Inheritance diagram for sspmod_authYubiKey_Auth_Source_YubiKey:

Collaboration diagram for sspmod_authYubiKey_Auth_Source_YubiKey:

Public Member Functions
	__construct ($info, $config)
	Constructor for this authentication source. More...

	authenticate (&$state)
	Initialize login. More...

Public Member Functions inherited from SimpleSAML_Auth_Source
	__construct ($info, &$config)
	Constructor for an authentication source. More...

	getAuthId ()
	Retrieve the ID of this authentication source. More...

	authenticate (&$state)
	Process a request. More...

	reauthenticate (array &$state)
	Reauthenticate an user. More...

	initLogin ($return, $errorURL=null, array $params=array())
	Start authentication. More...

	logout (&$state)
	Log out from this authentication source. More...

Static Public Member Functions
static	handleLogin ($authStateId, $otp)
	Handle login request. More...

static	getYubiKeyPrefix ($otp)
	Return the user id part of a one time passord. More...

Static Public Member Functions inherited from SimpleSAML_Auth_Source
static	getSourcesOfType ($type)
	Get sources of a specific type. More...

static	completeAuth (&$state)
	Complete authentication. More...

static	loginCompleted ($state)
	Called when a login operation has finished. More...

static	completeLogout (&$state)
	Complete logout. More...

static	getById ($authId, $type=null)
	Retrieve authentication source. More...

static	logoutCallback ($state)
	Called when the authentication source receives an external logout request. More...

static	getSources ()
	Retrieve list of authentication sources. More...

Data Fields
const	STAGEID = 'sspmod_authYubiKey_Auth_Source_YubiKey.state'
	The string used to identify our states. More...

const	TOKENSIZE = 32
	The number of characters of the OTP that is the secure token. More...

const	AUTHID = 'sspmod_authYubiKey_Auth_Source_YubiKey.AuthId'
	The key of the AuthId field in the state. More...

Protected Member Functions
	login ($otp)
	Attempt to log in using the given username and password. More...

Protected Member Functions inherited from SimpleSAML_Auth_Source
	addLogoutCallback ($assoc, $state)
	Add a logout callback association. More...

	callLogoutCallback ($assoc)
	Call a logout callback based on association. More...

Private Attributes
	$yubi_id
	The client id/key for use with the Auth_Yubico PHP module. More...

	$yubi_key

Additional Inherited Members
Static Protected Member Functions inherited from SimpleSAML_Auth_Source
static	validateSource ($source, $id)
	Make sure that the first element of an auth source is its identifier. More...

Protected Attributes inherited from SimpleSAML_Auth_Source
	$authId

Detailed Description

Definition at line 43 of file YubiKey.php.

Constructor & Destructor Documentation

◆ __construct()

sspmod_authYubiKey_Auth_Source_YubiKey::__construct	(	$info,
		$config
	)

Constructor for this authentication source.

Parameters

array	$info	Information about this authentication source.
array	$config	Configuration.

Definition at line 73 of file YubiKey.php.

    {
        assert(is_array($info));
        assert(is_array($config));
 
        // Call the parent constructor first, as required by the interface
        parent::__construct($info, $config);
 
        if (array_key_exists('id', $config)) {
            $this->yubi_id = $config['id'];
        }
 
        if (array_key_exists('key', $config)) {
            $this->yubi_key = $config['key'];
        }
    }

References $config, and $info.

Member Function Documentation

◆ authenticate()

sspmod_authYubiKey_Auth_Source_YubiKey::authenticate ( & $state )

Initialize login.

This function saves the information about the login, and redirects to a login page.

Parameters

array &$state Information about the current authentication.

Reimplemented from SimpleSAML_Auth_Source.

Definition at line 99 of file YubiKey.php.

    {
        assert(is_array($state));
 
        // We are going to need the authId in order to retrieve this authentication source later
        $state[self::AUTHID] = $this->authId;
 
        $id = SimpleSAML_Auth_State::saveState($state, self::STAGEID);
        $url = SimpleSAML\Module::getModuleURL('authYubiKey/yubikeylogin.php');
        \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('AuthState' => $id));
    }

References SimpleSAML_Auth_Source\$authId, $id, $state, $url, AUTHID, SimpleSAML\Module\getModuleURL(), SimpleSAML\Utils\HTTP\redirectTrustedURL(), and SimpleSAML_Auth_State\saveState().

Here is the call graph for this function:

◆ getYubiKeyPrefix()

static sspmod_authYubiKey_Auth_Source_YubiKey::getYubiKeyPrefix ( $otp )

static

Return the user id part of a one time passord.

Definition at line 164 of file YubiKey.php.

    {
        $uid = substr($otp, 0, strlen ($otp) - self::TOKENSIZE);
        return $uid;
    }

Referenced by login().

Here is the caller graph for this function:

◆ handleLogin()

static sspmod_authYubiKey_Auth_Source_YubiKey::handleLogin	(	$authStateId,
		$otp
	)

static

Handle login request.

This function is used by the login form (core/www/loginuserpass.php) when the user enters a username and password. On success, it will not return. On wrong username/password failure, it will return the error code. Other failures will throw an exception.

Parameters

string	$authStateId	The identifier of the authentication state.
string	$otp	The one time password entered-

Returns: string Error code in the case of an error.

Definition at line 124 of file YubiKey.php.

    {
        assert(is_string($authStateId));
        assert(is_string($otp));
 
        /* Retrieve the authentication state. */
        $state = SimpleSAML_Auth_State::loadState($authStateId, self::STAGEID);
 
        /* Find authentication source. */
        assert(array_key_exists(self::AUTHID, $state));
        $source = SimpleSAML_Auth_Source::getById($state[self::AUTHID]);
        if ($source === null) {
            throw new Exception('Could not find authentication source with id '.$state[self::AUTHID]);
        }
 
        try {
            /* Attempt to log in. */
            $attributes = $source->login($otp);
        } catch (SimpleSAML_Error_Error $e) {
            /* An error occurred during login. Check if it is because of the wrong
             * username/password - if it is, we pass that error up to the login form,
             * if not, we let the generic error handler deal with it.
             */
            if ($e->getErrorCode() === 'WRONGUSERPASS') {
                return 'WRONGUSERPASS';
            }
 
            /* Some other error occurred. Rethrow exception and let the generic error
             * handler deal with it.
             */
            throw $e;
        }
 
        $state['Attributes'] = $attributes;
        SimpleSAML_Auth_Source::completeAuth($state);
    }

References $attributes, $authStateId, $source, $state, SimpleSAML_Auth_Source\completeAuth(), SimpleSAML_Auth_Source\getById(), SimpleSAML_Error_Error\getErrorCode(), and SimpleSAML_Auth_State\loadState().

Here is the call graph for this function:

◆ login()

sspmod_authYubiKey_Auth_Source_YubiKey::login ( $otp )

protected

Attempt to log in using the given username and password.

On a successful login, this function should return the users attributes. On failure, it should throw an exception. If the error was caused by the user entering the wrong username or password, a SimpleSAML_Error_Error('WRONGUSERPASS') should be thrown.

Note that both the username and the password are UTF-8 encoded.

Parameters

string $otp

Returns: array Associative array with the users attributes.

Definition at line 182 of file YubiKey.php.

    {
        assert(is_string($otp));
 
        require_once dirname(dirname(dirname(dirname(__FILE__)))).'/libextinc/Yubico.php';
 
        try {
            $yubi = new Auth_Yubico($this->yubi_id, $this->yubi_key);
            $yubi->verify($otp);
            $uid = self::getYubiKeyPrefix($otp);
            $attributes = array('uid' => array($uid));
        } catch (Exception $e) {
            SimpleSAML\Logger::info('YubiKey:'.$this->authId.': Validation error (otp '.$otp.'), debug output: '.$yubi->getLastResponse());
            throw new SimpleSAML_Error_Error('WRONGUSERPASS', $e);
        }
 
        SimpleSAML\Logger::info('YubiKey:'.$this->authId.': YubiKey otp '.$otp.' validated successfully: '.$yubi->getLastResponse());
        return $attributes;
    }

References $attributes, getYubiKeyPrefix(), and SimpleSAML\Logger\info().

Here is the call graph for this function:

Field Documentation

◆ $yubi_id

sspmod_authYubiKey_Auth_Source_YubiKey::$yubi_id

private

The client id/key for use with the Auth_Yubico PHP module.

Definition at line 64 of file YubiKey.php.

◆ $yubi_key

sspmod_authYubiKey_Auth_Source_YubiKey::$yubi_key

private

Definition at line 65 of file YubiKey.php.

◆ AUTHID

const sspmod_authYubiKey_Auth_Source_YubiKey::AUTHID = 'sspmod_authYubiKey_Auth_Source_YubiKey.AuthId'

The key of the AuthId field in the state.

Definition at line 59 of file YubiKey.php.

Referenced by authenticate().

◆ STAGEID

const sspmod_authYubiKey_Auth_Source_YubiKey::STAGEID = 'sspmod_authYubiKey_Auth_Source_YubiKey.state'

The string used to identify our states.

Definition at line 48 of file YubiKey.php.

◆ TOKENSIZE

const sspmod_authYubiKey_Auth_Source_YubiKey::TOKENSIZE = 32

The number of characters of the OTP that is the secure token.

The rest is the user id.

Definition at line 54 of file YubiKey.php.

The documentation for this class was generated from the following file:

libs/composer/vendor/simplesamlphp/simplesamlphp/modules/authYubiKey/lib/Auth/Source/YubiKey.php

Public Member Functions

Static Public Member Functions

Data Fields

Protected Member Functions

Private Attributes

Additional Inherited Members

Detailed Description

Constructor & Destructor Documentation

◆ __construct()

Member Function Documentation

◆ authenticate()

◆ getYubiKeyPrefix()

◆ handleLogin()

◆ login()

Field Documentation

◆ $yubi_id

◆ $yubi_key

◆ AUTHID

◆ STAGEID

◆ TOKENSIZE