7x31/mailcow-dockerized
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added TOTP, minor fixes

Browse Source
This commit is contained in:
andryyy
2017-05-03 18:05:35 +02:00
parent 2f0129539b
commit f1e4b4fb39
72 changed files with 6261 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

651
data/web/inc/lib/vendor/yubico/u2flib-server/examples/assets/u2f-api.js vendored Normal file
View File

@@ -0,0 +1,651 @@
// Copyright 2014-2015 Google Inc. All rights reserved.
//
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file or at
// https://developers.google.com/open-source/licenses/bsd
/**
* @fileoverview The U2F api.
*/
'use strict';
/** Namespace for the U2F api.
* @type {Object}
*/
var u2f = u2f || {};
/**
* The U2F extension id
* @type {string}
* @const
*/
u2f.EXTENSION_ID = 'kmendfapggjehodndflmmgagdbamhnfd';
/**
* Message types for messsages to/from the extension
* @const
* @enum {string}
*/
u2f.MessageTypes = {
'U2F_REGISTER_REQUEST': 'u2f_register_request',
'U2F_SIGN_REQUEST': 'u2f_sign_request',
'U2F_REGISTER_RESPONSE': 'u2f_register_response',
'U2F_SIGN_RESPONSE': 'u2f_sign_response'
};
/**
* Response status codes
* @const
* @enum {number}
*/
u2f.ErrorCodes = {
'OK': 0,
'OTHER_ERROR': 1,
'BAD_REQUEST': 2,
'CONFIGURATION_UNSUPPORTED': 3,
'DEVICE_INELIGIBLE': 4,
'TIMEOUT': 5
};
/**
* A message type for registration requests
* @typedef {{
* type: u2f.MessageTypes,
* signRequests: Array<u2f.SignRequest>,
* registerRequests: ?Array<u2f.RegisterRequest>,
* timeoutSeconds: ?number,
* requestId: ?number
* }}
*/
u2f.Request;
/**
* A message for registration responses
* @typedef {{
* type: u2f.MessageTypes,
* responseData: (u2f.Error | u2f.RegisterResponse | u2f.SignResponse),
* requestId: ?number
* }}
*/
u2f.Response;
/**
* An error object for responses
* @typedef {{
* errorCode: u2f.ErrorCodes,
* errorMessage: ?string
* }}
*/
u2f.Error;
/**
* Data object for a single sign request.
* @typedef {{
* version: string,
* challenge: string,
* keyHandle: string,
* appId: string
* }}
*/
u2f.SignRequest;
/**
* Data object for a sign response.
* @typedef {{
* keyHandle: string,
* signatureData: string,
* clientData: string
* }}
*/
u2f.SignResponse;
/**
* Data object for a registration request.
* @typedef {{
* version: string,
* challenge: string,
* appId: string
* }}
*/
u2f.RegisterRequest;
/**
* Data object for a registration response.
* @typedef {{
* registrationData: string,
* clientData: string
* }}
*/
u2f.RegisterResponse;
// Low level MessagePort API support
/**
* Sets up a MessagePort to the U2F extension using the
* available mechanisms.
* @param {function((MessagePort|u2f.WrappedChromeRuntimePort_))} callback
*/
u2f.getMessagePort = function(callback) {
if (typeof chrome != 'undefined' && chrome.runtime) {
// The actual message here does not matter, but we need to get a reply
// for the callback to run. Thus, send an empty signature request
// in order to get a failure response.
var msg = {
type: u2f.MessageTypes.U2F_SIGN_REQUEST,
signRequests: []
};
chrome.runtime.sendMessage(u2f.EXTENSION_ID, msg, function() {
if (!chrome.runtime.lastError) {
// We are on a whitelisted origin and can talk directly
// with the extension.
u2f.getChromeRuntimePort_(callback);
} else {
// chrome.runtime was available, but we couldn't message
// the extension directly, use iframe
u2f.getIframePort_(callback);
}
});
} else if (u2f.isAndroidChrome_()) {
u2f.getAuthenticatorPort_(callback);
} else {
// chrome.runtime was not available at all, which is normal
// when this origin doesn't have access to any extensions.
u2f.getIframePort_(callback);
}
};
/**
* Detect chrome running on android based on the browser's useragent.
* @private
*/
u2f.isAndroidChrome_ = function() {
var userAgent = navigator.userAgent;
return userAgent.indexOf('Chrome') != -1 &&
userAgent.indexOf('Android') != -1;
};
/**
* Connects directly to the extension via chrome.runtime.connect
* @param {function(u2f.WrappedChromeRuntimePort_)} callback
* @private
*/
u2f.getChromeRuntimePort_ = function(callback) {
var port = chrome.runtime.connect(u2f.EXTENSION_ID,
{'includeTlsChannelId': true});
setTimeout(function() {
callback(new u2f.WrappedChromeRuntimePort_(port));
}, 0);
};
/**
* Return a 'port' abstraction to the Authenticator app.
* @param {function(u2f.WrappedAuthenticatorPort_)} callback
* @private
*/
u2f.getAuthenticatorPort_ = function(callback) {
setTimeout(function() {
callback(new u2f.WrappedAuthenticatorPort_());
}, 0);
};
/**
* A wrapper for chrome.runtime.Port that is compatible with MessagePort.
* @param {Port} port
* @constructor
* @private
*/
u2f.WrappedChromeRuntimePort_ = function(port) {
this.port_ = port;
};
/**
* Format a return a sign request.
* @param {Array<u2f.SignRequest>} signRequests
* @param {number} timeoutSeconds
* @param {number} reqId
* @return {Object}
*/
u2f.WrappedChromeRuntimePort_.prototype.formatSignRequest_ =
function(signRequests, timeoutSeconds, reqId) {
return {
type: u2f.MessageTypes.U2F_SIGN_REQUEST,
signRequests: signRequests,
timeoutSeconds: timeoutSeconds,
requestId: reqId
};
};
/**
* Format a return a register request.
* @param {Array<u2f.SignRequest>} signRequests
* @param {Array<u2f.RegisterRequest>} signRequests
* @param {number} timeoutSeconds
* @param {number} reqId
* @return {Object}
*/
u2f.WrappedChromeRuntimePort_.prototype.formatRegisterRequest_ =
function(signRequests, registerRequests, timeoutSeconds, reqId) {
return {
type: u2f.MessageTypes.U2F_REGISTER_REQUEST,
signRequests: signRequests,
registerRequests: registerRequests,
timeoutSeconds: timeoutSeconds,
requestId: reqId
};
};
/**
* Posts a message on the underlying channel.
* @param {Object} message
*/
u2f.WrappedChromeRuntimePort_.prototype.postMessage = function(message) {
this.port_.postMessage(message);
};
/**
* Emulates the HTML 5 addEventListener interface. Works only for the
* onmessage event, which is hooked up to the chrome.runtime.Port.onMessage.
* @param {string} eventName
* @param {function({data: Object})} handler
*/
u2f.WrappedChromeRuntimePort_.prototype.addEventListener =
function(eventName, handler) {
var name = eventName.toLowerCase();
if (name == 'message' || name == 'onmessage') {
this.port_.onMessage.addListener(function(message) {
// Emulate a minimal MessageEvent object
handler({'data': message});
});
} else {
console.error('WrappedChromeRuntimePort only supports onMessage');
}
};
/**
* Wrap the Authenticator app with a MessagePort interface.
* @constructor
* @private
*/
u2f.WrappedAuthenticatorPort_ = function() {
this.requestId_ = -1;
this.requestObject_ = null;
}
/**
* Launch the Authenticator intent.
* @param {Object} message
*/
u2f.WrappedAuthenticatorPort_.prototype.postMessage = function(message) {
var intentLocation = /** @type {string} */ (message);
document.location = intentLocation;
};
/**
* Emulates the HTML 5 addEventListener interface.
* @param {string} eventName
* @param {function({data: Object})} handler
*/
u2f.WrappedAuthenticatorPort_.prototype.addEventListener =
function(eventName, handler) {
var name = eventName.toLowerCase();
if (name == 'message') {
var self = this;
/* Register a callback to that executes when
* chrome injects the response. */
window.addEventListener(
'message', self.onRequestUpdate_.bind(self, handler), false);
} else {
console.error('WrappedAuthenticatorPort only supports message');
}
};
/**
* Callback invoked when a response is received from the Authenticator.
* @param function({data: Object}) callback
* @param {Object} message message Object
*/
u2f.WrappedAuthenticatorPort_.prototype.onRequestUpdate_ =
function(callback, message) {
var messageObject = JSON.parse(message.data);
var intentUrl = messageObject['intentURL'];
var errorCode = messageObject['errorCode'];
var responseObject = null;
if (messageObject.hasOwnProperty('data')) {
responseObject = /** @type {Object} */ (
JSON.parse(messageObject['data']));
responseObject['requestId'] = this.requestId_;
}
/* Sign responses from the authenticator do not conform to U2F,
* convert to U2F here. */
responseObject = this.doResponseFixups_(responseObject);
callback({'data': responseObject});
};
/**
* Fixup the response provided by the Authenticator to conform with
* the U2F spec.
* @param {Object} responseData
* @return {Object} the U2F compliant response object
*/
u2f.WrappedAuthenticatorPort_.prototype.doResponseFixups_ =
function(responseObject) {
if (responseObject.hasOwnProperty('responseData')) {
return responseObject;
} else if (this.requestObject_['type'] != u2f.MessageTypes.U2F_SIGN_REQUEST) {
// Only sign responses require fixups. If this is not a response
// to a sign request, then an internal error has occurred.
return {
'type': u2f.MessageTypes.U2F_REGISTER_RESPONSE,
'responseData': {
'errorCode': u2f.ErrorCodes.OTHER_ERROR,
'errorMessage': 'Internal error: invalid response from Authenticator'
}
};
}
/* Non-conformant sign response, do fixups. */
var encodedChallengeObject = responseObject['challenge'];
if (typeof encodedChallengeObject !== 'undefined') {
var challengeObject = JSON.parse(atob(encodedChallengeObject));
var serverChallenge = challengeObject['challenge'];
var challengesList = this.requestObject_['signData'];
var requestChallengeObject = null;
for (var i = 0; i < challengesList.length; i++) {
var challengeObject = challengesList[i];
if (challengeObject['keyHandle'] == responseObject['keyHandle']) {
requestChallengeObject = challengeObject;
break;
}
}
}
var responseData = {
'errorCode': responseObject['resultCode'],
'keyHandle': responseObject['keyHandle'],
'signatureData': responseObject['signature'],
'clientData': encodedChallengeObject
};
return {
'type': u2f.MessageTypes.U2F_SIGN_RESPONSE,
'responseData': responseData,
'requestId': responseObject['requestId']
}
};
/**
* Base URL for intents to Authenticator.
* @const
* @private
*/
u2f.WrappedAuthenticatorPort_.INTENT_URL_BASE_ =
'intent:#Intent;action=com.google.android.apps.authenticator.AUTHENTICATE';
/**
* Format a return a sign request.
* @param {Array<u2f.SignRequest>} signRequests
* @param {number} timeoutSeconds (ignored for now)
* @param {number} reqId
* @return {string}
*/
u2f.WrappedAuthenticatorPort_.prototype.formatSignRequest_ =
function(signRequests, timeoutSeconds, reqId) {
if (!signRequests || signRequests.length == 0) {
return null;
}
/* TODO(fixme): stash away requestId, as the authenticator app does
* not return it for sign responses. */
this.requestId_ = reqId;
/* TODO(fixme): stash away the signRequests, to deal with the legacy
* response format returned by the Authenticator app. */
this.requestObject_ = {
'type': u2f.MessageTypes.U2F_SIGN_REQUEST,
'signData': signRequests,
'requestId': reqId,
'timeout': timeoutSeconds
};
var appId = signRequests[0]['appId'];
var intentUrl =
u2f.WrappedAuthenticatorPort_.INTENT_URL_BASE_ +
';S.appId=' + encodeURIComponent(appId) +
';S.eventId=' + reqId +
';S.challenges=' +
encodeURIComponent(
JSON.stringify(this.getBrowserDataList_(signRequests))) + ';end';
return intentUrl;
};
/**
* Get the browser data objects from the challenge list
* @param {Array} challenges list of challenges
* @return {Array} list of browser data objects
* @private
*/
u2f.WrappedAuthenticatorPort_
.prototype.getBrowserDataList_ = function(challenges) {
return challenges
.map(function(challenge) {
var browserData = {
'typ': 'navigator.id.getAssertion',
'challenge': challenge['challenge']
};
var challengeObject = {
'challenge' : browserData,
'keyHandle' : challenge['keyHandle']
};
return challengeObject;
});
};
/**
* Format a return a register request.
* @param {Array<u2f.SignRequest>} signRequests
* @param {Array<u2f.RegisterRequest>} enrollChallenges
* @param {number} timeoutSeconds (ignored for now)
* @param {number} reqId
* @return {Object}
*/
u2f.WrappedAuthenticatorPort_.prototype.formatRegisterRequest_ =
function(signRequests, enrollChallenges, timeoutSeconds, reqId) {
if (!enrollChallenges || enrollChallenges.length == 0) {
return null;
}
// Assume the appId is the same for all enroll challenges.
var appId = enrollChallenges[0]['appId'];
var registerRequests = [];
for (var i = 0; i < enrollChallenges.length; i++) {
var registerRequest = {
'challenge': enrollChallenges[i]['challenge'],
'version': enrollChallenges[i]['version']
};
if (enrollChallenges[i]['appId'] != appId) {
// Only include the appId when it differs from the first appId.
registerRequest['appId'] = enrollChallenges[i]['appId'];
}
registerRequests.push(registerRequest);
}
var registeredKeys = [];
if (signRequests) {
for (i = 0; i < signRequests.length; i++) {
var key = {
'keyHandle': signRequests[i]['keyHandle'],
'version': signRequests[i]['version']
};
// Only include the appId when it differs from the appId that's
// being registered now.
if (signRequests[i]['appId'] != appId) {
key['appId'] = signRequests[i]['appId'];
}
registeredKeys.push(key);
}
}
var request = {
'type': u2f.MessageTypes.U2F_REGISTER_REQUEST,
'appId': appId,
'registerRequests': registerRequests,
'registeredKeys': registeredKeys,
'requestId': reqId,
'timeoutSeconds': timeoutSeconds
};
var intentUrl =
u2f.WrappedAuthenticatorPort_.INTENT_URL_BASE_ +
';S.request=' + encodeURIComponent(JSON.stringify(request)) +
';end';
/* TODO(fixme): stash away requestId, this is is not necessary for
* register requests, but here to keep parity with sign.
*/
this.requestId_ = reqId;
return intentUrl;
};
/**
* Sets up an embedded trampoline iframe, sourced from the extension.
* @param {function(MessagePort)} callback
* @private
*/
u2f.getIframePort_ = function(callback) {
// Create the iframe
var iframeOrigin = 'chrome-extension://' + u2f.EXTENSION_ID;
var iframe = document.createElement('iframe');
iframe.src = iframeOrigin + '/u2f-comms.html';
iframe.setAttribute('style', 'display:none');
document.body.appendChild(iframe);
var channel = new MessageChannel();
var ready = function(message) {
if (message.data == 'ready') {
channel.port1.removeEventListener('message', ready);
callback(channel.port1);
} else {
console.error('First event on iframe port was not "ready"');
}
};
channel.port1.addEventListener('message', ready);
channel.port1.start();
iframe.addEventListener('load', function() {
// Deliver the port to the iframe and initialize
iframe.contentWindow.postMessage('init', iframeOrigin, [channel.port2]);
});
};
// High-level JS API
/**
* Default extension response timeout in seconds.
* @const
*/
u2f.EXTENSION_TIMEOUT_SEC = 30;
/**
* A singleton instance for a MessagePort to the extension.
* @type {MessagePort|u2f.WrappedChromeRuntimePort_}
* @private
*/
u2f.port_ = null;
/**
* Callbacks waiting for a port
* @type {Array<function((MessagePort|u2f.WrappedChromeRuntimePort_))>}
* @private
*/
u2f.waitingForPort_ = [];
/**
* A counter for requestIds.
* @type {number}
* @private
*/
u2f.reqCounter_ = 0;
/**
* A map from requestIds to client callbacks
* @type {Object.<number,(function((u2f.Error|u2f.RegisterResponse))
* |function((u2f.Error|u2f.SignResponse)))>}
* @private
*/
u2f.callbackMap_ = {};
/**
* Creates or retrieves the MessagePort singleton to use.
* @param {function((MessagePort|u2f.WrappedChromeRuntimePort_))} callback
* @private
*/
u2f.getPortSingleton_ = function(callback) {
if (u2f.port_) {
callback(u2f.port_);
} else {
if (u2f.waitingForPort_.length == 0) {
u2f.getMessagePort(function(port) {
u2f.port_ = port;
u2f.port_.addEventListener('message',
/** @type {function(Event)} */ (u2f.responseHandler_));
// Careful, here be async callbacks. Maybe.
while (u2f.waitingForPort_.length)
u2f.waitingForPort_.shift()(u2f.port_);
});
}
u2f.waitingForPort_.push(callback);
}
};
/**
* Handles response messages from the extension.
* @param {MessageEvent.<u2f.Response>} message
* @private
*/
u2f.responseHandler_ = function(message) {
var response = message.data;
var reqId = response['requestId'];
if (!reqId || !u2f.callbackMap_[reqId]) {
console.error('Unknown or missing requestId in response.');
return;
}
var cb = u2f.callbackMap_[reqId];
delete u2f.callbackMap_[reqId];
cb(response['responseData']);
};
/**
* Dispatches an array of sign requests to available U2F tokens.
* @param {Array<u2f.SignRequest>} signRequests
* @param {function((u2f.Error|u2f.SignResponse))} callback
* @param {number=} opt_timeoutSeconds
*/
u2f.sign = function(signRequests, callback, opt_timeoutSeconds) {
u2f.getPortSingleton_(function(port) {
var reqId = ++u2f.reqCounter_;
u2f.callbackMap_[reqId] = callback;
var timeoutSeconds = (typeof opt_timeoutSeconds !== 'undefined' ?
opt_timeoutSeconds : u2f.EXTENSION_TIMEOUT_SEC);
var req = port.formatSignRequest_(signRequests, timeoutSeconds, reqId);
port.postMessage(req);
});
};
/**
* Dispatches register requests to available U2F tokens. An array of sign
* requests identifies already registered tokens.
* @param {Array<u2f.RegisterRequest>} registerRequests
* @param {Array<u2f.SignRequest>} signRequests
* @param {function((u2f.Error|u2f.RegisterResponse))} callback
* @param {number=} opt_timeoutSeconds
*/
u2f.register = function(registerRequests, signRequests,
callback, opt_timeoutSeconds) {
u2f.getPortSingleton_(function(port) {
var reqId = ++u2f.reqCounter_;
u2f.callbackMap_[reqId] = callback;
var timeoutSeconds = (typeof opt_timeoutSeconds !== 'undefined' ?
opt_timeoutSeconds : u2f.EXTENSION_TIMEOUT_SEC);
var req = port.formatRegisterRequest_(
signRequests, registerRequests, timeoutSeconds, reqId);
port.postMessage(req);
});
};

83
data/web/inc/lib/vendor/yubico/u2flib-server/examples/cli/u2f-server.php vendored Executable file
View File

@@ -0,0 +1,83 @@
#!/usr/bin/php
<?php
/* Copyright (c) 2015 Yubico AB
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
* This is a basic example of a u2f-server command line that can be used
* with the u2f-host binary to perform regitrations and authentications.
*/
require_once('../../src/u2flib_server/U2F.php');
$options = getopt("rao:R:");
$mode;
$challenge;
$response;
$result;
$regs;
if(array_key_exists('r', $options)) {
$mode = "register";
} elseif(array_key_exists('a', $options)) {
if(!array_key_exists('R', $options)) {
print "a registration must be supplied with -R";
exit(1);
}
$regs = json_decode('[' . $options['R'] . ']');
$mode = "authenticate";
} else {
print "-r or -a must be used\n";
exit(1);
}
if(!array_key_exists('o', $options)) {
print "origin must be supplied with -o\n";
exit(1);
}
$u2f = new u2flib_server\U2F($options['o']);
if($mode === "register") {
$challenge = $u2f->getRegisterData();
} elseif($mode === "authenticate") {
$challenge = $u2f->getAuthenticateData($regs);
}
print json_encode($challenge[0]) . "\n";
$response = fgets(STDIN);
if($mode === "register") {
$result = $u2f->doRegister($challenge[0], json_decode($response));
} elseif($mode === "authenticate") {
$result = $u2f->doAuthenticate($challenge, $regs, json_decode($response));
}
print json_encode($result) . "\n";
?>

186
data/web/inc/lib/vendor/yubico/u2flib-server/examples/localstorage/index.php vendored Normal file
View File

@@ -0,0 +1,186 @@
<?php
/**
* Copyright (c) 2014 Yubico AB
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
* This is a minimal example of U2F registration and authentication.
* The data that has to be stored between registration and authentication
* is stored in browser localStorage, so there's nothing real-world
* about this.
*/
require_once('../../src/u2flib_server/U2F.php');
$scheme = isset($_SERVER['HTTPS']) ? "https://" : "http://";
$u2f = new u2flib_server\U2F($scheme . $_SERVER['HTTP_HOST']);
?>
<html>
<head>
<title>PHP U2F Demo</title>
<script src="../assets/u2f-api.js"></script>
<script>
function addRegistration(reg) {
var existing = localStorage.getItem('u2fregistration');
var regobj = JSON.parse(reg);
var data = null;
if(existing) {
data = JSON.parse(existing);
if(Array.isArray(data)) {
for (var i = 0; i < data.length; i++) {
if(data[i].keyHandle === regobj.keyHandle) {
data.splice(i,1);
break;
}
}
data.push(regobj);
} else {
data = null;
}
}
if(data == null) {
data = [regobj];
}
localStorage.setItem('u2fregistration', JSON.stringify(data));
}
<?php
function fixupArray($data) {
$ret = array();
$decoded = json_decode($data);
foreach ($decoded as $d) {
$ret[] = json_encode($d);
}
return $ret;
}
if($_SERVER['REQUEST_METHOD'] === 'POST') {
if(isset($_POST['startRegister'])) {
$regs = json_decode($_POST['registrations']) ? : array();
list($data, $reqs) = $u2f->getRegisterData($regs);
echo "var request = " . json_encode($data) . ";\n";
echo "var signs = " . json_encode($reqs) . ";\n";
?>
setTimeout(function() {
console.log("Register: ", request);
u2f.register([request], signs, function(data) {
var form = document.getElementById('form');
var reg = document.getElementById('doRegister');
var req = document.getElementById('request');
console.log("Register callback", data);
if(data.errorCode && data.errorCode != 0) {
alert("registration failed with errror: " + data.errorCode);
return;
}
reg.value=JSON.stringify(data);
req.value=JSON.stringify(request);
form.submit();
});
}, 1000);
<?php
} else if($_POST['doRegister']) {
try {
$data = $u2f->doRegister(json_decode($_POST['request']), json_decode($_POST['doRegister']));
echo "var registration = '" . json_encode($data) . "';\n";
?>
addRegistration(registration);
alert("registration successful!");
<?php
} catch(u2flib_server\Error $e) {
echo "alert('error:" . $e->getMessage() . "');\n";
}
} else if(isset($_POST['startAuthenticate'])) {
$regs = json_decode($_POST['registrations']);
$data = $u2f->getAuthenticateData($regs);
echo "var registrations = " . $_POST['registrations'] . ";\n";
echo "var request = " . json_encode($data) . ";\n";
?>
setTimeout(function() {
console.log("sign: ", request);
u2f.sign(request, function(data) {
var form = document.getElementById('form');
var reg = document.getElementById('doAuthenticate');
var req = document.getElementById('request');
var regs = document.getElementById('registrations');
console.log("Authenticate callback", data);
reg.value=JSON.stringify(data);
req.value=JSON.stringify(request);
regs.value=JSON.stringify(registrations);
form.submit();
});
}, 1000);
<?php
} else if($_POST['doAuthenticate']) {
$reqs = json_decode($_POST['request']);
$regs = json_decode($_POST['registrations']);
try {
$data = $u2f->doAuthenticate($reqs, $regs, json_decode($_POST['doAuthenticate']));
echo "var registration = '" . json_encode($data) . "';\n";
echo "addRegistration(registration);\n";
echo "alert('Authentication successful, counter:" . $data->counter . "');\n";
} catch(u2flib_server\Error $e) {
echo "alert('error:" . $e->getMessage() . "');\n";
}
}
}
?>
</script>
</head>
<body>
<form method="POST" id="form">
<button name="startRegister" type="submit">Register</button>
<input type="hidden" name="doRegister" id="doRegister"/>
<button name="startAuthenticate" type="submit" id="startAuthenticate">Authenticate</button>
<input type="hidden" name="doAuthenticate" id="doAuthenticate"/>
<input type="hidden" name="request" id="request"/>
<input type="hidden" name="registrations" id="registrations"/>
</form>
<p>
<span id="registered">0</span> Authenticators currently registered.
</p>
<script>
var reg = localStorage.getItem('u2fregistration');
var auth = document.getElementById('startAuthenticate');
if(reg == null) {
auth.disabled = true;
} else {
var regs = document.getElementById('registrations');
decoded = JSON.parse(reg);
if(!Array.isArray(decoded)) {
auth.disabled = true;
} else {
regs.value = reg;
console.log("set the registrations to : ", reg);
var regged = document.getElementById('registered');
regged.innerHTML = decoded.length;
}
}
</script>
</body>
</html>

204
data/web/inc/lib/vendor/yubico/u2flib-server/examples/pdo/index.php vendored Normal file
View File

@@ -0,0 +1,204 @@
<?php
/**
* Copyright (c) 2014 Yubico AB
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
* This is a simple example using PDO and a sqlite database for storing
* registrations. It supports multiple registrations associated with each user.
*/
require_once('../../src/u2flib_server/U2F.php');
$dbfile = '/var/tmp/u2f-pdo.sqlite';
$pdo = new PDO("sqlite:$dbfile");
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_OBJ);
$pdo->exec("create table if not exists users (id integer primary key, name varchar(255))");
$pdo->exec("create table if not exists registrations (id integer primary key, user_id integer, keyHandle varchar(255), publicKey varchar(255), certificate text, counter integer)");
$scheme = isset($_SERVER['HTTPS']) ? "https://" : "http://";
$u2f = new u2flib_server\U2F($scheme . $_SERVER['HTTP_HOST']);
session_start();
function createAndGetUser($name) {
global $pdo;
$sel = $pdo->prepare("select * from users where name = ?");
$sel->execute(array($name));
$user = $sel->fetch();
if(!$user) {
$ins = $pdo->prepare("insert into users (name) values(?)");
$ins->execute(array($name));
$sel->execute(array($name));
$user = $sel->fetch();
}
return $user;
}
function getRegs($user_id) {
global $pdo;
$sel = $pdo->prepare("select * from registrations where user_id = ?");
$sel->execute(array($user_id));
return $sel->fetchAll();
}
function addReg($user_id, $reg) {
global $pdo;
$ins = $pdo->prepare("insert into registrations (user_id, keyHandle, publicKey, certificate, counter) values (?, ?, ?, ?, ?)");
$ins->execute(array($user_id, $reg->keyHandle, $reg->publicKey, $reg->certificate, $reg->counter));
}
function updateReg($reg) {
global $pdo;
$upd = $pdo->prepare("update registrations set counter = ? where id = ?");
$upd->execute(array($reg->counter, $reg->id));
}
?>
<html>
<head>
<title>PHP U2F example</title>
<script src="../assets/u2f-api.js"></script>
<script>
<?php
if($_SERVER['REQUEST_METHOD'] === 'POST') {
if(!$_POST['username']) {
echo "alert('no username provided!');";
} else if(!isset($_POST['action']) && !isset($_POST['register2']) && !isset($_POST['authenticate2'])) {
echo "alert('no action provided!');";
} else {
$user = createAndGetUser($_POST['username']);
if(isset($_POST['action'])) {
switch($_POST['action']):
case 'register':
try {
$data = $u2f->getRegisterData(getRegs($user->id));
list($req,$sigs) = $data;
$_SESSION['regReq'] = json_encode($req);
echo "var req = " . json_encode($req) . ";";
echo "var sigs = " . json_encode($sigs) . ";";
echo "var username = '" . $user->name . "';";
?>
setTimeout(function() {
console.log("Register: ", req);
u2f.register([req], sigs, function(data) {
var form = document.getElementById('form');
var reg = document.getElementById('register2');
var user = document.getElementById('username');
console.log("Register callback", data);
if(data.errorCode && errorCode != 0) {
alert("registration failed with errror: " + data.errorCode);
return;
}
reg.value = JSON.stringify(data);
user.value = username;
form.submit();
});
}, 1000);
<?php
} catch( Exception $e ) {
echo "alert('error: " . $e->getMessage() . "');";
}
break;
case 'authenticate':
try {
$reqs = json_encode($u2f->getAuthenticateData(getRegs($user->id)));
$_SESSION['authReq'] = $reqs;
echo "var req = $reqs;";
echo "var username = '" . $user->name . "';";
?>
setTimeout(function() {
console.log("sign: ", req);
u2f.sign(req, function(data) {
var form = document.getElementById('form');
var auth = document.getElementById('authenticate2');
var user = document.getElementById('username');
console.log("Authenticate callback", data);
auth.value=JSON.stringify(data);
user.value = username;
form.submit();
});
}, 1000);
<?php
} catch( Exception $e ) {
echo "alert('error: " . $e->getMessage() . "');";
}
break;
endswitch;
} else if($_POST['register2']) {
try {
$reg = $u2f->doRegister(json_decode($_SESSION['regReq']), json_decode($_POST['register2']));
addReg($user->id, $reg);
} catch( Exception $e ) {
echo "alert('error: " . $e->getMessage() . "');";
} finally {
$_SESSION['regReq'] = null;
}
} else if($_POST['authenticate2']) {
try {
$reg = $u2f->doAuthenticate(json_decode($_SESSION['authReq']), getRegs($user->id), json_decode($_POST['authenticate2']));
updateReg($reg);
echo "alert('success: " . $reg->counter . "');";
} catch( Exception $e ) {
echo "alert('error: " . $e->getMessage() . "');";
} finally {
$_SESSION['authReq'] = null;
}
}
}
}
?>
</script>
</head>
<body>
<form method="POST" id="form">
username: <input name="username" id="username"/><br/>
register: <input value="register" name="action" type="radio"/><br/>
authenticate: <input value="authenticate" name="action" type="radio"/><br/>
<input type="hidden" name="register2" id="register2"/>
<input type="hidden" name="authenticate2" id="authenticate2"/>
<button type="submit">Submit!</button>
</form>
</body>
</html>