simplesamlphp /
simplesamlphp-module-webauthn
@@ -120,7 +120,7 @@ |
||
| 120 | 120 | } |
| 121 | 121 | |
| 122 | 122 | if (!is_array($config)) { |
| 123 | - throw new Exception('Invalid configuration for consent store option: '.var_export($config, true)); |
|
| 123 | + throw new Exception('Invalid configuration for consent store option: ' . var_export($config, true)); |
|
| 124 | 124 | } |
| 125 | 125 | |
| 126 | 126 | if (!array_key_exists(0, $config)) { |
@@ -26,18 +26,18 @@ |
||
| 26 | 26 | throw new Exception("Attempt to access the token management page unauthenticated."); |
| 27 | 27 | } |
| 28 | 28 | switch ($_POST['submit']) { |
| 29 | - case "NEVERMIND": |
|
| 30 | - Auth\ProcessingChain::resumeProcessing($state); |
|
| 31 | - break; |
|
| 32 | - case "DELETE": |
|
| 33 | - if ($state['FIDO2AuthSuccessful'] == $_POST['credId']) { |
|
| 34 | - throw new Exception("Attempt to delete the currently used credential despite UI preventing this."); |
|
| 35 | - } |
|
| 36 | - $store = $state['webauthn:store']; |
|
| 37 | - $store->deleteTokenData($_POST['credId']); |
|
| 38 | - Auth\ProcessingChain::resumeProcessing($state); |
|
| 39 | - break; |
|
| 40 | - default: |
|
| 41 | - throw new Exception("Unknown submit button state."); |
|
| 29 | + case "NEVERMIND": |
|
| 30 | + Auth\ProcessingChain::resumeProcessing($state); |
|
| 31 | + break; |
|
| 32 | + case "DELETE": |
|
| 33 | + if ($state['FIDO2AuthSuccessful'] == $_POST['credId']) { |
|
| 34 | + throw new Exception("Attempt to delete the currently used credential despite UI preventing this."); |
|
| 35 | + } |
|
| 36 | + $store = $state['webauthn:store']; |
|
| 37 | + $store->deleteTokenData($_POST['credId']); |
|
| 38 | + Auth\ProcessingChain::resumeProcessing($state); |
|
| 39 | + break; |
|
| 40 | + default: |
|
| 41 | + throw new Exception("Unknown submit button state."); |
|
| 42 | 42 | } |
| 43 | 43 | |
@@ -13,7 +13,7 @@ |
||
| 13 | 13 | use SimpleSAML\Logger; |
| 14 | 14 | use SimpleSAML\Module; |
| 15 | 15 | use SimpleSAML\Utils; |
| 16 | -use SimpleSAML\XHTML\Template;; |
|
| 16 | +use SimpleSAML\XHTML\Template; ; |
|
| 17 | 17 | |
| 18 | 18 | $globalConfig = Configuration::getInstance(); |
| 19 | 19 | |
@@ -82,10 +82,10 @@ |
||
| 82 | 82 | if ($debugEnabled) { |
| 83 | 83 | echo $authObject->debugBuffer; |
| 84 | 84 | echo $authObject->validateBuffer; |
| 85 | - echo "Debug mode, not continuing to ". ($state['FIDO2WantsRegister'] ? "credential registration page." : "destination."); |
|
| 85 | + echo "Debug mode, not continuing to " . ($state['FIDO2WantsRegister'] ? "credential registration page." : "destination."); |
|
| 86 | 86 | } else { |
| 87 | 87 | if ($state['FIDO2WantsRegister']) { |
| 88 | - header("Location: ".Module::getModuleURL('webauthn/webauthn.php?StateId='.urlencode($id))); |
|
| 88 | + header("Location: " . Module::getModuleURL('webauthn/webauthn.php?StateId=' . urlencode($id))); |
|
| 89 | 89 | } else { |
| 90 | 90 | Auth\ProcessingChain::resumeProcessing($state); |
| 91 | 91 | } |
@@ -76,7 +76,7 @@ discard block |
||
| 76 | 76 | $this->store = Store::parseStoreConfig($config['store']); |
| 77 | 77 | } catch (\Exception $e) { |
| 78 | 78 | Logger::error( |
| 79 | - 'webauthn: Could not create storage: '. |
|
| 79 | + 'webauthn: Could not create storage: ' . |
|
| 80 | 80 | $e->getMessage() |
| 81 | 81 | ); |
| 82 | 82 | } |
@@ -132,8 +132,8 @@ discard block |
||
| 132 | 132 | assert(array_key_exists('metadata-set', $state['Source'])); |
| 133 | 133 | |
| 134 | 134 | if (!array_key_exists($this->usernameAttrib, $state['Attributes'])) { |
| 135 | - Logger::warning('webauthn: cannot determine if user needs second factor, missing attribute "'. |
|
| 136 | - $this->usernameAttrib.'".'); |
|
| 135 | + Logger::warning('webauthn: cannot determine if user needs second factor, missing attribute "' . |
|
| 136 | + $this->usernameAttrib . '".'); |
|
| 137 | 137 | return; |
| 138 | 138 | } |
| 139 | 139 | |
@@ -1,6 +1,6 @@ discard block |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | -require_once(dirname(dirname(dirname(__DIR__))).'/vendor/autoload.php'); |
|
| 3 | +require_once(dirname(dirname(dirname(__DIR__))) . '/vendor/autoload.php'); |
|
| 4 | 4 | |
| 5 | 5 | use Lcobucci\JWT\Parser; |
| 6 | 6 | use SimpleSAML\Utils\Config as SSPConfig; |
@@ -12,7 +12,7 @@ discard block |
||
| 12 | 12 | ); |
| 13 | 13 | } |
| 14 | 14 | |
| 15 | -$toc = file_get_contents('https://mds2.fidoalliance.org/?token='.$argv[1]); |
|
| 15 | +$toc = file_get_contents('https://mds2.fidoalliance.org/?token=' . $argv[1]); |
|
| 16 | 16 | |
| 17 | 17 | const YUBICO_CA = "MIIDHjCCAgagAwIBAgIEG0BT9zANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDEyNZdWJpY28gVTJGIFJvb3QgQ0EgU2VyaWFsIDQ1NzIwMDYzMTAgFw0xNDA4MDEwMDAwMDBaGA8yMDUwMDkwNDAwMDAwMFowLjEsMCoGA1UEAxMjWXViaWNvIFUyRiBSb290IENBIFNlcmlhbCA0NTcyMDA2MzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/jwYuhBVlqaiYWEMsrWFisgJ+PtM91eSrpI4TK7U53mwCIawSDHy8vUmk5N2KAj9abvT9NP5SMS1hQi3usxoYGonXQgfO6ZXyUA9a+KAkqdFnBnlyugSeCOep8EdZFfsaRFtMjkwz5Gcz2Py4vIYvCdMHPtwaz0bVuzneueIEz6TnQjE63Rdt2zbwnebwTG5ZybeWSwbzy+BJ34ZHcUhPAY89yJQXuE0IzMZFcEBbPNRbWECRKgjq//qT9nmDOFVlSRCt2wiqPSzluwn+v+suQEBsUjTGMEd25tKXXTkNW21wIWbxeSyUoTXwLvGS6xlwQSgNpk2qXYwf8iXg7VWZAgMBAAGjQjBAMB0GA1UdDgQWBBQgIvz0bNGJhjgpToksyKpP9xv9oDAPBgNVHRMECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAjvjuOMDSa+JXFCLyBKsycXtBVZsJ4Ue3LbaEsPY4MYN/hIQ5ZM5p7EjfcnMG4CtYkNsfNHc0AhBLdq45rnT87q/6O3vUEtNMafbhU6kthX7Y+9XFN9NpmYxr+ekVY5xOxi8h9JDIgoMP4VB1uS0aunL1IGqrNooL9mmFnL2kLVVee6/VR6C5+KSTCMCWppMuJIZII2v9o4dkoZ8Y7QRjQlLfYzd3qGtKbw7xaF1UsG/5xUb/Btwb2X2g4InpiB/yt/3CpQXpiWX/K4mBvUKiGn05ZsqeY1gx4g0xLBqcU9psmyPzK+Vsgw2jeRQ5JlKDyqE0hebfC1tvFu0CCrJFcw=="; |
| 18 | 18 | |
@@ -20,13 +20,13 @@ discard block |
||
| 20 | 20 | |
| 21 | 21 | $res = []; |
| 22 | 22 | foreach ($token->getClaim('entries') as $oneEntryObject) { |
| 23 | - $thisUrl = $oneEntryObject->url."?token=".$argv[1]; |
|
| 23 | + $thisUrl = $oneEntryObject->url . "?token=" . $argv[1]; |
|
| 24 | 24 | $mdB64 = file_get_contents($thisUrl); |
| 25 | 25 | $mdArray = json_decode(base64_decode($mdB64), true); |
| 26 | 26 | if (isset($mdArray['aaguid']) && isset($mdArray['attestationRootCertificates'][0])) { |
| 27 | 27 | $compressedAaguid = strtolower(str_replace('-', '', $mdArray['aaguid'])); |
| 28 | 28 | // we need C and O values for the attestation certificates. Extract those from the first root |
| 29 | - $x509 = openssl_x509_parse("-----BEGIN CERTIFICATE-----\n".$mdArray['attestationRootCertificates'][0]."\n-----END CERTIFICATE-----"); |
|
| 29 | + $x509 = openssl_x509_parse("-----BEGIN CERTIFICATE-----\n" . $mdArray['attestationRootCertificates'][0] . "\n-----END CERTIFICATE-----"); |
|
| 30 | 30 | // print_r($x509); |
| 31 | 31 | if (isset($x509['subject']['C']) && isset($x509['subject']['O'])) { |
| 32 | 32 | $res[$compressedAaguid] = [ |
@@ -91,6 +91,6 @@ discard block |
||
| 91 | 91 | ]; |
| 92 | 92 | |
| 93 | 93 | file_put_contents( |
| 94 | - SSPConfig::getConfigDir().'/'.WebAuthnRegistrationEvent::AAGUID_CONFIG_FILE, |
|
| 94 | + SSPConfig::getConfigDir() . '/' . WebAuthnRegistrationEvent::AAGUID_CONFIG_FILE, |
|
| 95 | 95 | json_encode($res, JSON_PRETTY_PRINT) |
| 96 | 96 | ); |
@@ -11,20 +11,20 @@ discard block |
||
| 11 | 11 | |
| 12 | 12 | <h1><?php echo htmlspecialchars($this->t('{webauthn:webauthn:heading1}')); ?></h1> |
| 13 | 13 | <h2><?php echo htmlspecialchars($this->t('{webauthn:webauthn:accountEnabled}')); ?></h2> |
| 14 | - <?php if(((is_array($this->data['FIDO2Tokens']) || $this->data['FIDO2Tokens'] instanceof Countable)?count($this->data['FIDO2Tokens']):strlen($this->data['FIDO2Tokens'])) > 0): ?> |
|
| 14 | + <?php if (((is_array($this->data['FIDO2Tokens']) || $this->data['FIDO2Tokens'] instanceof Countable) ?count($this->data['FIDO2Tokens']) : strlen($this->data['FIDO2Tokens'])) > 0) : ?> |
|
| 15 | 15 | <div id="currentTokens"><span id='tokencaption'><?php echo htmlspecialchars($this->t('{webauthn:webauthn:tokenList}')); ?></span> |
| 16 | 16 | <ul> |
| 17 | - <?php foreach($this->data['FIDO2Tokens'] as $index => $this->data['token']): ?> |
|
| 18 | - <?php if($this->data['FIDO2AuthSuccessful'] == false or $this->data['FIDO2AuthSuccessful'] != $this->data['token'][0]): ?> |
|
| 17 | + <?php foreach ($this->data['FIDO2Tokens'] as $index => $this->data['token']): ?> |
|
| 18 | + <?php if ($this->data['FIDO2AuthSuccessful'] == false or $this->data['FIDO2AuthSuccessful'] != $this->data['token'][0]): ?> |
|
| 19 | 19 | <li class='othertoken'><?php echo htmlspecialchars($this->data['token'][3]); ?></li> |
| 20 | 20 | <?php else: ?> |
| 21 | 21 | <li class='currenttoken'><?php echo htmlspecialchars($this->data['token'][3]); ?> <?php echo htmlspecialchars($this->t('{webauthn:webauthn:currentToken}')); ?></li> |
| 22 | 22 | <?php endif; ?> |
| 23 | - <?php endforeach;?> |
|
| 23 | + <?php endforeach; ?> |
|
| 24 | 24 | </ul> |
| 25 | 25 | </div> |
| 26 | 26 | <?php endif; ?> |
| 27 | - <?php if(((is_array($this->data['regForm']) || $this->data['regForm'] instanceof Countable)?count($this->data['regForm']):strlen($this->data['regForm'])) > 0): ?> |
|
| 27 | + <?php if (((is_array($this->data['regForm']) || $this->data['regForm'] instanceof Countable) ?count($this->data['regForm']) : strlen($this->data['regForm'])) > 0) : ?> |
|
| 28 | 28 | <form id='regform' method='POST' action='<?php echo $this->data['regURL']; ?>'> |
| 29 | 29 | <input type='hidden' id='resp' name='response_id' value='0'/> |
| 30 | 30 | <input type='hidden' id='data' name='attestation_client_data_json' value='nix'/> |
@@ -41,22 +41,22 @@ discard block |
||
| 41 | 41 | return false;"/> |
| 42 | 42 | </form> |
| 43 | 43 | <div class='space'></div> |
| 44 | - <?php if(((is_array($this->data['FIDO2Tokens']) || $this->data['FIDO2Tokens'] instanceof Countable)?count($this->data['FIDO2Tokens']):strlen($this->data['FIDO2Tokens'])) > 0): ?> |
|
| 45 | - <?php foreach($this->data['FIDO2Tokens'] as $index => $this->data['token']): ?> |
|
| 46 | - <?php if($this->data['FIDO2AuthSuccessful'] != $this->data['token'][0]): ?> |
|
| 44 | + <?php if (((is_array($this->data['FIDO2Tokens']) || $this->data['FIDO2Tokens'] instanceof Countable) ?count($this->data['FIDO2Tokens']) : strlen($this->data['FIDO2Tokens'])) > 0) : ?> |
|
| 45 | + <?php foreach ($this->data['FIDO2Tokens'] as $index => $this->data['token']): ?> |
|
| 46 | + <?php if ($this->data['FIDO2AuthSuccessful'] != $this->data['token'][0]): ?> |
|
| 47 | 47 | <form class='deleteform' id='delete-<?php echo htmlspecialchars($index); ?>' method='POST' action='<?php echo $this->data['delURL']; ?>'> |
| 48 | 48 | <input type='hidden' id='credId-<?php echo htmlspecialchars($index); ?>' name='credId' value='<?php echo htmlspecialchars($this->data['token'][0]); ?>'/> |
| 49 | 49 | <button type='submit' id='submit-<?php echo htmlspecialchars($index); ?>' name='submit' value='DELETE'><?php echo htmlspecialchars($this->t('{webauthn:webauthn:removePrefix}')); ?> "<?php echo htmlspecialchars($this->data['token'][3]); ?>"</button> |
| 50 | 50 | </form> |
| 51 | 51 | <?php endif; ?> |
| 52 | - <?php endforeach;?> |
|
| 52 | + <?php endforeach; ?> |
|
| 53 | 53 | <div class='space'></div> |
| 54 | 54 | <form id='nevermind' method='POST' action='<?php echo $this->data['delURL']; ?>'> |
| 55 | 55 | <button type='submit' id='submit-nevermind' name='submit' value='NEVERMIND'><?php echo htmlspecialchars($this->t('{webauthn:webauthn:noChange}')); ?></button> |
| 56 | 56 | </form> |
| 57 | 57 | <?php endif; ?> |
| 58 | 58 | <?php endif; ?> |
| 59 | - <?php if(((is_array($this->data['authForm']) || $this->data['authForm'] instanceof Countable)?count($this->data['authForm']):strlen($this->data['authForm'])) > 0): ?> |
|
| 59 | + <?php if (((is_array($this->data['authForm']) || $this->data['authForm'] instanceof Countable) ?count($this->data['authForm']) : strlen($this->data['authForm'])) > 0) : ?> |
|
| 60 | 60 | <form id='authform' method='POST' action='<?php echo $this->data['authURL']; ?>'> |
| 61 | 61 | <input type='hidden' id='resp' name='response_id' value='0'/> |
| 62 | 62 | <input type='hidden' id='data_raw_b64' name='client_data_raw' value='garnix'/> |
@@ -66,7 +66,7 @@ discard block |
||
| 66 | 66 | <!-- ignoring <input type='hidden' id='userhandle' name='userhandle' value='someuser'/> --> |
| 67 | 67 | <input type='hidden' id='type' name='type' value='something'/> |
| 68 | 68 | <input type='hidden' id='operation' name='operation' value='AUTH'/> |
| 69 | - <input type='checkbox' id='credentialChange' name='credentialChange'><?php if(((is_array($this->data['FIDO2Tokens']) || $this->data['FIDO2Tokens'] instanceof Countable)?count($this->data['FIDO2Tokens']):strlen($this->data['FIDO2Tokens'])) < 2): ?> |
|
| 69 | + <input type='checkbox' id='credentialChange' name='credentialChange'><?php if (((is_array($this->data['FIDO2Tokens']) || $this->data['FIDO2Tokens'] instanceof Countable) ?count($this->data['FIDO2Tokens']) : strlen($this->data['FIDO2Tokens'])) < 2) : ?> |
|
| 70 | 70 | <?php echo htmlspecialchars($this->t('{webauthn:webauthn:wantsAdd}')); ?> |
| 71 | 71 | <?php else: ?> |
| 72 | 72 | <?php echo htmlspecialchars($this->t('{webauthn:webauthn:wantsModification}')); ?> |
@@ -17,8 +17,11 @@ discard block |
||
| 17 | 17 | <?php foreach($this->data['FIDO2Tokens'] as $index => $this->data['token']): ?> |
| 18 | 18 | <?php if($this->data['FIDO2AuthSuccessful'] == false or $this->data['FIDO2AuthSuccessful'] != $this->data['token'][0]): ?> |
| 19 | 19 | <li class='othertoken'><?php echo htmlspecialchars($this->data['token'][3]); ?></li> |
| 20 | - <?php else: ?> |
|
| 21 | - <li class='currenttoken'><?php echo htmlspecialchars($this->data['token'][3]); ?> <?php echo htmlspecialchars($this->t('{webauthn:webauthn:currentToken}')); ?></li> |
|
| 20 | + <?php else { |
|
| 21 | + : ?> |
|
| 22 | + <li class='currenttoken'><?php echo htmlspecialchars($this->data['token'][3]); |
|
| 23 | +} |
|
| 24 | +?> <?php echo htmlspecialchars($this->t('{webauthn:webauthn:currentToken}')); ?></li> |
|
| 22 | 25 | <?php endif; ?> |
| 23 | 26 | <?php endforeach;?> |
| 24 | 27 | </ul> |
@@ -68,8 +71,11 @@ discard block |
||
| 68 | 71 | <input type='hidden' id='operation' name='operation' value='AUTH'/> |
| 69 | 72 | <input type='checkbox' id='credentialChange' name='credentialChange'><?php if(((is_array($this->data['FIDO2Tokens']) || $this->data['FIDO2Tokens'] instanceof Countable)?count($this->data['FIDO2Tokens']):strlen($this->data['FIDO2Tokens'])) < 2): ?> |
| 70 | 73 | <?php echo htmlspecialchars($this->t('{webauthn:webauthn:wantsAdd}')); ?> |
| 71 | - <?php else: ?> |
|
| 72 | - <?php echo htmlspecialchars($this->t('{webauthn:webauthn:wantsModification}')); ?> |
|
| 74 | + <?php else { |
|
| 75 | + : ?> |
|
| 76 | + <?php echo htmlspecialchars($this->t('{webauthn:webauthn:wantsModification}')); |
|
| 77 | +} |
|
| 78 | +?> |
|
| 73 | 79 | <?php endif; ?></input><br/> |
| 74 | 80 | <button type='button' onClick="<?php echo $this->data['authForm']; ?>" onsubmit='false' ><?php echo htmlspecialchars($this->t('{webauthn:webauthn:authTokenButton}')); ?></button> |
| 75 | 81 | </form> |
@@ -41,7 +41,7 @@ discard block |
||
| 41 | 41 | */ |
| 42 | 42 | protected function __construct() |
| 43 | 43 | { |
| 44 | - $path = SSPConfig::getConfigDir().'/'.self::AAGUID_CONFIG_FILE; |
|
| 44 | + $path = SSPConfig::getConfigDir() . '/' . self::AAGUID_CONFIG_FILE; |
|
| 45 | 45 | if (!file_exists($path)) { |
| 46 | 46 | Logger::warning('Missing "webauthn_tokens.json" configuration file. No device will be recognized.'); |
| 47 | 47 | return null; |
@@ -51,7 +51,7 @@ discard block |
||
| 51 | 51 | $json = json_decode($data, true); |
| 52 | 52 | if (!is_array($json)) { |
| 53 | 53 | // there was probably an error decoding the config, log the error and pray for the best |
| 54 | - Logger::warning('Broken configuration file "'.$path.'": could not JSON-decode it.'); |
|
| 54 | + Logger::warning('Broken configuration file "' . $path . '": could not JSON-decode it.'); |
|
| 55 | 55 | } else { |
| 56 | 56 | $this->dictionary = $json; |
| 57 | 57 | } |
