/** * @param VerifyYubikeyPublicIdCommand $command * @return VerificationResult */ public function verifyYubikeyPublicId(VerifyYubikeyPublicIdCommand $command) { $verifyOtpCommand = new VerifyYubikeyOtpCommand(); $verifyOtpCommand->otp = $command->otp; $verifyOtpCommand->identityId = $command->identityId; $verifyOtpCommand->institution = $command->institution; $verificationResult = $this->yubikeyService->verify($verifyOtpCommand); if (YubikeyOtp::isValid($command->otp)) { $otp = YubikeyOtp::fromString($command->otp); $publicId = YubikeyPublicId::fromOtp($otp); } else { $publicId = null; } if ($verificationResult->isServerError()) { return new VerificationResult(VerificationResult::RESULT_OTP_VERIFICATION_FAILED, $publicId); } elseif ($verificationResult->isClientError()) { return new VerificationResult(VerificationResult::RESULT_OTP_INVALID, $publicId); } if ($publicId->getYubikeyPublicId() !== $command->expectedPublicId) { $this->logger->notice('Yubikey used by registrant during vetting did not match the one used during registration.'); return new VerificationResult(VerificationResult::RESULT_PUBLIC_ID_DID_NOT_MATCH, $publicId); } $this->logger->info('Yubikey used by registrant during vetting matches the one used during registration.'); return new VerificationResult(VerificationResult::RESULT_PUBLIC_ID_MATCHED, $publicId); }
/** * @dataProvider nonOtpStrings * @param string $string */ public function testItDoesntAcceptInvalidOtps($string) { $this->assertFalse(YubikeyOtp::isValid($string)); }