enwikipedia-acc /
waca
@@ -18,134 +18,134 @@ |
||
| 18 | 18 | |
| 19 | 19 | class ScratchTokenCredentialProvider extends CredentialProviderBase |
| 20 | 20 | { |
| 21 | - /** @var EncryptionHelper */ |
|
| 22 | - private $encryptionHelper; |
|
| 23 | - /** @var array the tokens generated in the last generation round. */ |
|
| 24 | - private $generatedTokens; |
|
| 25 | - |
|
| 26 | - /** |
|
| 27 | - * ScratchTokenCredentialProvider constructor. |
|
| 28 | - * |
|
| 29 | - * @param PdoDatabase $database |
|
| 30 | - * @param SiteConfiguration $configuration |
|
| 31 | - */ |
|
| 32 | - public function __construct(PdoDatabase $database, SiteConfiguration $configuration) |
|
| 33 | - { |
|
| 34 | - parent::__construct($database, $configuration, 'scratch'); |
|
| 35 | - $this->encryptionHelper = new EncryptionHelper($configuration); |
|
| 36 | - } |
|
| 37 | - |
|
| 38 | - /** |
|
| 39 | - * Validates a user-provided credential |
|
| 40 | - * |
|
| 41 | - * @param User $user The user to test the authentication against |
|
| 42 | - * @param string $data The raw credential data to be validated |
|
| 43 | - * |
|
| 44 | - * @return bool |
|
| 45 | - * @throws ApplicationLogicException|OptimisticLockFailedException |
|
| 46 | - */ |
|
| 47 | - public function authenticate(User $user, $data) |
|
| 48 | - { |
|
| 49 | - if (is_array($data)) { |
|
| 50 | - return false; |
|
| 51 | - } |
|
| 52 | - |
|
| 53 | - $storedData = $this->getCredentialData($user->getId()); |
|
| 54 | - |
|
| 55 | - if ($storedData === null) { |
|
| 56 | - throw new ApplicationLogicException('Credential data not found'); |
|
| 57 | - } |
|
| 58 | - |
|
| 59 | - $scratchTokens = unserialize($this->encryptionHelper->decryptData($storedData->getData())); |
|
| 60 | - |
|
| 61 | - $usedToken = null; |
|
| 62 | - foreach ($scratchTokens as $scratchToken) { |
|
| 63 | - if (password_verify($data, $scratchToken)){ |
|
| 64 | - $usedToken = $scratchToken; |
|
| 65 | - break; |
|
| 66 | - } |
|
| 67 | - } |
|
| 68 | - |
|
| 69 | - if($usedToken === null) { |
|
| 70 | - return false; |
|
| 71 | - } |
|
| 72 | - |
|
| 73 | - $scratchTokens = array_diff($scratchTokens, [$usedToken]); |
|
| 74 | - |
|
| 75 | - $storedData->setData($this->encryptionHelper->encryptData(serialize($scratchTokens))); |
|
| 76 | - $storedData->save(); |
|
| 77 | - |
|
| 78 | - return true; |
|
| 79 | - } |
|
| 80 | - |
|
| 81 | - /** |
|
| 82 | - * @param User $user The user the credential belongs to |
|
| 83 | - * @param int $factor The factor this credential provides |
|
| 84 | - * @param string $data Unused. |
|
| 85 | - * |
|
| 86 | - * @throws OptimisticLockFailedException |
|
| 87 | - */ |
|
| 88 | - public function setCredential(User $user, $factor, $data) |
|
| 89 | - { |
|
| 90 | - $plaintextScratch = array(); |
|
| 91 | - $storedScratch = array(); |
|
| 92 | - for ($i = 0; $i < 5; $i++) { |
|
| 93 | - $token = Base32::encode(openssl_random_pseudo_bytes(10)); |
|
| 94 | - $plaintextScratch[] = $token; |
|
| 95 | - |
|
| 96 | - $storedScratch[] = password_hash( |
|
| 97 | - $token, |
|
| 98 | - PasswordCredentialProvider::PASSWORD_ALGO, |
|
| 99 | - array('cost' => PasswordCredentialProvider::PASSWORD_COST) |
|
| 100 | - ); |
|
| 101 | - } |
|
| 102 | - |
|
| 103 | - $storedData = $this->getCredentialData($user->getId(), null); |
|
| 104 | - |
|
| 105 | - if ($storedData !== null) { |
|
| 106 | - $storedData->delete(); |
|
| 107 | - } |
|
| 108 | - |
|
| 109 | - $storedData = $this->createNewCredential($user); |
|
| 110 | - |
|
| 111 | - $storedData->setData($this->encryptionHelper->encryptData(serialize($storedScratch))); |
|
| 112 | - $storedData->setFactor($factor); |
|
| 113 | - $storedData->setVersion(1); |
|
| 114 | - $storedData->setPriority(9); |
|
| 115 | - |
|
| 116 | - $storedData->save(); |
|
| 117 | - $this->generatedTokens = $plaintextScratch; |
|
| 118 | - } |
|
| 119 | - |
|
| 120 | - /** |
|
| 121 | - * Gets the count of remaining valid tokens |
|
| 122 | - * |
|
| 123 | - * @param int $userId |
|
| 124 | - * |
|
| 125 | - * @return int |
|
| 126 | - */ |
|
| 127 | - public function getRemaining($userId) |
|
| 128 | - { |
|
| 129 | - $storedData = $this->getCredentialData($userId); |
|
| 130 | - |
|
| 131 | - if ($storedData === null) { |
|
| 132 | - return 0; |
|
| 133 | - } |
|
| 134 | - |
|
| 135 | - $scratchTokens = unserialize($this->encryptionHelper->decryptData($storedData->getData())); |
|
| 136 | - |
|
| 137 | - return count($scratchTokens); |
|
| 138 | - } |
|
| 139 | - |
|
| 140 | - /** |
|
| 141 | - * @return array |
|
| 142 | - */ |
|
| 143 | - public function getTokens() |
|
| 144 | - { |
|
| 145 | - if ($this->generatedTokens != null) { |
|
| 146 | - return $this->generatedTokens; |
|
| 147 | - } |
|
| 148 | - |
|
| 149 | - return array(); |
|
| 150 | - } |
|
| 21 | + /** @var EncryptionHelper */ |
|
| 22 | + private $encryptionHelper; |
|
| 23 | + /** @var array the tokens generated in the last generation round. */ |
|
| 24 | + private $generatedTokens; |
|
| 25 | + |
|
| 26 | + /** |
|
| 27 | + * ScratchTokenCredentialProvider constructor. |
|
| 28 | + * |
|
| 29 | + * @param PdoDatabase $database |
|
| 30 | + * @param SiteConfiguration $configuration |
|
| 31 | + */ |
|
| 32 | + public function __construct(PdoDatabase $database, SiteConfiguration $configuration) |
|
| 33 | + { |
|
| 34 | + parent::__construct($database, $configuration, 'scratch'); |
|
| 35 | + $this->encryptionHelper = new EncryptionHelper($configuration); |
|
| 36 | + } |
|
| 37 | + |
|
| 38 | + /** |
|
| 39 | + * Validates a user-provided credential |
|
| 40 | + * |
|
| 41 | + * @param User $user The user to test the authentication against |
|
| 42 | + * @param string $data The raw credential data to be validated |
|
| 43 | + * |
|
| 44 | + * @return bool |
|
| 45 | + * @throws ApplicationLogicException|OptimisticLockFailedException |
|
| 46 | + */ |
|
| 47 | + public function authenticate(User $user, $data) |
|
| 48 | + { |
|
| 49 | + if (is_array($data)) { |
|
| 50 | + return false; |
|
| 51 | + } |
|
| 52 | + |
|
| 53 | + $storedData = $this->getCredentialData($user->getId()); |
|
| 54 | + |
|
| 55 | + if ($storedData === null) { |
|
| 56 | + throw new ApplicationLogicException('Credential data not found'); |
|
| 57 | + } |
|
| 58 | + |
|
| 59 | + $scratchTokens = unserialize($this->encryptionHelper->decryptData($storedData->getData())); |
|
| 60 | + |
|
| 61 | + $usedToken = null; |
|
| 62 | + foreach ($scratchTokens as $scratchToken) { |
|
| 63 | + if (password_verify($data, $scratchToken)){ |
|
| 64 | + $usedToken = $scratchToken; |
|
| 65 | + break; |
|
| 66 | + } |
|
| 67 | + } |
|
| 68 | + |
|
| 69 | + if($usedToken === null) { |
|
| 70 | + return false; |
|
| 71 | + } |
|
| 72 | + |
|
| 73 | + $scratchTokens = array_diff($scratchTokens, [$usedToken]); |
|
| 74 | + |
|
| 75 | + $storedData->setData($this->encryptionHelper->encryptData(serialize($scratchTokens))); |
|
| 76 | + $storedData->save(); |
|
| 77 | + |
|
| 78 | + return true; |
|
| 79 | + } |
|
| 80 | + |
|
| 81 | + /** |
|
| 82 | + * @param User $user The user the credential belongs to |
|
| 83 | + * @param int $factor The factor this credential provides |
|
| 84 | + * @param string $data Unused. |
|
| 85 | + * |
|
| 86 | + * @throws OptimisticLockFailedException |
|
| 87 | + */ |
|
| 88 | + public function setCredential(User $user, $factor, $data) |
|
| 89 | + { |
|
| 90 | + $plaintextScratch = array(); |
|
| 91 | + $storedScratch = array(); |
|
| 92 | + for ($i = 0; $i < 5; $i++) { |
|
| 93 | + $token = Base32::encode(openssl_random_pseudo_bytes(10)); |
|
| 94 | + $plaintextScratch[] = $token; |
|
| 95 | + |
|
| 96 | + $storedScratch[] = password_hash( |
|
| 97 | + $token, |
|
| 98 | + PasswordCredentialProvider::PASSWORD_ALGO, |
|
| 99 | + array('cost' => PasswordCredentialProvider::PASSWORD_COST) |
|
| 100 | + ); |
|
| 101 | + } |
|
| 102 | + |
|
| 103 | + $storedData = $this->getCredentialData($user->getId(), null); |
|
| 104 | + |
|
| 105 | + if ($storedData !== null) { |
|
| 106 | + $storedData->delete(); |
|
| 107 | + } |
|
| 108 | + |
|
| 109 | + $storedData = $this->createNewCredential($user); |
|
| 110 | + |
|
| 111 | + $storedData->setData($this->encryptionHelper->encryptData(serialize($storedScratch))); |
|
| 112 | + $storedData->setFactor($factor); |
|
| 113 | + $storedData->setVersion(1); |
|
| 114 | + $storedData->setPriority(9); |
|
| 115 | + |
|
| 116 | + $storedData->save(); |
|
| 117 | + $this->generatedTokens = $plaintextScratch; |
|
| 118 | + } |
|
| 119 | + |
|
| 120 | + /** |
|
| 121 | + * Gets the count of remaining valid tokens |
|
| 122 | + * |
|
| 123 | + * @param int $userId |
|
| 124 | + * |
|
| 125 | + * @return int |
|
| 126 | + */ |
|
| 127 | + public function getRemaining($userId) |
|
| 128 | + { |
|
| 129 | + $storedData = $this->getCredentialData($userId); |
|
| 130 | + |
|
| 131 | + if ($storedData === null) { |
|
| 132 | + return 0; |
|
| 133 | + } |
|
| 134 | + |
|
| 135 | + $scratchTokens = unserialize($this->encryptionHelper->decryptData($storedData->getData())); |
|
| 136 | + |
|
| 137 | + return count($scratchTokens); |
|
| 138 | + } |
|
| 139 | + |
|
| 140 | + /** |
|
| 141 | + * @return array |
|
| 142 | + */ |
|
| 143 | + public function getTokens() |
|
| 144 | + { |
|
| 145 | + if ($this->generatedTokens != null) { |
|
| 146 | + return $this->generatedTokens; |
|
| 147 | + } |
|
| 148 | + |
|
| 149 | + return array(); |
|
| 150 | + } |
|
| 151 | 151 | } |
@@ -15,56 +15,56 @@ |
||
| 15 | 15 | |
| 16 | 16 | class PasswordCredentialProvider extends CredentialProviderBase |
| 17 | 17 | { |
| 18 | - const PASSWORD_COST = 10; |
|
| 19 | - const PASSWORD_ALGO = PASSWORD_BCRYPT; |
|
| 18 | + const PASSWORD_COST = 10; |
|
| 19 | + const PASSWORD_ALGO = PASSWORD_BCRYPT; |
|
| 20 | 20 | |
| 21 | - public function __construct(PdoDatabase $database, SiteConfiguration $configuration) |
|
| 22 | - { |
|
| 23 | - parent::__construct($database, $configuration, 'password'); |
|
| 24 | - } |
|
| 21 | + public function __construct(PdoDatabase $database, SiteConfiguration $configuration) |
|
| 22 | + { |
|
| 23 | + parent::__construct($database, $configuration, 'password'); |
|
| 24 | + } |
|
| 25 | 25 | |
| 26 | - public function authenticate(User $user, $data) |
|
| 27 | - { |
|
| 28 | - $storedData = $this->getCredentialData($user->getId()); |
|
| 29 | - if($storedData === null) |
|
| 30 | - { |
|
| 31 | - // No available credential matching these parameters |
|
| 32 | - return false; |
|
| 33 | - } |
|
| 26 | + public function authenticate(User $user, $data) |
|
| 27 | + { |
|
| 28 | + $storedData = $this->getCredentialData($user->getId()); |
|
| 29 | + if($storedData === null) |
|
| 30 | + { |
|
| 31 | + // No available credential matching these parameters |
|
| 32 | + return false; |
|
| 33 | + } |
|
| 34 | 34 | |
| 35 | - if($storedData->getVersion() !== 2) { |
|
| 36 | - // Non-2 versions are not supported. |
|
| 37 | - return false; |
|
| 38 | - } |
|
| 35 | + if($storedData->getVersion() !== 2) { |
|
| 36 | + // Non-2 versions are not supported. |
|
| 37 | + return false; |
|
| 38 | + } |
|
| 39 | 39 | |
| 40 | - if(password_verify($data, $storedData->getData())) { |
|
| 41 | - if(password_needs_rehash($storedData->getData(), self::PASSWORD_ALGO, array('cost' => self::PASSWORD_COST))){ |
|
| 42 | - $this->setCredential($user, $storedData->getFactor(), $data); |
|
| 43 | - } |
|
| 40 | + if(password_verify($data, $storedData->getData())) { |
|
| 41 | + if(password_needs_rehash($storedData->getData(), self::PASSWORD_ALGO, array('cost' => self::PASSWORD_COST))){ |
|
| 42 | + $this->setCredential($user, $storedData->getFactor(), $data); |
|
| 43 | + } |
|
| 44 | 44 | |
| 45 | - return true; |
|
| 46 | - } |
|
| 45 | + return true; |
|
| 46 | + } |
|
| 47 | 47 | |
| 48 | - return false; |
|
| 49 | - } |
|
| 48 | + return false; |
|
| 49 | + } |
|
| 50 | 50 | |
| 51 | - public function setCredential(User $user, $factor, $password) |
|
| 52 | - { |
|
| 53 | - $storedData = $this->getCredentialData($user->getId()); |
|
| 51 | + public function setCredential(User $user, $factor, $password) |
|
| 52 | + { |
|
| 53 | + $storedData = $this->getCredentialData($user->getId()); |
|
| 54 | 54 | |
| 55 | - if($storedData === null){ |
|
| 56 | - $storedData = $this->createNewCredential($user); |
|
| 57 | - } |
|
| 55 | + if($storedData === null){ |
|
| 56 | + $storedData = $this->createNewCredential($user); |
|
| 57 | + } |
|
| 58 | 58 | |
| 59 | - $storedData->setData(password_hash($password, self::PASSWORD_ALGO, array('cost' => self::PASSWORD_COST))); |
|
| 60 | - $storedData->setFactor($factor); |
|
| 61 | - $storedData->setVersion(2); |
|
| 59 | + $storedData->setData(password_hash($password, self::PASSWORD_ALGO, array('cost' => self::PASSWORD_COST))); |
|
| 60 | + $storedData->setFactor($factor); |
|
| 61 | + $storedData->setVersion(2); |
|
| 62 | 62 | |
| 63 | - $storedData->save(); |
|
| 64 | - } |
|
| 63 | + $storedData->save(); |
|
| 64 | + } |
|
| 65 | 65 | |
| 66 | - public function deleteCredential(User $user) |
|
| 67 | - { |
|
| 68 | - throw new ApplicationLogicException('Deletion of password credential is not allowed.'); |
|
| 69 | - } |
|
| 66 | + public function deleteCredential(User $user) |
|
| 67 | + { |
|
| 68 | + throw new ApplicationLogicException('Deletion of password credential is not allowed.'); |
|
| 69 | + } |
|
| 70 | 70 | } |
@@ -20,131 +20,131 @@ |
||
| 20 | 20 | |
| 21 | 21 | class U2FCredentialProvider extends CredentialProviderBase |
| 22 | 22 | { |
| 23 | - /** @var U2F */ |
|
| 24 | - private $u2f; |
|
| 25 | - |
|
| 26 | - /** |
|
| 27 | - * U2FCredentialProvider constructor. |
|
| 28 | - * |
|
| 29 | - * @param PdoDatabase $database |
|
| 30 | - * @param SiteConfiguration $configuration |
|
| 31 | - */ |
|
| 32 | - public function __construct(PdoDatabase $database, SiteConfiguration $configuration) |
|
| 33 | - { |
|
| 34 | - parent::__construct($database, $configuration, 'u2f'); |
|
| 35 | - |
|
| 36 | - $appId = 'https://' . WebRequest::httpHost(); |
|
| 37 | - $this->u2f = new U2F($appId); |
|
| 38 | - } |
|
| 39 | - |
|
| 40 | - /** |
|
| 41 | - * Validates a user-provided credential |
|
| 42 | - * |
|
| 43 | - * @param User $user The user to test the authentication against |
|
| 44 | - * @param string $data The raw credential data to be validated |
|
| 45 | - * |
|
| 46 | - * @return bool |
|
| 47 | - * @throws OptimisticLockFailedException |
|
| 48 | - */ |
|
| 49 | - public function authenticate(User $user, $data) |
|
| 50 | - { |
|
| 51 | - if (!is_array($data)) { |
|
| 52 | - return false; |
|
| 53 | - } |
|
| 54 | - |
|
| 55 | - list($authenticate, $request, $isU2F) = $data; |
|
| 56 | - |
|
| 57 | - if ($isU2F !== 'u2f') { |
|
| 58 | - return false; |
|
| 59 | - } |
|
| 60 | - |
|
| 61 | - $storedData = $this->getCredentialData($user->getId(), false); |
|
| 62 | - $registrations = json_decode($storedData->getData()); |
|
| 63 | - |
|
| 64 | - try { |
|
| 65 | - $updatedRegistration = $this->u2f->doAuthenticate($request, array($registrations), $authenticate); |
|
| 66 | - $storedData->setData(json_encode($updatedRegistration)); |
|
| 67 | - $storedData->save(); |
|
| 68 | - } |
|
| 69 | - catch (Error $ex) { |
|
| 70 | - return false; |
|
| 71 | - } |
|
| 72 | - |
|
| 73 | - return true; |
|
| 74 | - } |
|
| 75 | - |
|
| 76 | - public function enable(User $user, $request, $u2fData) |
|
| 77 | - { |
|
| 78 | - $registrationData = $this->u2f->doRegister($request, $u2fData); |
|
| 79 | - |
|
| 80 | - $storedData = $this->getCredentialData($user->getId(), true); |
|
| 81 | - |
|
| 82 | - if ($storedData === null) { |
|
| 83 | - throw new ApplicationLogicException('Credential data not found'); |
|
| 84 | - } |
|
| 85 | - |
|
| 86 | - if ($storedData->getTimeout() > new DateTimeImmutable()) { |
|
| 87 | - $storedData->setData(json_encode($registrationData)); |
|
| 88 | - $storedData->setDisabled(0); |
|
| 89 | - $storedData->setTimeout(null); |
|
| 90 | - $storedData->save(); |
|
| 91 | - } |
|
| 92 | - } |
|
| 93 | - |
|
| 94 | - /** |
|
| 95 | - * @param User $user The user the credential belongs to |
|
| 96 | - * @param int $factor The factor this credential provides |
|
| 97 | - * @param string $data Unused here, due to multi-stage enrollment |
|
| 98 | - */ |
|
| 99 | - public function setCredential(User $user, $factor, $data) |
|
| 100 | - { |
|
| 101 | - $storedData = $this->getCredentialData($user->getId(), null); |
|
| 102 | - |
|
| 103 | - if ($storedData !== null) { |
|
| 104 | - $storedData->delete(); |
|
| 105 | - } |
|
| 106 | - |
|
| 107 | - $storedData = $this->createNewCredential($user); |
|
| 108 | - |
|
| 109 | - $storedData->setData(null); |
|
| 110 | - $storedData->setFactor($factor); |
|
| 111 | - $storedData->setTimeout(new DateTimeImmutable('+ 1 hour')); |
|
| 112 | - $storedData->setDisabled(1); |
|
| 113 | - $storedData->setPriority(4); |
|
| 114 | - $storedData->setVersion(1); |
|
| 115 | - |
|
| 116 | - $storedData->save(); |
|
| 117 | - } |
|
| 118 | - |
|
| 119 | - public function isPartiallyEnrolled(User $user) |
|
| 120 | - { |
|
| 121 | - $storedData = $this->getCredentialData($user->getId(), true); |
|
| 122 | - |
|
| 123 | - if ($storedData->getTimeout() < new DateTimeImmutable()) { |
|
| 124 | - $storedData->delete(); |
|
| 125 | - |
|
| 126 | - return false; |
|
| 127 | - } |
|
| 128 | - |
|
| 129 | - if ($storedData === null) { |
|
| 130 | - return false; |
|
| 131 | - } |
|
| 132 | - |
|
| 133 | - return true; |
|
| 134 | - } |
|
| 135 | - |
|
| 136 | - public function getRegistrationData() |
|
| 137 | - { |
|
| 138 | - return $this->u2f->getRegisterData(); |
|
| 139 | - } |
|
| 140 | - |
|
| 141 | - public function getAuthenticationData(User $user) |
|
| 142 | - { |
|
| 143 | - $storedData = $this->getCredentialData($user->getId(), false); |
|
| 144 | - $registrations = json_decode($storedData->getData()); |
|
| 145 | - |
|
| 146 | - $authenticateData = $this->u2f->getAuthenticateData(array($registrations)); |
|
| 147 | - |
|
| 148 | - return $authenticateData; |
|
| 149 | - } |
|
| 23 | + /** @var U2F */ |
|
| 24 | + private $u2f; |
|
| 25 | + |
|
| 26 | + /** |
|
| 27 | + * U2FCredentialProvider constructor. |
|
| 28 | + * |
|
| 29 | + * @param PdoDatabase $database |
|
| 30 | + * @param SiteConfiguration $configuration |
|
| 31 | + */ |
|
| 32 | + public function __construct(PdoDatabase $database, SiteConfiguration $configuration) |
|
| 33 | + { |
|
| 34 | + parent::__construct($database, $configuration, 'u2f'); |
|
| 35 | + |
|
| 36 | + $appId = 'https://' . WebRequest::httpHost(); |
|
| 37 | + $this->u2f = new U2F($appId); |
|
| 38 | + } |
|
| 39 | + |
|
| 40 | + /** |
|
| 41 | + * Validates a user-provided credential |
|
| 42 | + * |
|
| 43 | + * @param User $user The user to test the authentication against |
|
| 44 | + * @param string $data The raw credential data to be validated |
|
| 45 | + * |
|
| 46 | + * @return bool |
|
| 47 | + * @throws OptimisticLockFailedException |
|
| 48 | + */ |
|
| 49 | + public function authenticate(User $user, $data) |
|
| 50 | + { |
|
| 51 | + if (!is_array($data)) { |
|
| 52 | + return false; |
|
| 53 | + } |
|
| 54 | + |
|
| 55 | + list($authenticate, $request, $isU2F) = $data; |
|
| 56 | + |
|
| 57 | + if ($isU2F !== 'u2f') { |
|
| 58 | + return false; |
|
| 59 | + } |
|
| 60 | + |
|
| 61 | + $storedData = $this->getCredentialData($user->getId(), false); |
|
| 62 | + $registrations = json_decode($storedData->getData()); |
|
| 63 | + |
|
| 64 | + try { |
|
| 65 | + $updatedRegistration = $this->u2f->doAuthenticate($request, array($registrations), $authenticate); |
|
| 66 | + $storedData->setData(json_encode($updatedRegistration)); |
|
| 67 | + $storedData->save(); |
|
| 68 | + } |
|
| 69 | + catch (Error $ex) { |
|
| 70 | + return false; |
|
| 71 | + } |
|
| 72 | + |
|
| 73 | + return true; |
|
| 74 | + } |
|
| 75 | + |
|
| 76 | + public function enable(User $user, $request, $u2fData) |
|
| 77 | + { |
|
| 78 | + $registrationData = $this->u2f->doRegister($request, $u2fData); |
|
| 79 | + |
|
| 80 | + $storedData = $this->getCredentialData($user->getId(), true); |
|
| 81 | + |
|
| 82 | + if ($storedData === null) { |
|
| 83 | + throw new ApplicationLogicException('Credential data not found'); |
|
| 84 | + } |
|
| 85 | + |
|
| 86 | + if ($storedData->getTimeout() > new DateTimeImmutable()) { |
|
| 87 | + $storedData->setData(json_encode($registrationData)); |
|
| 88 | + $storedData->setDisabled(0); |
|
| 89 | + $storedData->setTimeout(null); |
|
| 90 | + $storedData->save(); |
|
| 91 | + } |
|
| 92 | + } |
|
| 93 | + |
|
| 94 | + /** |
|
| 95 | + * @param User $user The user the credential belongs to |
|
| 96 | + * @param int $factor The factor this credential provides |
|
| 97 | + * @param string $data Unused here, due to multi-stage enrollment |
|
| 98 | + */ |
|
| 99 | + public function setCredential(User $user, $factor, $data) |
|
| 100 | + { |
|
| 101 | + $storedData = $this->getCredentialData($user->getId(), null); |
|
| 102 | + |
|
| 103 | + if ($storedData !== null) { |
|
| 104 | + $storedData->delete(); |
|
| 105 | + } |
|
| 106 | + |
|
| 107 | + $storedData = $this->createNewCredential($user); |
|
| 108 | + |
|
| 109 | + $storedData->setData(null); |
|
| 110 | + $storedData->setFactor($factor); |
|
| 111 | + $storedData->setTimeout(new DateTimeImmutable('+ 1 hour')); |
|
| 112 | + $storedData->setDisabled(1); |
|
| 113 | + $storedData->setPriority(4); |
|
| 114 | + $storedData->setVersion(1); |
|
| 115 | + |
|
| 116 | + $storedData->save(); |
|
| 117 | + } |
|
| 118 | + |
|
| 119 | + public function isPartiallyEnrolled(User $user) |
|
| 120 | + { |
|
| 121 | + $storedData = $this->getCredentialData($user->getId(), true); |
|
| 122 | + |
|
| 123 | + if ($storedData->getTimeout() < new DateTimeImmutable()) { |
|
| 124 | + $storedData->delete(); |
|
| 125 | + |
|
| 126 | + return false; |
|
| 127 | + } |
|
| 128 | + |
|
| 129 | + if ($storedData === null) { |
|
| 130 | + return false; |
|
| 131 | + } |
|
| 132 | + |
|
| 133 | + return true; |
|
| 134 | + } |
|
| 135 | + |
|
| 136 | + public function getRegistrationData() |
|
| 137 | + { |
|
| 138 | + return $this->u2f->getRegisterData(); |
|
| 139 | + } |
|
| 140 | + |
|
| 141 | + public function getAuthenticationData(User $user) |
|
| 142 | + { |
|
| 143 | + $storedData = $this->getCredentialData($user->getId(), false); |
|
| 144 | + $registrations = json_decode($storedData->getData()); |
|
| 145 | + |
|
| 146 | + $authenticateData = $this->u2f->getAuthenticateData(array($registrations)); |
|
| 147 | + |
|
| 148 | + return $authenticateData; |
|
| 149 | + } |
|
| 150 | 150 | } |
