function onStartLoginAction($action, $user)
{
$rawotp = $action->trimmed('otp');
//may want to parse later?
$otp = Auth_Yubico::parsePasswordOTP($rawotp);
if (!is_array($otp)) {
common_log(LOG_ERR, 'Yubikey:: Could not parse One Time Passcode.');
$action->showForm('Could not parse Yubikey One Time Passcode.');
return false;
}
$identity = $otp['prefix'];
$key = $otp['otp'];
common_log(LOG_DEBUG, 'User: '******' OTP: ' . $key . ', prefix: ' . $identity);
if (!User_yubikey::verifyYubikeyID($user->id, $identity)) {
common_log(LOG_DEBUG, 'Yubikey:: User: '******' does not have a Yubikey on record.');
// Return true because they dont have a yubikey associated and can continue
return true;
}
if ($this->_checkYubikeyOTP($key)) {
return true;
} else {
$action->showForm(_('Yubikey authentication failed.'));
return false;
}
}
static function verifyYubikeyID($user_id, $identity)
{
$yubikeyobj = User_yubikey::staticGet('user_id', $user_id);
return $yubikeyobj->yubikey_id == $identity;
}
