-
Notifications
You must be signed in to change notification settings - Fork 0
/
YubicoModule.php
97 lines (83 loc) · 2.28 KB
/
YubicoModule.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
<?php
namespace GO\Yubico;
require_once 'vendor/Yubico.php';
class YubicoModule extends \GO\Base\Module
{
/**
* Return package type
*
* @return string
*/
public function package()
{
return self::PACKAGE_COMMUNITY;
}
/**
* Return the name of the author.
*
* @return string
*/
public function author()
{
return 'Michal Charvát';
}
/**
* Return the e-mail address of the author.
*
* @return string
*/
public function authorEmail()
{
return '[email protected]';
}
/**
* Return copyright information
*
* @return string
*/
public function copyright()
{
return 'Copyright Michal Charvát';
}
/**
* Return true if this module belongs in the admin menu.
*
* @return boolean
*/
public function adminModule()
{
return true;
}
public static function initListeners()
{
$authController = new \GO\Core\Controller\AuthController();
$authController->addListener('beforelogin', "GO\Yubico\YubicoModule", "checkToken");
}
public static function checkToken(array &$params, array &$response)
{
$oldIgnoreAcl = \GO::setIgnoreAclPermissions();
$userModel = \GO\Base\Model\User::model()->findSingleByAttribute('username', $params['username']);
if (!$userModel) {
return false;
}
if (empty($userModel->yubico_client_id) || empty($userModel->yubico_key)) {
\GO::setIgnoreAclPermissions($oldIgnoreAcl);
return true;
}
$yubico = new \Auth_Yubico($userModel->yubico_client_id, $userModel->yubico_key);
$res = $yubico->parsePasswordOTP($params['yubico_hash']);
if ($res['prefix'] != $userModel->yubico_prefix) {
$response['feedback'] = \GO::t('invalidPrex', 'yubico');
$response['success'] = false;
return false;
}
$auth = $yubico->verify($params['yubico_hash']);
if (\Pear::isError($auth)) {
$response['feedback'] = \GO::t($auth->message, 'yubico');
$response['success'] = false;
return false;
}
\GO::setIgnoreAclPermissions($oldIgnoreAcl);
return true;
}
}