/** * @expectedException paul999\u2f\Exceptions\U2fError * @expectedExceptionCode paul999\u2f\Exceptions\U2fError::ERR_BAD_UA_RETURNING */ public function testDoAuthenticateUAError() { $reqs = array(new SignRequest(null, null, null)); $regs = array(new Registration(null, null, null)); $resp = new AuthenticationResponse(null, null, null, 5); $this->u2f->doAuthenticate($reqs, $regs, $resp); }
/** * Actual login procedure * * @param int $user_id * * @return bool * @throws http_exception */ public function login($user_id) { try { $sql = 'SELECT u2f_request FROM ' . SESSIONS_TABLE . " \n\t\t\t\tWHERE\n\t\t\t\t\tsession_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "' AND\n\t\t\t\t\tsession_user_id = " . (int) $this->user->data['user_id']; $result = $this->db->sql_query($sql); $row = $this->db->sql_fetchrow($result); $this->db->sql_freeresult($result); if (!$row || empty($row['u2f_request'])) { throw new http_exception(403, 'TFA_NO_ACCESS'); } $response = json_decode(htmlspecialchars_decode($this->request->variable('authenticate', ''))); if (property_exists($response, 'errorCode')) { if ($response->errorCode == 4) { throw new http_exception(403, 'TFA_NOT_REGISTERED'); } throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG'); } $result = new AuthenticationResponse($response->signatureData, $response->clientData, $response->keyHandle); // Do not need to include errorCode, as we already handled it. /** @var \paul999\tfa\helper\registration_helper $reg */ $reg = $this->u2f->doAuthenticate($this->convertRequests(json_decode($row['u2f_request'])), $this->getRegistrations($user_id), $result); $sql_ary = array('counter' => $reg->getCounter(), 'last_used' => time()); $sql = 'UPDATE ' . $this->registration_table . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . ' WHERE registration_id = ' . (int) $reg->getId(); $this->db->sql_query($sql); return true; } catch (U2fError $error) { $this->createError($error); } catch (\InvalidArgumentException $invalid) { throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG' . '<br />' . $invalid->getMessage(), array(), $invalid); } return false; }