PHP Auth_Yubico::parsePasswordOTP 예제들

예제 #1

파일: YubikeyPlugin.php 프로젝트: erichelgeson/Yubikey-Statusnet-Plugin

 function onStartLoginAction($action, $user)
 {
     $rawotp = $action->trimmed('otp');
     //may want to parse later?
     $otp = Auth_Yubico::parsePasswordOTP($rawotp);
     if (!is_array($otp)) {
         common_log(LOG_ERR, 'Yubikey:: Could not parse One Time Passcode.');
         $action->showForm('Could not parse Yubikey One Time Passcode.');
         return false;
     }
     $identity = $otp['prefix'];
     $key = $otp['otp'];
     common_log(LOG_DEBUG, 'User: '******' OTP: ' . $key . ', prefix: ' . $identity);
     if (!User_yubikey::verifyYubikeyID($user->id, $identity)) {
         common_log(LOG_DEBUG, 'Yubikey:: User: '******' does not have a Yubikey on record.');
         // Return true because they dont have a yubikey associated and can continue
         return true;
     }
     if ($this->_checkYubikeyOTP($key)) {
         return true;
     } else {
         $action->showForm(_('Yubikey authentication failed.'));
         return false;
     }
 }

예제 #2

파일: employee_manager.php 프로젝트: G-LAB/glab-cms

	function validate_otp ($otp)
	{
		$this->load->library('Auth_Yubico',array());

		$yubico = new Auth_Yubico(config_item('auth_yubico_id'),config_item('auth_yubico_key'),true);

		$response = $yubico->verify($otp);

		if ($response === true)
		{
			// Break OTP Into Parts
			$parts = $yubico->parsePasswordOTP($otp);
			
			// Decode ModHex Prefix to YKID
			return element('prefix',$parts);
		}
		else
		{
			$this->form_validation->set_message('validate_otp', 'Yubikey OTP is not valid. ('.$response->message.')');
			return false;
		}
	}

예제 #3

파일: php-yubico-example.php 프로젝트: bef/yubi-tcl

require_once '/opt/Auth_Yubico-2.3/Yubico.php';
require_once './yubi_functions.php';
## configuration
$config = array('api_id' => '1', 'api_key' => '2l0alAfbbfG1R8Da77Ypig==', 'api_url' => 'localhost:88/cgi-bin/yubiverify2.0.tcl');
## create and configure Auth_Yubico class
$yubi = new Auth_Yubico($config['api_id'], $config['api_key']);
$yubi->setURLpart($config['api_url']);
$yubi->addURLpart($config['api_url']);
## get input from somewhere
$input = 'ehc.d.kndcyccpckkgygeninyjpjkuiceuiducggbdtp';
echo "input: {$input}\n";
## un-dvorak input
if (!($input = normalize_modhex($input))) {
    die("cannot find keymap\n");
}
## check yubikey token aka public identity
if (($parsed_otp = $yubi->parsePasswordOTP($input)) === false) {
    die("invalid OTP\n");
}
if ($parsed_otp['prefix'] != 'djiehevlhiti') {
    ## this check is usually done via database
    die("invalid yubikey user\n");
}
## verify OTP
$verify = $yubi->verify($input, null, true);
echo "verify: {$verify}\n";
if (PEAR::isError($verify)) {
    echo "==[ auth failed ]==\n" . $yubi->_response . "\n";
} else {
    echo "==[ success ]==\n";
}

예제 #4

파일: login.php 프로젝트: G-LAB/glab-cms

	function validateYubikey ($otp)
	{
		if ($otp == 'override') 
		{
			return true;
		}
		else 
		{
			$this->load->library('Auth_Yubico',array());
			$this->load->config('auth');
			
			$yubico = new Auth_Yubico(config_item('auth_yubico_id'),config_item('auth_yubico_key'),true);
			
			// Break OTP Into Parts
			$parts = $yubico->parsePasswordOTP($otp);
			
			// Decode ModHex Prefix to YKID
			$ykid = element('prefix',$parts);
			
			// Query DB for exsistence
			// NOTE: Does not check if key has permissions currently.
			$data = $this->db->limit(1)->get_where('auth_mf_yubikey',array('ykid'=>$ykid));
			
			// Return False if Key Not Found
			if ($data->num_rows() != 1) 
			{
				$this->form_validation->set_message('validateYubikey', 'Yubikey not linked to user account.');
				return false;
			}
			// If Key Found, Validate with Yubico
			else 
			{ 
				$response = $yubico->verify($otp);
				if ($response === true) 
				{	
					$pid = $data->row()->pid;
					$profile = $this->profile->get($pid);

					if ($profile->exists() === true AND $profile->is_employee())
					{
						$this->acl->create_session($pid);
						$this->event->log('auth_success',$pid);
						return true;
					}
					elseif ($profile->exists() === true)
					{
						$this->form_validation->set_message('validateYubikey', $profile->name->full.' is not an employee.');
						return false;
					}
					else
					{
						$this->form_validation->set_message('validateYubikey', 'Could not find profile. ('.$pid.')');
						return false;
					}
				} 
				else 
				{
					$this->form_validation->set_message('validateYubikey', 'Yubico declined key ('.$response->message.').');
					$this->event->log('auth_failure_mf_yubikey',false,array('error'=>$response->message));
					return false;
				}
			}
			
		}
	}

예제 #5

파일: authenticate.php 프로젝트: jonathandietz/TeamPass

$key = $_REQUEST["key"];
$passwordkey = $_REQUEST["passwordkey"];
# Quit early on no input
if (!$key && !$passwordkey) {
    $authenticated = -1;
    return;
}
# Prepare passwordkey using password and key variables
if ($password && $key && !$passwordkey) {
    $passwordkey = $password . ':' . $key;
}
# Convert passwordkey fields into password + key variables
if ($passwordkey) {
    $ret = Auth_Yubico::parsePasswordOTP($passwordkey);
} else {
    $ret = Auth_Yubico::parsePasswordOTP($key);
}
if (!$ret) {
    $authenticated = 31;
    return;
}
$identity = $ret['prefix'];
$key = $ret['otp'];
# Check OTP
$yubi = new Auth_Yubico($CFG[__CLIENT_ID__], $CFG[__CLIENT_KEY__]);
$auth = $yubi->verify($key);
if (PEAR::isError($auth)) {
    $authenticated = 1;
    return;
} else {
    $authenticated = 0;