ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Public Member Functions | Private Attributes
Auth_Yubico Class Reference

Class for verifying Yubico One-Time-Passcodes. More...

+ Collaboration diagram for Auth_Yubico:

Public Member Functions

 __construct ($id, $key='')
 Constructor. More...
 
 getLastResponse ()
 Return the last data received from the server, if any. More...
 
 verify ($token)
 Verify Yubico OTP. More...
 

Private Attributes

 $_id
 
 $_key
 
 $_response
 

Detailed Description

Class for verifying Yubico One-Time-Passcodes.

Simple example: require_once 'Auth/Yubico.php'; $yubi = &new Auth_Yubico('42'); $auth = $yubi->verify("ccbbddeertkrctjkkcglfndnlihhnvekchkcctif"); if (PEAR::isError($auth)) { print "<p>Authentication failed: " . $auth->getMessage(); print "<p>Debug output from server: " . $yubi->getLastResponse(); } else { print "<p>You are authenticated!"; }

Definition at line 59 of file Yubico.php.

Constructor & Destructor Documentation

◆ __construct()

Auth_Yubico::__construct (   $id,
  $key = '' 
)

Constructor.

Sets up the object

Parameters
stringThe client identity
stringThe client MAC key (optional) public

Definition at line 91 of file Yubico.php.

References $id, and $key.

92  {
93  $this->_id = $id;
94  $this->_key = base64_decode($key);
95  }
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
$key
$key
Definition: croninfo.php:18

Member Function Documentation

◆ getLastResponse()

Auth_Yubico::getLastResponse ( )

Return the last data received from the server, if any.

Returns
string Output from server. public

Definition at line 103 of file Yubico.php.

References $_response.

104  {
105  return $this->_response;
106  }
Auth_Yubico\$_response
$_response
Definition: Yubico.php:81

◆ verify()

Auth_Yubico::verify (   $token)

Verify Yubico OTP.

Parameters
string$tokenYubico OTP
Returns
mixed PEAR error on error, true otherwise public

Definition at line 117 of file Yubico.php.

References $out, $response, $row, $rows, PHPMailer\PHPMailer\$token, $url, and SimpleSAML\Utils\HTTP\fetch().

118  {
119  $parameters = "id=" . $this->_id . "&otp=" . $token;
120  // Generate signature
121  if ($this->_key <> "") {
122  $signature = base64_encode(hash_hmac('sha1', $parameters, $this->_key, true));
123  $parameters .= '&h=' . $signature;
124  }
125  /* Support https. */
126  $url = "https://api.yubico.com/wsapi/verify?" . $parameters;
127 
128  $responseMsg = \SimpleSAML\Utils\HTTP::fetch($url);
129 
130  if (!preg_match("/status=([a-zA-Z0-9_]+)/", $responseMsg, $out)) {
131  throw new Exception('Could not parse response');
132  }
133 
134  $status = $out[1];
135 
136  /* Verify signature. */
137  if ($this->_key <> "") {
138  $rows = explode("\r\n", $responseMsg);
139  $response = array();
140  foreach ($rows as $val) {
141  // = is also used in BASE64 encoding so we only replace the first = by # which is not used in BASE64
142  $val = preg_replace('/=/', '#', $val, 1);
143  $row = explode("#", $val);
144  $response[$row[0]] = (isset($row[1])) ? $row[1] : "";
145  }
146 
147  $check = 'status=' . $response['status'] . '&t='. $response['t'];
148  $checksignature = base64_encode(hash_hmac('sha1', $check, $this->_key, true));
149 
150  if ($response['h'] != $checksignature) {
151  throw new Exception('Checked Signature failed');
152  }
153  }
154 
155  if ($status != 'OK') {
156  throw new Exception('Status was not OK: ' . $status);
157  }
158 
159  return true;
160  }
SimpleSAML\Utils\HTTP\fetch
static fetch($url, $context=array(), $getHeaders=false)
Helper function to retrieve a file or URL with proxy support, also supporting proxy basic authorizati...
Definition: HTTP.php:408
$row
$row
Definition: migrateto20.php:360
$rows
$rows
Definition: xhr_table.php:10
$url
$url
Definition: proxy_ylocal.php:28
$response
$response
Definition: proxy_ylocal.php:39
+ Here is the call graph for this function:

Field Documentation

◆ $_id

Auth_Yubico::$_id
private

Definition at line 69 of file Yubico.php.

◆ $_key

Auth_Yubico::$_key
private

Definition at line 75 of file Yubico.php.

◆ $_response

Auth_Yubico::$_response
private

Definition at line 81 of file Yubico.php.

Referenced by getLastResponse().

The documentation for this class was generated from the following file: