/** * Returns the user storage. */ public static function getUserStorage() { if (self::$_userStorage == null) { $config = SimpleSAML_Configuration::getConfig('module_tiqr.php')->toArray(); self::$_userStorage = Tiqr_UserStorage::getStorage($config["userstorage"]["type"], $config["userstorage"], isset($config['usersecretstorage']) ? $config['usersecretstorage'] : array()); } return self::$_userStorage; }
/** * Logout. * * @see SimpleSAML_Auth_Source::logout() */ public function logout(&$state) { parent::logout($state); $server = sspmod_authTiqr_Auth_Tiqr::getServer(false); $session = SimpleSAML_Session::getSessionFromRequest(); $sessionId = $session->getSessionId(); $server->logout($sessionId); }
<?php /** * This file is part of simpleSAMLphp. * * The authTiqr module is a module adding authentication via the tiqr * project to simpleSAMLphp. It was initiated by SURFnet and * developed by Egeniq. * * See the README file for instructions and requirements. * * @author Ivo Jansch <*****@*****.**> * * @package simpleSAMLphp * @subpackage authTiqr * * @license New BSD License - See LICENSE file in the tiqr library for details * @copyright (C) 2010-2011 SURFnet BV * */ echo sspmod_authTiqr_Auth_Tiqr::verifyEnrollment(isset($_REQUEST["AuthState"]) ? $_REQUEST["AuthState"] : NULL);
</strong>: <?php echo $this->t('{authTiqr:tiqr:qr_youreyesonly}'); ?> <p> <button type="submit"><?php echo $this->t('{authTiqr:tiqr:go}'); ?> </button> </p> <?php if (isset($_POST['action']) and $_REQUEST['action'] == "getStatus") { $sid = $_REQUEST['sessionId']; ?> <input type="hidden" name="enrollmentStatus" value="<?php echo sspmod_authTiqr_Auth_Tiqr::getServer(true)->getEnrollmentStatus($sid); ?> " id="enrollmentStatus"/> <?php } ?> <?php if (isset($this->data['stateparams'])) { foreach ($this->data['stateparams'] as $name => $value) { echo '<input type="hidden" name="' . htmlspecialchars($name) . '" value="' . htmlspecialchars($value) . '" id="' . htmlspecialchars($name) . '"/>'; } } ?> </form>
// attempt user-password login $errorCode = sspmod_authTiqr_Auth_Source_TiqrUserPass::handleUserPassLogin($authStateId, $username, $password); } else { $errorCode = NULL; // Initialize a new Tiqr session. $state[sspmod_authTiqr_Auth_Tiqr::SESSIONKEYID] = sspmod_authTiqr_Auth_Tiqr::startAuthenticationSession($userId, $state); SimpleSAML_Auth_State::saveState($state, sspmod_authTiqr_Auth_Tiqr::STAGEID); } $globalConfig = SimpleSAML_Configuration::getInstance(); $t = new SimpleSAML_XHTML_Template($globalConfig, 'authTiqr:loginuserpass.php'); $t->data['type'] = $type; $t->data['stateparams'] = array('AuthState' => $authStateId); $t->data['errorcode'] = $errorCode; $t->data['username'] = $username; if ($attemptsLeft != NULL) { $t->data['attemptsLeft'] = $attemptsLeft; } $t->data['verifyLoginUrl'] = SimpleSAML_Module::getModuleURL('authTiqr/verify.php', $t->data['stateparams']); $t->data['mobileDevice'] = preg_match('/iphone/i', $_SERVER["HTTP_USER_AGENT"]) || preg_match('/android/i', $_SERVER["HTTP_USER_AGENT"]); if ($t->data['mobileDevice']) { $returnUrl = SimpleSAML_Module::getModuleURL('authTiqr/complete.php') . '?' . http_build_query($t->data['stateparams']); $t->data['authenticateUrl'] = sspmod_authTiqr_Auth_Tiqr::getAuthenticateUrl($state[sspmod_authTiqr_Auth_Tiqr::SESSIONKEYID]) . '?' . urlencode($returnUrl); } $t->data['qrUrl'] = SimpleSAML_Module::getModuleURL('authTiqr/qr.php', $t->data['stateparams']); if (isset($state['SPMetadata'])) { $t->data['SPMetadata'] = $state['SPMetadata']; } else { $t->data['SPMetadata'] = NULL; } $t->show(); exit;
<?php /** * This file is part of simpleSAMLphp. * * The authTiqr module is a module adding authentication via the tiqr * project to simpleSAMLphp. It was initiated by SURFnet and * developed by Egeniq. * * See the README file for instructions and requirements. * * @author Ivo Jansch <*****@*****.**> * * @package simpleSAMLphp * @subpackage authTiqr * * @license New BSD License - See LICENSE file in the tiqr library for details * @copyright (C) 2010-2011 SURFnet BV * */ if (!array_key_exists('AuthState', $_REQUEST)) { throw new SimpleSAML_Error_BadRequest('Missing AuthState parameter.'); } sspmod_authTiqr_Auth_Tiqr::generateAuthQR($_REQUEST["AuthState"]);
<?php /** * This file is part of simpleSAMLphp. * * The authTiqr module is a module adding authentication via the tiqr * project to simpleSAMLphp. It was initiated by SURFnet and * developed by Egeniq. * * See the README file for instructions and requirements. * * @author Ivo Jansch <*****@*****.**> * * @package simpleSAMLphp * @subpackage authTiqr * * @license New BSD License - See LICENSE file in the tiqr library for details * @copyright (C) 2010-2011 SURFnet BV * */ $result = sspmod_authTiqr_Auth_Tiqr::processMobileEnrollment($_REQUEST); if (is_array($result)) { header('Content-type: application/json'); header('X-TIQR-Protocol-Version:' . sspmod_authTiqr_Auth_Tiqr::getProtocolVersion(true)); echo json_encode($result); } else { // v1 ascii protocol, didn't use header yet. echo $result; }
<?php /** * This file is part of simpleSAMLphp. * * The authTiqr module is a module adding authentication via the tiqr * project to simpleSAMLphp. It was initiated by SURFnet and * developed by Egeniq. * * See the README file for instructions and requirements. * * @author Ivo Jansch <*****@*****.**> * * @package simpleSAMLphp * @subpackage authTiqr * * @license New BSD License - See LICENSE file in the tiqr library for details * @copyright (C) 2010-2011 SURFnet BV * */ if (!array_key_exists('AuthState', $_REQUEST)) { throw new SimpleSAML_Error_BadRequest('Missing AuthState parameter.'); } sspmod_authTiqr_Auth_Tiqr::completeLogin($_REQUEST["AuthState"]);
<?php } // manual login for connection less phones. $linkStart = '<a href="#" onClick="javascript:jQuery(\'#otpform\').slideToggle();">'; ?> <?php $sid = SimpleSAML_Session::getSessionFromRequest()->getSessionId(); ?> <input type="hidden" name="SessionId" value="<?php echo 'Session id: [' . $sid . ']'; ?> " id="SessionId"/> <?php if (isset($_POST['action']) and $_REQUEST['action'] == "getAuthenticatedUser") { $sid = $_REQUEST['sessionId']; $user = sspmod_authTiqr_Auth_Tiqr::getServer(false)->getAuthenticatedUser($sid); ?> <input type="hidden" name="authenticatedUser" value="<?php echo !empty($user) ? $user : ""; ?> " id="authenticatedUser"/> <?php } ?> <p><?php echo $this->t('{authTiqr:tiqr:alternative_otp}', array("[link]" => $linkStart, "[/link]" => "</a>")); ?> </p> <div id="otpform" <?php if (!isset($this->data['errorcode']) || $this->data['errorcode'] != 'wrongotp') { ?>
<?php /** * This file is part of simpleSAMLphp. * * The authTiqr module is a module adding authentication via the tiqr * project to simpleSAMLphp. It was initiated by SURFnet and * developed by Egeniq. * * See the README file for instructions and requirements. * * @author Ivo Jansch <*****@*****.**> * * @package simpleSAMLphp * @subpackage authTiqr * * @license New BSD License - See LICENSE file in the tiqr library for details * @copyright (C) 2010-2011 SURFnet BV * */ sspmod_authTiqr_Auth_Tiqr::resetEnrollmentSession(); $globalConfig = SimpleSAML_Configuration::getInstance(); $t = new SimpleSAML_XHTML_Template($globalConfig, 'authTiqr:newuser_complete.php'); if (isset($_REQUEST['AuthState'])) { $t->data['stateparams'] = array('AuthState' => $_REQUEST['AuthState']); $t->data['loginUrl'] = SimpleSAML_Module::getModuleURL('authTiqr/login.php', $t->data['stateparams']); } $t->show(); exit;
<?php /** * This file is part of simpleSAMLphp. * * The authTiqr module is a module adding authentication via the tiqr * project to simpleSAMLphp. It was initiated by SURFnet and * developed by Egeniq. * * See the README file for instructions and requirements. * * @author Ivo Jansch <*****@*****.**> * * @package simpleSAMLphp * @subpackage authTiqr * * @license New BSD License - See LICENSE file in the tiqr library for details * @copyright (C) 2010-2011 SURFnet BV * */ header('Content-type: application/json'); $metadata = sspmod_authTiqr_Auth_Tiqr::getEnrollmentMetadata($_REQUEST); echo json_encode($metadata);
<?php /** * This file is part of simpleSAMLphp. * * The authTiqr module is a module adding authentication via the tiqr * project to simpleSAMLphp. It was initiated by SURFnet and * developed by Egeniq. * * See the README file for instructions and requirements. * * @author Ivo Jansch <*****@*****.**> * * @package simpleSAMLphp * @subpackage authTiqr * * @license New BSD License - See LICENSE file in the tiqr library for details * @copyright (C) 2010-2011 SURFnet BV * */ if (!array_key_exists('AuthState', $_REQUEST)) { throw new SimpleSAML_Error_BadRequest('Missing AuthState parameter.'); } sspmod_authTiqr_Auth_Tiqr::verifyLogin($_REQUEST["AuthState"]);
?> <h2 class="main"><?php echo $this->t('{authTiqr:tiqr:header_enrollment}'); ?> </h2> <form action="?" method="post" name="f"> <p><?php echo $this->t('{authTiqr:tiqr:instruction_qr_enroll}'); ?> </p> <img alt="QR" src="<?php echo sspmod_authTiqr_Auth_Tiqr::generateEnrollmentQR(); ?> " id="QR"/> <br/> <?php $sid = SimpleSAML_Session::getSessionFromRequest()->getSessionId(); ?> <input type="hidden" name="SessionId" value="<?php echo 'Session id: [' . $sid . ']'; ?> " id="SessionId"/> <?php if (isset($this->data['loginUrl'])) { $linkStart = '<a href="' . $this->data['loginUrl'] . '">'; echo $this->t('{authTiqr:tiqr:instruction_enroll_proceed_manually}', array("[link]" => $linkStart, "[/link]" => "</a>")); } ?>
// Check if userid exists $uidAttribute = $config["enroll.uidAttribute"]; $displayNameAttribute = $config["enroll.cnAttribute"]; if (!isset($attributes[$uidAttribute])) { throw new Exception('User ID is missing'); } $state["tiqrUser"]["userId"] = $attributes[$uidAttribute][0]; $state["tiqrUser"]["displayName"] = $attributes[$displayNameAttribute][0]; } else { SimpleSAML_Auth_Default::initLogin($config["enroll.authsource"], SimpleSAML_Utilities::selfURL(), NULL, $_REQUEST); } } } } $template = 'newuser.php'; $store = sspmod_authTiqr_Auth_Tiqr::getUserStorage(); if (is_array($_POST) && count($_POST) && isset($_POST["create"])) { // Page was posted, so new user form has been filled. if ($state == NULL) { // throw new SimpleSAML_Error_NoState(); } $displayName = isset($_POST['displayName']) ? $_POST['displayName'] : NULL; $userId = isset($_POST['userId']) ? $_POST['userId'] : NULL; if (empty($userId) || empty($displayName)) { $errorcode = "userdatarequired"; } else { if (!preg_match('/^[A-Za-z0-9_\\.]*$/', $userId)) { $errorcode = "invaliduserid"; } else { if ($store->userExists($userId)) { // User already exists. If we don't have a secret yet, we must however still enroll him.