|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/** |
|
4
|
|
|
* Copyright 2014 SURFnet bv |
|
5
|
|
|
* |
|
6
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); |
|
7
|
|
|
* you may not use this file except in compliance with the License. |
|
8
|
|
|
* You may obtain a copy of the License at |
|
9
|
|
|
* |
|
10
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0 |
|
11
|
|
|
* |
|
12
|
|
|
* Unless required by applicable law or agreed to in writing, software |
|
13
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS, |
|
14
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
15
|
|
|
* See the License for the specific language governing permissions and |
|
16
|
|
|
* limitations under the License. |
|
17
|
|
|
*/ |
|
18
|
|
|
|
|
19
|
|
|
namespace Surfnet\StepupGateway\ApiBundle\Controller; |
|
20
|
|
|
|
|
21
|
|
|
use Surfnet\StepupGateway\ApiBundle\Dto\Otp; |
|
22
|
|
|
use Surfnet\StepupGateway\ApiBundle\Dto\Requester; |
|
23
|
|
|
use Surfnet\StepupGateway\ApiBundle\Service\YubikeyService; |
|
24
|
|
|
use Surfnet\StepupGateway\GatewayBundle\Container\ContainerController; |
|
25
|
|
|
use Surfnet\YubikeyApiClient\Service\OtpVerificationResult; |
|
26
|
|
|
use Symfony\Component\HttpFoundation\JsonResponse; |
|
27
|
|
|
use Symfony\Component\Routing\Attribute\Route; |
|
28
|
|
|
|
|
29
|
|
|
class YubikeyController extends ContainerController |
|
30
|
|
|
{ |
|
31
|
|
|
#[Route( |
|
32
|
|
|
path: '/api/verify-yubikey', |
|
33
|
|
|
methods: ['POST'], |
|
34
|
|
|
condition: "request.headers.get('Content-Type') == 'application/json' && |
|
35
|
|
|
request.headers.get('Accept') matches '/^application\\\\/json($|[;,])/'" |
|
36
|
|
|
)] |
|
37
|
|
|
public function verify( |
|
38
|
|
|
Otp $otp, |
|
39
|
|
|
Requester $requester, |
|
40
|
|
|
): JsonResponse { |
|
41
|
|
|
/** @var YubikeyService $yubikeyService */ |
|
42
|
|
|
$yubikeyService = $this->get('surfnet_gateway_api.service.yubikey'); |
|
43
|
|
|
$result = $yubikeyService->verifyOtp($otp, $requester); |
|
44
|
|
|
|
|
45
|
|
|
return $this->createJsonResponseFromVerifyYubikeyResult($result); |
|
46
|
|
|
} |
|
47
|
|
|
|
|
48
|
|
|
private function createJsonResponseFromVerifyYubikeyResult(OtpVerificationResult $result): JsonResponse |
|
49
|
|
|
{ |
|
50
|
|
|
if ($result->isSuccessful()) { |
|
51
|
|
|
return new JsonResponse(['status' => 'OK']); |
|
52
|
|
|
} |
|
53
|
|
|
|
|
54
|
|
|
$statusCode = match ($result->getError()) { |
|
55
|
|
|
'BAD_OTP', 'REPLAYED_OTP' => 400, |
|
56
|
|
|
default => 502, |
|
57
|
|
|
}; |
|
58
|
|
|
|
|
59
|
|
|
$errorMessage = sprintf('Yubikey verification failed (%s)', $result->getError()); |
|
60
|
|
|
|
|
61
|
|
|
return new JsonResponse(['errors' => [$errorMessage]], $statusCode); |
|
62
|
|
|
} |
|
63
|
|
|
} |
|
64
|
|
|
|
OpenConext /
Stepup-Gateway
