/**
* Returns the user storage.
*/
public static function getUserStorage()
{
if (self::$_userStorage == null) {
$config = SimpleSAML_Configuration::getConfig('module_tiqr.php')->toArray();
self::$_userStorage = Tiqr_UserStorage::getStorage($config["userstorage"]["type"], $config["userstorage"], isset($config['usersecretstorage']) ? $config['usersecretstorage'] : array());
}
return self::$_userStorage;
}
/**
* Logout.
*
* @see SimpleSAML_Auth_Source::logout()
*/
public function logout(&$state)
{
parent::logout($state);
$server = sspmod_authTiqr_Auth_Tiqr::getServer(false);
$session = SimpleSAML_Session::getSessionFromRequest();
$sessionId = $session->getSessionId();
$server->logout($sessionId);
}
<?php /** * This file is part of simpleSAMLphp. * * The authTiqr module is a module adding authentication via the tiqr * project to simpleSAMLphp. It was initiated by SURFnet and * developed by Egeniq. * * See the README file for instructions and requirements. * * @author Ivo Jansch <*****@*****.**> * * @package simpleSAMLphp * @subpackage authTiqr * * @license New BSD License - See LICENSE file in the tiqr library for details * @copyright (C) 2010-2011 SURFnet BV * */ echo sspmod_authTiqr_Auth_Tiqr::verifyEnrollment(isset($_REQUEST["AuthState"]) ? $_REQUEST["AuthState"] : NULL);
</strong>: <?php
echo $this->t('{authTiqr:tiqr:qr_youreyesonly}');
?>
<p>
<button type="submit"><?php
echo $this->t('{authTiqr:tiqr:go}');
?>
</button>
</p>
<?php
if (isset($_POST['action']) and $_REQUEST['action'] == "getStatus") {
$sid = $_REQUEST['sessionId'];
?>
<input type="hidden" name="enrollmentStatus" value="<?php
echo sspmod_authTiqr_Auth_Tiqr::getServer(true)->getEnrollmentStatus($sid);
?>
" id="enrollmentStatus"/>
<?php
}
?>
<?php
if (isset($this->data['stateparams'])) {
foreach ($this->data['stateparams'] as $name => $value) {
echo '<input type="hidden" name="' . htmlspecialchars($name) . '" value="' . htmlspecialchars($value) . '" id="' . htmlspecialchars($name) . '"/>';
}
}
?>
</form>
// attempt user-password login
$errorCode = sspmod_authTiqr_Auth_Source_TiqrUserPass::handleUserPassLogin($authStateId, $username, $password);
} else {
$errorCode = NULL;
// Initialize a new Tiqr session.
$state[sspmod_authTiqr_Auth_Tiqr::SESSIONKEYID] = sspmod_authTiqr_Auth_Tiqr::startAuthenticationSession($userId, $state);
SimpleSAML_Auth_State::saveState($state, sspmod_authTiqr_Auth_Tiqr::STAGEID);
}
$globalConfig = SimpleSAML_Configuration::getInstance();
$t = new SimpleSAML_XHTML_Template($globalConfig, 'authTiqr:loginuserpass.php');
$t->data['type'] = $type;
$t->data['stateparams'] = array('AuthState' => $authStateId);
$t->data['errorcode'] = $errorCode;
$t->data['username'] = $username;
if ($attemptsLeft != NULL) {
$t->data['attemptsLeft'] = $attemptsLeft;
}
$t->data['verifyLoginUrl'] = SimpleSAML_Module::getModuleURL('authTiqr/verify.php', $t->data['stateparams']);
$t->data['mobileDevice'] = preg_match('/iphone/i', $_SERVER["HTTP_USER_AGENT"]) || preg_match('/android/i', $_SERVER["HTTP_USER_AGENT"]);
if ($t->data['mobileDevice']) {
$returnUrl = SimpleSAML_Module::getModuleURL('authTiqr/complete.php') . '?' . http_build_query($t->data['stateparams']);
$t->data['authenticateUrl'] = sspmod_authTiqr_Auth_Tiqr::getAuthenticateUrl($state[sspmod_authTiqr_Auth_Tiqr::SESSIONKEYID]) . '?' . urlencode($returnUrl);
}
$t->data['qrUrl'] = SimpleSAML_Module::getModuleURL('authTiqr/qr.php', $t->data['stateparams']);
if (isset($state['SPMetadata'])) {
$t->data['SPMetadata'] = $state['SPMetadata'];
} else {
$t->data['SPMetadata'] = NULL;
}
$t->show();
exit;
<?php
/**
* This file is part of simpleSAMLphp.
*
* The authTiqr module is a module adding authentication via the tiqr
* project to simpleSAMLphp. It was initiated by SURFnet and
* developed by Egeniq.
*
* See the README file for instructions and requirements.
*
* @author Ivo Jansch <*****@*****.**>
*
* @package simpleSAMLphp
* @subpackage authTiqr
*
* @license New BSD License - See LICENSE file in the tiqr library for details
* @copyright (C) 2010-2011 SURFnet BV
*
*/
if (!array_key_exists('AuthState', $_REQUEST)) {
throw new SimpleSAML_Error_BadRequest('Missing AuthState parameter.');
}
sspmod_authTiqr_Auth_Tiqr::generateAuthQR($_REQUEST["AuthState"]);
<?php
/**
* This file is part of simpleSAMLphp.
*
* The authTiqr module is a module adding authentication via the tiqr
* project to simpleSAMLphp. It was initiated by SURFnet and
* developed by Egeniq.
*
* See the README file for instructions and requirements.
*
* @author Ivo Jansch <*****@*****.**>
*
* @package simpleSAMLphp
* @subpackage authTiqr
*
* @license New BSD License - See LICENSE file in the tiqr library for details
* @copyright (C) 2010-2011 SURFnet BV
*
*/
$result = sspmod_authTiqr_Auth_Tiqr::processMobileEnrollment($_REQUEST);
if (is_array($result)) {
header('Content-type: application/json');
header('X-TIQR-Protocol-Version:' . sspmod_authTiqr_Auth_Tiqr::getProtocolVersion(true));
echo json_encode($result);
} else {
// v1 ascii protocol, didn't use header yet.
echo $result;
}
<?php
/**
* This file is part of simpleSAMLphp.
*
* The authTiqr module is a module adding authentication via the tiqr
* project to simpleSAMLphp. It was initiated by SURFnet and
* developed by Egeniq.
*
* See the README file for instructions and requirements.
*
* @author Ivo Jansch <*****@*****.**>
*
* @package simpleSAMLphp
* @subpackage authTiqr
*
* @license New BSD License - See LICENSE file in the tiqr library for details
* @copyright (C) 2010-2011 SURFnet BV
*
*/
if (!array_key_exists('AuthState', $_REQUEST)) {
throw new SimpleSAML_Error_BadRequest('Missing AuthState parameter.');
}
sspmod_authTiqr_Auth_Tiqr::completeLogin($_REQUEST["AuthState"]);
<?php
}
// manual login for connection less phones.
$linkStart = '<a href="#" onClick="javascript:jQuery(\'#otpform\').slideToggle();">';
?>
<?php
$sid = SimpleSAML_Session::getSessionFromRequest()->getSessionId();
?>
<input type="hidden" name="SessionId" value="<?php
echo 'Session id: [' . $sid . ']';
?>
" id="SessionId"/>
<?php
if (isset($_POST['action']) and $_REQUEST['action'] == "getAuthenticatedUser") {
$sid = $_REQUEST['sessionId'];
$user = sspmod_authTiqr_Auth_Tiqr::getServer(false)->getAuthenticatedUser($sid);
?>
<input type="hidden" name="authenticatedUser" value="<?php
echo !empty($user) ? $user : "";
?>
" id="authenticatedUser"/>
<?php
}
?>
<p><?php
echo $this->t('{authTiqr:tiqr:alternative_otp}', array("[link]" => $linkStart, "[/link]" => "</a>"));
?>
</p>
<div id="otpform" <?php
if (!isset($this->data['errorcode']) || $this->data['errorcode'] != 'wrongotp') {
?>
<?php
/**
* This file is part of simpleSAMLphp.
*
* The authTiqr module is a module adding authentication via the tiqr
* project to simpleSAMLphp. It was initiated by SURFnet and
* developed by Egeniq.
*
* See the README file for instructions and requirements.
*
* @author Ivo Jansch <*****@*****.**>
*
* @package simpleSAMLphp
* @subpackage authTiqr
*
* @license New BSD License - See LICENSE file in the tiqr library for details
* @copyright (C) 2010-2011 SURFnet BV
*
*/
sspmod_authTiqr_Auth_Tiqr::resetEnrollmentSession();
$globalConfig = SimpleSAML_Configuration::getInstance();
$t = new SimpleSAML_XHTML_Template($globalConfig, 'authTiqr:newuser_complete.php');
if (isset($_REQUEST['AuthState'])) {
$t->data['stateparams'] = array('AuthState' => $_REQUEST['AuthState']);
$t->data['loginUrl'] = SimpleSAML_Module::getModuleURL('authTiqr/login.php', $t->data['stateparams']);
}
$t->show();
exit;
<?php
/**
* This file is part of simpleSAMLphp.
*
* The authTiqr module is a module adding authentication via the tiqr
* project to simpleSAMLphp. It was initiated by SURFnet and
* developed by Egeniq.
*
* See the README file for instructions and requirements.
*
* @author Ivo Jansch <*****@*****.**>
*
* @package simpleSAMLphp
* @subpackage authTiqr
*
* @license New BSD License - See LICENSE file in the tiqr library for details
* @copyright (C) 2010-2011 SURFnet BV
*
*/
header('Content-type: application/json');
$metadata = sspmod_authTiqr_Auth_Tiqr::getEnrollmentMetadata($_REQUEST);
echo json_encode($metadata);
<?php
/**
* This file is part of simpleSAMLphp.
*
* The authTiqr module is a module adding authentication via the tiqr
* project to simpleSAMLphp. It was initiated by SURFnet and
* developed by Egeniq.
*
* See the README file for instructions and requirements.
*
* @author Ivo Jansch <*****@*****.**>
*
* @package simpleSAMLphp
* @subpackage authTiqr
*
* @license New BSD License - See LICENSE file in the tiqr library for details
* @copyright (C) 2010-2011 SURFnet BV
*
*/
if (!array_key_exists('AuthState', $_REQUEST)) {
throw new SimpleSAML_Error_BadRequest('Missing AuthState parameter.');
}
sspmod_authTiqr_Auth_Tiqr::verifyLogin($_REQUEST["AuthState"]);
?>
<h2 class="main"><?php
echo $this->t('{authTiqr:tiqr:header_enrollment}');
?>
</h2>
<form action="?" method="post" name="f">
<p><?php
echo $this->t('{authTiqr:tiqr:instruction_qr_enroll}');
?>
</p>
<img alt="QR" src="<?php
echo sspmod_authTiqr_Auth_Tiqr::generateEnrollmentQR();
?>
" id="QR"/> <br/>
<?php
$sid = SimpleSAML_Session::getSessionFromRequest()->getSessionId();
?>
<input type="hidden" name="SessionId" value="<?php
echo 'Session id: [' . $sid . ']';
?>
" id="SessionId"/>
<?php
if (isset($this->data['loginUrl'])) {
$linkStart = '<a href="' . $this->data['loginUrl'] . '">';
echo $this->t('{authTiqr:tiqr:instruction_enroll_proceed_manually}', array("[link]" => $linkStart, "[/link]" => "</a>"));
}
?>
// Check if userid exists
$uidAttribute = $config["enroll.uidAttribute"];
$displayNameAttribute = $config["enroll.cnAttribute"];
if (!isset($attributes[$uidAttribute])) {
throw new Exception('User ID is missing');
}
$state["tiqrUser"]["userId"] = $attributes[$uidAttribute][0];
$state["tiqrUser"]["displayName"] = $attributes[$displayNameAttribute][0];
} else {
SimpleSAML_Auth_Default::initLogin($config["enroll.authsource"], SimpleSAML_Utilities::selfURL(), NULL, $_REQUEST);
}
}
}
}
$template = 'newuser.php';
$store = sspmod_authTiqr_Auth_Tiqr::getUserStorage();
if (is_array($_POST) && count($_POST) && isset($_POST["create"])) {
// Page was posted, so new user form has been filled.
if ($state == NULL) {
// throw new SimpleSAML_Error_NoState();
}
$displayName = isset($_POST['displayName']) ? $_POST['displayName'] : NULL;
$userId = isset($_POST['userId']) ? $_POST['userId'] : NULL;
if (empty($userId) || empty($displayName)) {
$errorcode = "userdatarequired";
} else {
if (!preg_match('/^[A-Za-z0-9_\\.]*$/', $userId)) {
$errorcode = "invaliduserid";
} else {
if ($store->userExists($userId)) {
// User already exists. If we don't have a secret yet, we must however still enroll him.
