/** * validate is authentication was successful, user object is available and user is not expired * * @param Zend_Auth_Result $authResult * @param Tinebase_Model_AccessLog $accessLog * @return boolean|Tinebase_Model_FullUser */ protected function _validateAuthResult(Zend_Auth_Result $authResult, Tinebase_Model_AccessLog $accessLog) { // authentication failed if ($accessLog->result !== Tinebase_Auth::SUCCESS) { $this->_loginFailed($authResult, $accessLog); return false; } // try to retrieve user from accounts backend $user = $this->_getLoginUser($authResult->getIdentity(), $accessLog); if ($accessLog->result !== Tinebase_Auth::SUCCESS || !$user) { if ($user) { $accessLog->account_id = $user->getId(); } $this->_loginFailed($authResult, $accessLog); return false; } // check if user is expired or blocked $this->_checkUserStatus($user, $accessLog); if ($accessLog->result !== Tinebase_Auth::SUCCESS) { $this->_loginFailed($authResult, $accessLog); return false; } // 2nd factor $secondFactorConfig = Tinebase_Config::getInstance()->get(Tinebase_Config::AUTHENTICATIONSECONDFACTOR); if ($secondFactorConfig && $secondFactorConfig->active && $accessLog->clienttype === 'JSON-RPC') { $context = $this->getRequestContext(); if (Tinebase_Auth::validateSecondFactor($user->accountLoginName, $context['otp'], $secondFactorConfig->toArray()) !== Tinebase_Auth::SUCCESS) { $authResult = new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, $user->accountLoginName, array('Second factor authentication failed.')); $accessLog->result = Tinebase_Auth::FAILURE; $this->_loginFailed($authResult, $accessLog); return false; } } return $user; }
/** * @see 0011366: support privacyIdea authentication */ public function testSecondFactor() { $result = Tinebase_Auth::validateSecondFactor('phil', 'phil', array('active' => true, 'provider' => 'Mock', 'url' => 'https://localhost/validate/check')); $this->assertEquals(Tinebase_Auth::SUCCESS, $result); }