function onStartLoginAction($action, $user) { $rawotp = $action->trimmed('otp'); //may want to parse later? $otp = Auth_Yubico::parsePasswordOTP($rawotp); if (!is_array($otp)) { common_log(LOG_ERR, 'Yubikey:: Could not parse One Time Passcode.'); $action->showForm('Could not parse Yubikey One Time Passcode.'); return false; } $identity = $otp['prefix']; $key = $otp['otp']; common_log(LOG_DEBUG, 'User: '******' OTP: ' . $key . ', prefix: ' . $identity); if (!User_yubikey::verifyYubikeyID($user->id, $identity)) { common_log(LOG_DEBUG, 'Yubikey:: User: '******' does not have a Yubikey on record.'); // Return true because they dont have a yubikey associated and can continue return true; } if ($this->_checkYubikeyOTP($key)) { return true; } else { $action->showForm(_('Yubikey authentication failed.')); return false; } }
static function verifyYubikeyID($user_id, $identity) { $yubikeyobj = User_yubikey::staticGet('user_id', $user_id); return $yubikeyobj->yubikey_id == $identity; }