/**
 * Processes a user response from the {@link simpleid_openid_consent_form()} function.
 *
 * If the user verifies the relying party, an OpenID response will be sent to
 * the relying party.  Otherwise, the dashboard will be displayed to the user.
 *
 */
function simpleid_openid_consent()
{
    global $xtpl, $user, $version, $GETPOST;
    if ($user == NULL) {
        user_login_form('');
        return;
    }
    if (!validate_form_token($GETPOST['tk'], 'rp')) {
        set_message('SimpleID detected a potential security attack.  Please try again.');
        $xtpl->assign('title', 'OpenID Login');
        $xtpl->parse('main');
        $xtpl->out('main');
        return;
    }
    $uid = $user['uid'];
    $response = unpickle($GETPOST['s']);
    $version = openid_get_version($response);
    $return_to = $response['openid.return_to'];
    if (!$return_to) {
        $return_to = $GETPOST['openid.return_to'];
    }
    if ($GETPOST['op'] == 'Cancel') {
        $response = simpleid_checkid_error(false);
        if (!$return_to) {
            set_message('Log in cancelled.');
        }
    } else {
        $now = time();
        $realm = $GETPOST['openid.realm'];
        if (isset($user['rp'][$realm])) {
            $rp = $user['rp'][$realm];
        } else {
            $rp = array('realm' => $realm, 'first_time' => $now);
        }
        $rp['last_time'] = $now;
        $rp['auto_release'] = isset($GETPOST['autorelease']) && $GETPOST['autorelease'] ? 1 : 0;
        extension_invoke_all('consent', $GETPOST, $response, $rp);
        $user['rp'][$realm] = $rp;
        user_save($user);
        $response = simpleid_sign($response, isset($response['openid.assoc_handle']) ? $response['openid.assoc_handle'] : NULL);
        if (!$return_to) {
            set_message('You were logged in successfully.');
        }
    }
    if ($return_to) {
        simpleid_assertion_response($response, $return_to);
    } else {
        page_dashboard();
    }
}
예제 #2
0
 /**
  * Displays the page used to set up login verification using one-time
  * passwords.
  */
 public function setup()
 {
     $auth = AuthManager::instance();
     $store = StoreManager::instance();
     $user = $auth->getUser();
     $tpl = new \Template();
     $token = new SecurityToken();
     // Require HTTPS, redirect if necessary
     $this->checkHttps('redirect', true);
     if (!$auth->isLoggedIn()) {
         $this->f3->reroute('/my/dashboard');
         return;
     }
     if ($this->f3->get('POST.op') == $this->t('Disable')) {
         if ($this->f3->exists('POST.tk') === false || !$token->verify($this->f3->get('POST.tk'), 'otp')) {
             $this->f3->set('message', $this->t('SimpleID detected a potential security attack.  Please try again.'));
             $this->f3->mock('GET /my/dashboard');
             return;
         }
         if (isset($user['otp'])) {
             unset($user['otp']);
             $store->saveUser($user);
         }
         $this->f3->set('message', $this->t('Login verification has been disabled.'));
         $this->f3->mock('GET /my/dashboard');
         return;
     } elseif ($this->f3->get('POST.op') == $this->t('Verify')) {
         $params = $token->getPayload($this->f3->get('POST.otp_params'));
         $this->f3->set('otp_params', $this->f3->get('POST.otp_params'));
         if ($this->f3->exists('POST.tk') === false || !$token->verify($this->f3->get('POST.tk'), 'otp')) {
             $this->f3->set('message', $this->t('SimpleID detected a potential security attack.  Please try again.'));
             page_dashboard();
             return;
         } elseif ($this->f3->exists('POST.otp') === false || $this->f3->get('POST.otp') == '') {
             $this->f3->set('message', $this->t('You need to enter the verification code to complete enabling login verification.'));
         } elseif ($this->verifyOTP($params, $this->f3->get('POST.otp'), 10) === false) {
             $this->f3->set('message', $this->t('The verification code is not correct.'));
         } else {
             $user['otp'] = $params;
             $store->saveUser($user);
             $this->f3->set('message', $this->t('Login verification has been enabled.'));
             $this->f3->mock('GET /my/dashboard');
             return;
         }
     } else {
         $rand = new Random();
         $params = array('type' => 'totp', 'secret' => $rand->bytes(10), 'algorithm' => 'sha1', 'digits' => 6, 'period' => 30, 'drift' => 0, 'remember' => array());
         $this->f3->set('otp_params', $token->generate($params, SecurityToken::OPTION_BIND_SESSION));
     }
     $secret = new BigNum($params['secret'], 256);
     $code = strtr($secret->val(32), '0123456789abcdefghijklmnopqrstuv', 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567');
     $code = str_repeat('A', 16 - strlen($code)) . $code;
     for ($i = 0; $i < strlen($code); $i += 4) {
         $this->f3->set('secret' . ($i + 1), substr($code, $i, 4));
     }
     $url = 'otpauth://totp/SimpleID?secret=' . $code . '&digits=' . $params['digits'] . '&period=' . $params['period'];
     $this->f3->set('qr', addslashes($url));
     $this->f3->set('about_otp', $this->t('Login verification adds an extra layer of protection to your account. When enabled, you will need to enter an additional security code whenever you log into SimpleID.'));
     $this->f3->set('otp_warning', $this->t('<strong>WARNING:</strong> If you enable login verification and lose your authenticator app, you will need to <a href="!url">edit your identity file manually</a> before you can log in again.', array('!url' => 'http://simpleid.koinic.net/docs/2/common_problems/#otp')));
     $this->f3->set('setup_otp', $this->t('To set up login verification, following these steps.'));
     $this->f3->set('download_app', $this->t('Download an authenticator app that supports TOTP for your smartphone, such as Google Authenticator.'));
     $this->f3->set('add_account', $this->t('Add your SimpleID account to authenticator app using this key.  If you are viewing this page on your smartphone you can use <a href="!url">this link</a> or scan the QR code to add your account.', array('!url' => $url)));
     $this->f3->set('verify_code', $this->t('To check that your account has been added properly, enter the verification code from your phone into the box below, and click Verify.'));
     $this->f3->set('tk', $token->generate('otp', SecurityToken::OPTION_BIND_SESSION));
     $this->f3->set('otp_label', $this->t('Verification code:'));
     $this->f3->set('submit_button', $this->t('Verify'));
     $this->f3->set('page_class', 'dialog-page');
     $this->f3->set('title', $this->t('Login Verification'));
     $this->f3->set('framekiller', true);
     $this->f3->set('layout', 'auth_otp_setup.html');
     print $tpl->render('page.html');
 }