_id
$yubi_id
The client id/key for use with the Auth_Yubico PHP module.
Definition: YubiKey.php:64

$config
$config
Definition: bootstrap.php:15

sspmod_authYubiKey_Auth_Source_YubiKey\AUTHID
const AUTHID
The key of the AuthId field in the state.
Definition: YubiKey.php:59

sspmod_authYubiKey_Auth_Source_YubiKey\login
login($otp)
Attempt to log in using the given username and password.
Definition: YubiKey.php:182

sspmod_authYubiKey_Auth_Source_YubiKey\TOKENSIZE
const TOKENSIZE
The number of characters of the OTP that is the secure token.
Definition: YubiKey.php:54

SimpleSAML_Auth_Source

SimpleSAML_Auth_Source\$authId
$authId
Definition: Source.php:23

$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14

SimpleSAML\Utils\HTTP\redirectTrustedURL
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:959

sspmod_authYubiKey_Auth_Source_YubiKey\__construct
__construct($info, $config)
Constructor for this authentication source.
Definition: YubiKey.php:73

SimpleSAML\Module\getModuleURL
static getModuleURL($resource, array $parameters=array())
Get absolute URL to a specified module resource.
Definition: Module.php:220

$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10

SimpleSAML\Logger\info
static info($string)
Definition: Logger.php:199

SimpleSAML_Error_Error
Definition: Error.php:10

sspmod_authYubiKey_Auth_Source_YubiKey\authenticate
authenticate(&$state)
Initialize login.
Definition: YubiKey.php:99

SimpleSAML_Auth_State\loadState
static loadState($id, $stage, $allowMissing=false)
Retrieve saved state.
Definition: State.php:259

$attributes
if(array_key_exists('yes', $_REQUEST)) $attributes
Definition: getconsent.php:85

sspmod_authYubiKey_Auth_Source_YubiKey\STAGEID
const STAGEID
The string used to identify our states.
Definition: YubiKey.php:48

sspmod_authYubiKey_Auth_Source_YubiKey\handleLogin
static handleLogin($authStateId, $otp)
Handle login request.
Definition: YubiKey.php:124

php

$url
$url
Definition: proxy_ylocal.php:28

SimpleSAML_Auth_Source\completeAuth
static completeAuth(&$state)
Complete authentication.
Definition: Source.php:136

$source
$source
Definition: linkback.php:22

SimpleSAML_Auth_Source\getById
static getById($authId, $type=null)
Retrieve authentication source.
Definition: Source.php:340

$info
$info
Definition: index.php:5

$authStateId
if(!array_key_exists('AuthState', $_REQUEST)) $authStateId
Definition: yubikeylogin.php:15

SimpleSAML_Error_Error\getErrorCode
getErrorCode()
Retrieve the error code given when throwing this error.
Definition: Error.php:120

SimpleSAML_Auth_State\saveState
static saveState(&$state, $stage, $rawId=false)
Save the state.
Definition: State.php:194

sspmod_authYubiKey_Auth_Source_YubiKey
Definition: YubiKey.php:43

sspmod_authYubiKey_Auth_Source_YubiKey\$yubi_key
$yubi_key
Definition: YubiKey.php:65

Exception