roundcubemail-plugins-kolab/plugins/kolab_2fa/lib/Kolab2FA/Driver/Yubikey.php

<?php

/**
 * Kolab 2-Factor-Authentication Yubikey driver implementation
 *
 * @author Thomas Bruederli <bruederli@kolabsys.com>
 *
 * Copyright (C) 2015, Kolab Systems AG <contact@kolabsys.com>
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */

namespace Kolab2FA\Driver;

class Yubikey extends Base
{
    public $method = 'yubikey';

    protected $backend;

    /**
     *
     */
    public function init(array $config)
    {
        parent::init($config);

        $this->user_settings += array(
            'yubikeyid' => array(
                'type'     => 'text',
                'editable' => true,
                'label'    => 'secret',
            ),
        );

        // initialize validator
        $this->backend = new \Yubikey\Validate($this->config['apikey'], $this->config['clientid']);

        // set configured validation hosts
        if (!empty($this->config['hosts'])) {
            $this->backend->setHosts((array)$this->config['hosts']);
        }

        if (isset($this->config['use_https'])) {
            $this->backend->setUseSecure((bool)$this->config['use_https']);
        }
    }

    /**
     *
     */
    public function verify($code, $timestamp = null)
    {
        // get my secret from the user storage
        $keyid = $this->get('yubikeyid');
        $pass  = false;

        if (!strlen($keyid)) {
            // LOG: "no key registered for user $this->username"
            return false;
        }

        // check key prefix with associated Yubikey ID
        if (strpos($code, $keyid) === 0) {
            try {
                $response = $this->backend->check($code);
                $pass     = $response->success() === true;
            }
            catch (\Exception $e) {
                // TODO: log exception
            }
        }

        // rcube::console('VERIFY Yubikey', $this->username, $keyid, $code, $pass);
        return $pass;
    }

    /**
     * @override
     */
    public function set($key, $value)
    {
        if ($key == 'yubikeyid' && strlen($value) > 12) {
            // verify the submitted code
            try {
                $response = $this->backend->check($value);
                if ($response->success() !== true) {
                    // TODO: report error
                    return false;
                }
            }
            catch (\Exception $e) {
                return false;
            }

            // truncate the submitted yubikey code to 12 characters
            $value = substr($value, 0, 12);
        }

        return parent::set($key, $value);
    }

    /**
     * @override
     */
    protected function set_user_prop($key, $value)
    {
        // set created timestamp
        if ($key !== 'created' && !isset($this->created)) {
            parent::set_user_prop('created', $this->get('created', true));
        }

        return parent::set_user_prop($key, $value);
    }
}
Initial version of the Kolab 2-Factor-Authentication plugin. This already includes: - Drivers supporting TOTP, HOTP, Yubikey - Storage backend abstraction - Additional authentication step at login - Settings section to provision and remove authentication factors - Sample config with comments Resolves T415 2015-06-04 15:53:04 +02:00			`<?php`

			`/**`
			`* Kolab 2-Factor-Authentication Yubikey driver implementation`
			`*`
			`* @author Thomas Bruederli <bruederli@kolabsys.com>`
			`*`
			`* Copyright (C) 2015, Kolab Systems AG <contact@kolabsys.com>`
			`*`
			`* This program is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU Affero General Public License as`
			`* published by the Free Software Foundation, either version 3 of the`
			`* License, or (at your option) any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU Affero General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU Affero General Public License`
			`* along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`*/`

			`namespace Kolab2FA\Driver;`

			`class Yubikey extends Base`
			`{`
			`public $method = 'yubikey';`

			`protected $backend;`

			`/**`
			`*`
			`*/`
			`public function init(array $config)`
			`{`
			`parent::init($config);`

Refactor the 2FA plugin/drivers/storage to allow multiple factors of the same type 2015-06-10 18:20:08 +02:00			`$this->user_settings += array(`
			`'yubikeyid' => array(`
Comment out console() calls, CS fixes 2016-01-28 17:12:23 +01:00			`'type' => 'text',`
Refactor the 2FA plugin/drivers/storage to allow multiple factors of the same type 2015-06-10 18:20:08 +02:00			`'editable' => true,`
Comment out console() calls, CS fixes 2016-01-28 17:12:23 +01:00			`'label' => 'secret',`
Refactor the 2FA plugin/drivers/storage to allow multiple factors of the same type 2015-06-10 18:20:08 +02:00			`),`
			`);`

Initial version of the Kolab 2-Factor-Authentication plugin. This already includes: - Drivers supporting TOTP, HOTP, Yubikey - Storage backend abstraction - Additional authentication step at login - Settings section to provision and remove authentication factors - Sample config with comments Resolves T415 2015-06-04 15:53:04 +02:00			`// initialize validator`
			`$this->backend = new \Yubikey\Validate($this->config['apikey'], $this->config['clientid']);`

			`// set configured validation hosts`
			`if (!empty($this->config['hosts'])) {`
			`$this->backend->setHosts((array)$this->config['hosts']);`
			`}`
Fix driver initialization with config properties for the right method (T1784) Summary: Proposed fix for the bug reported in T1784 The method kolab_2fa::get_driver() is called with the full factor ID (<method>:<uuid>) and therefore fails to retrieve the right properties from plugin config. This change fixes this at the right place. Reviewers: machniak Reviewed By: machniak Subscribers: jh23453 Differential Revision: https://git.kolab.org/D242 2016-11-09 09:55:34 +01:00
			`if (isset($this->config['use_https'])) {`
			`$this->backend->setUseSecure((bool)$this->config['use_https']);`
			`}`
Initial version of the Kolab 2-Factor-Authentication plugin. This already includes: - Drivers supporting TOTP, HOTP, Yubikey - Storage backend abstraction - Additional authentication step at login - Settings section to provision and remove authentication factors - Sample config with comments Resolves T415 2015-06-04 15:53:04 +02:00			`}`

			`/**`
			`*`
			`*/`
			`public function verify($code, $timestamp = null)`
			`{`
			`// get my secret from the user storage`
			`$keyid = $this->get('yubikeyid');`
Comment out console() calls, CS fixes 2016-01-28 17:12:23 +01:00			`$pass = false;`
Initial version of the Kolab 2-Factor-Authentication plugin. This already includes: - Drivers supporting TOTP, HOTP, Yubikey - Storage backend abstraction - Additional authentication step at login - Settings section to provision and remove authentication factors - Sample config with comments Resolves T415 2015-06-04 15:53:04 +02:00
			`if (!strlen($keyid)) {`
			`// LOG: "no key registered for user $this->username"`
			`return false;`
			`}`

			`// check key prefix with associated Yubikey ID`
			`if (strpos($code, $keyid) === 0) {`
			`try {`
			`$response = $this->backend->check($code);`
Comment out console() calls, CS fixes 2016-01-28 17:12:23 +01:00			`$pass = $response->success() === true;`
Initial version of the Kolab 2-Factor-Authentication plugin. This already includes: - Drivers supporting TOTP, HOTP, Yubikey - Storage backend abstraction - Additional authentication step at login - Settings section to provision and remove authentication factors - Sample config with comments Resolves T415 2015-06-04 15:53:04 +02:00			`}`
			`catch (\Exception $e) {`
			`// TODO: log exception`
			`}`
			`}`

Fix driver initialization with config properties for the right method (T1784) Summary: Proposed fix for the bug reported in T1784 The method kolab_2fa::get_driver() is called with the full factor ID (<method>:<uuid>) and therefore fails to retrieve the right properties from plugin config. This change fixes this at the right place. Reviewers: machniak Reviewed By: machniak Subscribers: jh23453 Differential Revision: https://git.kolab.org/D242 2016-11-09 09:55:34 +01:00			`// rcube::console('VERIFY Yubikey', $this->username, $keyid, $code, $pass);`
Initial version of the Kolab 2-Factor-Authentication plugin. This already includes: - Drivers supporting TOTP, HOTP, Yubikey - Storage backend abstraction - Additional authentication step at login - Settings section to provision and remove authentication factors - Sample config with comments Resolves T415 2015-06-04 15:53:04 +02:00			`return $pass;`
			`}`

			`/**`
			`* @override`
			`*/`
			`public function set($key, $value)`
			`{`
			`if ($key == 'yubikeyid' && strlen($value) > 12) {`
			`// verify the submitted code`
			`try {`
			`$response = $this->backend->check($value);`
			`if ($response->success() !== true) {`
			`// TODO: report error`
			`return false;`
			`}`
			`}`
			`catch (\Exception $e) {`
			`return false;`
			`}`

			`// truncate the submitted yubikey code to 12 characters`
			`$value = substr($value, 0, 12);`
			`}`

			`return parent::set($key, $value);`
			`}`

			`/**`
			`* @override`
			`*/`
			`protected function set_user_prop($key, $value)`
			`{`
			`// set created timestamp`
			`if ($key !== 'created' && !isset($this->created)) {`
			`parent::set_user_prop('created', $this->get('created', true));`
			`}`

			`return parent::set_user_prop($key, $value);`
			`}`
			`}`