d1/d0c/YubiKey_8php_source.html

<?php


/*

 * Copyright (C) 2009  Andreas Åkre Solberg <andreas.solberg@uninett.no>

 * Copyright (C) 2009  Simon Josefsson <simon@yubico.com>.

 *

 * This file is part of SimpleSAMLphp

 *

 * SimpleSAMLphp is free software; you can redistribute it and/or

 * modify it under the terms of the GNU Lesser General Public License

 * as published by the Free Software Foundation; either version 3 of

 * the License, or (at your option) any later version.

 *

 * SimpleSAMLphp is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

 * Lesser General Public License for more details.

 *

 * You should have received a copy of the GNU Lesser General Public

 * License License along with GNU SASL Library; if not, write to the

 * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,

 * Boston, MA 02110-1301, USA.

 *

 */


class sspmod_authYubiKey_Auth_Source_YubiKey extends SimpleSAML_Auth_Source

{

    const STAGEID = 'sspmod_authYubiKey_Auth_Source_YubiKey.state';


    const TOKENSIZE = 32;


    const AUTHID = 'sspmod_authYubiKey_Auth_Source_YubiKey.AuthId';


    private $yubi_id;

    private $yubi_key;


    public function __construct($info, $config)

    {

        assert(is_array($info));

        assert(is_array($config));


        // Call the parent constructor first, as required by the interface

        parent::__construct($info, $config);


        if (array_key_exists('id', $config)) {

            $this->yubi_id = $config['id'];

        }


        if (array_key_exists('key', $config)) {

            $this->yubi_key = $config['key'];

        }

    }


    public function authenticate(&$state)

    {

        assert(is_array($state));


        // We are going to need the authId in order to retrieve this authentication source later

        $state[self::AUTHID] = $this->authId;


        $id = SimpleSAML_Auth_State::saveState($state, self::STAGEID);

        $url = SimpleSAML\Module::getModuleURL('authYubiKey/yubikeylogin.php');

        \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('AuthState' => $id));

    }


    public static function handleLogin($authStateId, $otp)

    {

        assert(is_string($authStateId));

        assert(is_string($otp));


        /* Retrieve the authentication state. */

        $state = SimpleSAML_Auth_State::loadState($authStateId, self::STAGEID);


        /* Find authentication source. */

        assert(array_key_exists(self::AUTHID, $state));

        $source = SimpleSAML_Auth_Source::getById($state[self::AUTHID]);

        if ($source === null) {

            throw new Exception('Could not find authentication source with id '.$state[self::AUTHID]);

        }


        try {

            /* Attempt to log in. */

            $attributes = $source->login($otp);

        } catch (SimpleSAML_Error_Error $e) {

            /* An error occurred during login. Check if it is because of the wrong

             * username/password - if it is, we pass that error up to the login form,

             * if not, we let the generic error handler deal with it.

             */

            if ($e->getErrorCode() === 'WRONGUSERPASS') {

                return 'WRONGUSERPASS';

            }


            /* Some other error occurred. Rethrow exception and let the generic error

             * handler deal with it.

             */

            throw $e;

        }


        $state['Attributes'] = $attributes;

        SimpleSAML_Auth_Source::completeAuth($state);

    }


    public static function getYubiKeyPrefix($otp)

    {

        $uid = substr($otp, 0, strlen ($otp) - self::TOKENSIZE);

        return $uid;

    }


    protected function login($otp)

    {

        assert(is_string($otp));


        require_once dirname(dirname(dirname(dirname(__FILE__)))).'/libextinc/Yubico.php';


        try {

            $yubi = new Auth_Yubico($this->yubi_id, $this->yubi_key);

            $yubi->verify($otp);

            $uid = self::getYubiKeyPrefix($otp);

            $attributes = array('uid' => array($uid));

        } catch (Exception $e) {

            SimpleSAML\Logger::info('YubiKey:'.$this->authId.': Validation error (otp '.$otp.'), debug output: '.$yubi->getLastResponse());

            throw new SimpleSAML_Error_Error('WRONGUSERPASS', $e);

        }


        SimpleSAML\Logger::info('YubiKey:'.$this->authId.': YubiKey otp '.$otp.' validated successfully: '.$yubi->getLastResponse());

        return $attributes;

    }

}

$source
$source
Definition: linkback.php:22

$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10

php
An exception for terminatinating execution or to throw for unit testing.

SimpleSAML\Logger\info
static info($string)
Definition: Logger.php:199

SimpleSAML\Module\getModuleURL
static getModuleURL($resource, array $parameters=array())
Get absolute URL to a specified module resource.
Definition: Module.php:220

SimpleSAML\Utils\HTTP\redirectTrustedURL
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:959

SimpleSAML_Auth_Source
Definition: Source.php:14

SimpleSAML_Auth_Source\getById
static getById($authId, $type=null)
Retrieve authentication source.
Definition: Source.php:340

SimpleSAML_Auth_Source\completeAuth
static completeAuth(&$state)
Complete authentication.
Definition: Source.php:136

SimpleSAML_Auth_Source\$authId
$authId
Definition: Source.php:23

SimpleSAML_Auth_State\saveState
static saveState(&$state, $stage, $rawId=false)
Save the state.
Definition: State.php:194

SimpleSAML_Auth_State\loadState
static loadState($id, $stage, $allowMissing=false)
Retrieve saved state.
Definition: State.php:259

SimpleSAML_Error_Error
Definition: Error.php:11

SimpleSAML_Error_Error\getErrorCode
getErrorCode()
Retrieve the error code given when throwing this error.
Definition: Error.php:120

sspmod_authYubiKey_Auth_Source_YubiKey
Definition: YubiKey.php:44

sspmod_authYubiKey_Auth_Source_YubiKey\__construct
__construct($info, $config)
Constructor for this authentication source.
Definition: YubiKey.php:73

sspmod_authYubiKey_Auth_Source_YubiKey\AUTHID
const AUTHID
The key of the AuthId field in the state.
Definition: YubiKey.php:59

sspmod_authYubiKey_Auth_Source_YubiKey\TOKENSIZE
const TOKENSIZE
The number of characters of the OTP that is the secure token.
Definition: YubiKey.php:54

sspmod_authYubiKey_Auth_Source_YubiKey\login
login($otp)
Attempt to log in using the given username and password.
Definition: YubiKey.php:182

sspmod_authYubiKey_Auth_Source_YubiKey\$yubi_id
$yubi_id
The client id/key for use with the Auth_Yubico PHP module.
Definition: YubiKey.php:64

sspmod_authYubiKey_Auth_Source_YubiKey\authenticate
authenticate(&$state)
Initialize login.
Definition: YubiKey.php:99

sspmod_authYubiKey_Auth_Source_YubiKey\handleLogin
static handleLogin($authStateId, $otp)
Handle login request.
Definition: YubiKey.php:124

sspmod_authYubiKey_Auth_Source_YubiKey\$yubi_key
$yubi_key
Definition: YubiKey.php:65

sspmod_authYubiKey_Auth_Source_YubiKey\getYubiKeyPrefix
static getYubiKeyPrefix($otp)
Return the user id part of a one time passord.
Definition: YubiKey.php:164

sspmod_authYubiKey_Auth_Source_YubiKey\STAGEID
const STAGEID
The string used to identify our states.
Definition: YubiKey.php:48

$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14

$attributes
if(array_key_exists('yes', $_REQUEST)) $attributes
Definition: getconsent.php:85

$config
$config
Definition: bootstrap.php:15

$info
$info
Definition: index.php:5

Auth_Yubico

$url
$url
Definition: proxy_ylocal.php:28

$authStateId
if(!array_key_exists('AuthState', $_REQUEST)) $authStateId
Definition: yubikeylogin.php:15