OpenConext /
Stepup-Middleware
| @@ 229-270 (lines=42) @@ | ||
| 226 | ); |
|
| 227 | } |
|
| 228 | ||
| 229 | public function provePossessionOfYubikey( |
|
| 230 | SecondFactorId $secondFactorId, |
|
| 231 | YubikeyPublicId $yubikeyPublicId, |
|
| 232 | $emailVerificationRequired, |
|
| 233 | EmailVerificationWindow $emailVerificationWindow |
|
| 234 | ) { |
|
| 235 | $this->assertNotForgotten(); |
|
| 236 | $this->assertUserMayAddSecondFactor(); |
|
| 237 | ||
| 238 | if ($emailVerificationRequired) { |
|
| 239 | $emailVerificationNonce = TokenGenerator::generateNonce(); |
|
| 240 | ||
| 241 | $this->apply( |
|
| 242 | new YubikeyPossessionProvenEvent( |
|
| 243 | $this->id, |
|
| 244 | $this->institution, |
|
| 245 | $secondFactorId, |
|
| 246 | $yubikeyPublicId, |
|
| 247 | $emailVerificationRequired, |
|
| 248 | $emailVerificationWindow, |
|
| 249 | $emailVerificationNonce, |
|
| 250 | $this->commonName, |
|
| 251 | $this->email, |
|
| 252 | $this->preferredLocale |
|
| 253 | ) |
|
| 254 | ); |
|
| 255 | } else { |
|
| 256 | $this->apply( |
|
| 257 | new YubikeyPossessionProvenAndVerifiedEvent( |
|
| 258 | $this->id, |
|
| 259 | $this->institution, |
|
| 260 | $secondFactorId, |
|
| 261 | $yubikeyPublicId, |
|
| 262 | $this->commonName, |
|
| 263 | $this->email, |
|
| 264 | $this->preferredLocale, |
|
| 265 | DateTime::now(), |
|
| 266 | OtpGenerator::generate(8) |
|
| 267 | ) |
|
| 268 | ); |
|
| 269 | } |
|
| 270 | } |
|
| 271 | ||
| 272 | public function provePossessionOfPhone( |
|
| 273 | SecondFactorId $secondFactorId, |
|
| @@ 272-313 (lines=42) @@ | ||
| 269 | } |
|
| 270 | } |
|
| 271 | ||
| 272 | public function provePossessionOfPhone( |
|
| 273 | SecondFactorId $secondFactorId, |
|
| 274 | PhoneNumber $phoneNumber, |
|
| 275 | $emailVerificationRequired, |
|
| 276 | EmailVerificationWindow $emailVerificationWindow |
|
| 277 | ) { |
|
| 278 | $this->assertNotForgotten(); |
|
| 279 | $this->assertUserMayAddSecondFactor(); |
|
| 280 | ||
| 281 | if ($emailVerificationRequired) { |
|
| 282 | $emailVerificationNonce = TokenGenerator::generateNonce(); |
|
| 283 | ||
| 284 | $this->apply( |
|
| 285 | new PhonePossessionProvenEvent( |
|
| 286 | $this->id, |
|
| 287 | $this->institution, |
|
| 288 | $secondFactorId, |
|
| 289 | $phoneNumber, |
|
| 290 | $emailVerificationRequired, |
|
| 291 | $emailVerificationWindow, |
|
| 292 | $emailVerificationNonce, |
|
| 293 | $this->commonName, |
|
| 294 | $this->email, |
|
| 295 | $this->preferredLocale |
|
| 296 | ) |
|
| 297 | ); |
|
| 298 | } else { |
|
| 299 | $this->apply( |
|
| 300 | new PhonePossessionProvenAndVerifiedEvent( |
|
| 301 | $this->id, |
|
| 302 | $this->institution, |
|
| 303 | $secondFactorId, |
|
| 304 | $phoneNumber, |
|
| 305 | $this->commonName, |
|
| 306 | $this->email, |
|
| 307 | $this->preferredLocale, |
|
| 308 | DateTime::now(), |
|
| 309 | OtpGenerator::generate(8) |
|
| 310 | ) |
|
| 311 | ); |
|
| 312 | } |
|
| 313 | } |
|
| 314 | ||
| 315 | public function provePossessionOfGssf( |
|
| 316 | SecondFactorId $secondFactorId, |
|
| @@ 315-359 (lines=45) @@ | ||
| 312 | } |
|
| 313 | } |
|
| 314 | ||
| 315 | public function provePossessionOfGssf( |
|
| 316 | SecondFactorId $secondFactorId, |
|
| 317 | StepupProvider $provider, |
|
| 318 | GssfId $gssfId, |
|
| 319 | $emailVerificationRequired, |
|
| 320 | EmailVerificationWindow $emailVerificationWindow |
|
| 321 | ) { |
|
| 322 | $this->assertNotForgotten(); |
|
| 323 | $this->assertUserMayAddSecondFactor(); |
|
| 324 | ||
| 325 | if ($emailVerificationRequired) { |
|
| 326 | $emailVerificationNonce = TokenGenerator::generateNonce(); |
|
| 327 | ||
| 328 | $this->apply( |
|
| 329 | new GssfPossessionProvenEvent( |
|
| 330 | $this->id, |
|
| 331 | $this->institution, |
|
| 332 | $secondFactorId, |
|
| 333 | $provider, |
|
| 334 | $gssfId, |
|
| 335 | $emailVerificationRequired, |
|
| 336 | $emailVerificationWindow, |
|
| 337 | $emailVerificationNonce, |
|
| 338 | $this->commonName, |
|
| 339 | $this->email, |
|
| 340 | $this->preferredLocale |
|
| 341 | ) |
|
| 342 | ); |
|
| 343 | } else { |
|
| 344 | $this->apply( |
|
| 345 | new GssfPossessionProvenAndVerifiedEvent( |
|
| 346 | $this->id, |
|
| 347 | $this->institution, |
|
| 348 | $secondFactorId, |
|
| 349 | $provider, |
|
| 350 | $gssfId, |
|
| 351 | $this->commonName, |
|
| 352 | $this->email, |
|
| 353 | $this->preferredLocale, |
|
| 354 | DateTime::now(), |
|
| 355 | OtpGenerator::generate(8) |
|
| 356 | ) |
|
| 357 | ); |
|
| 358 | } |
|
| 359 | } |
|
| 360 | ||
| 361 | public function provePossessionOfU2fDevice( |
|
| 362 | SecondFactorId $secondFactorId, |
|
| @@ 361-402 (lines=42) @@ | ||
| 358 | } |
|
| 359 | } |
|
| 360 | ||
| 361 | public function provePossessionOfU2fDevice( |
|
| 362 | SecondFactorId $secondFactorId, |
|
| 363 | U2fKeyHandle $keyHandle, |
|
| 364 | $emailVerificationRequired, |
|
| 365 | EmailVerificationWindow $emailVerificationWindow |
|
| 366 | ) { |
|
| 367 | $this->assertNotForgotten(); |
|
| 368 | $this->assertUserMayAddSecondFactor(); |
|
| 369 | ||
| 370 | if ($emailVerificationRequired) { |
|
| 371 | $emailVerificationNonce = TokenGenerator::generateNonce(); |
|
| 372 | ||
| 373 | $this->apply( |
|
| 374 | new U2fDevicePossessionProvenEvent( |
|
| 375 | $this->id, |
|
| 376 | $this->institution, |
|
| 377 | $secondFactorId, |
|
| 378 | $keyHandle, |
|
| 379 | $emailVerificationRequired, |
|
| 380 | $emailVerificationWindow, |
|
| 381 | $emailVerificationNonce, |
|
| 382 | $this->commonName, |
|
| 383 | $this->email, |
|
| 384 | $this->preferredLocale |
|
| 385 | ) |
|
| 386 | ); |
|
| 387 | } else { |
|
| 388 | $this->apply( |
|
| 389 | new U2fDevicePossessionProvenAndVerifiedEvent( |
|
| 390 | $this->id, |
|
| 391 | $this->institution, |
|
| 392 | $secondFactorId, |
|
| 393 | $keyHandle, |
|
| 394 | $this->commonName, |
|
| 395 | $this->email, |
|
| 396 | $this->preferredLocale, |
|
| 397 | DateTime::now(), |
|
| 398 | OtpGenerator::generate(8) |
|
| 399 | ) |
|
| 400 | ); |
|
| 401 | } |
|
| 402 | } |
|
| 403 | ||
| 404 | public function verifyEmail($verificationNonce) |
|
| 405 | { |
|
