webauthn
This commit is contained in:
Roland Gruber
parent
b65623742d
commit
df09375be3
|
|
@ -415,6 +415,33 @@ E:
|
|||
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
F:
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions
|
||||
are met:
|
||||
|
||||
1. Redistributions of source code must retain the above copyright
|
||||
notice, this list of conditions and the following disclaimer.
|
||||
2. Redistributions in binary form must reproduce the above copyright
|
||||
notice, this list of conditions and the following disclaimer in the
|
||||
documentation and/or other materials provided with the distribution.
|
||||
3. Neither the name of the copyright holder nor the names of its
|
||||
contributors may be used to endorse or promote products derived from
|
||||
this software without specific prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
|
||||
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
|
||||
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
|
||||
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
||||
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
|
||||
Programs and licenses with other licenses and/or authors than the
|
||||
main license and authors:
|
||||
|
|
@ -438,6 +465,7 @@ templates/lib/extra/cropperjs B 2018 Chen Fengyuan
|
|||
style/600_cropper*.css B 2018 Chen Fengyuan
|
||||
templates/lib/extra/duo/*.js E 2019 Duo Security
|
||||
lib/3rdParty/duo/*.php E 2019 Duo Security
|
||||
graphics/webauthn.svg F 2017 Duo Security, Inc.
|
||||
templates/lib/600_jquery.magnific-popup.js B 2016 Dmitry Semenov
|
||||
style/610_magnific-popup.css B 2016 Dmitry Semenov
|
||||
style/responsive/105_normalize.css B Nicolas Gallagher and Jonathan Neal
|
||||
|
|
|
|||
|
|
@ -414,6 +414,33 @@ E:
|
|||
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
F:
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions
|
||||
are met:
|
||||
|
||||
1. Redistributions of source code must retain the above copyright
|
||||
notice, this list of conditions and the following disclaimer.
|
||||
2. Redistributions in binary form must reproduce the above copyright
|
||||
notice, this list of conditions and the following disclaimer in the
|
||||
documentation and/or other materials provided with the distribution.
|
||||
3. Neither the name of the copyright holder nor the names of its
|
||||
contributors may be used to endorse or promote products derived from
|
||||
this software without specific prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
|
||||
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
|
||||
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
|
||||
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
||||
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
|
||||
Programs and licenses with other licenses and/or authors than the
|
||||
main license and authors:
|
||||
|
|
@ -437,6 +464,7 @@ templates/lib/extra/cropperjs B 2018 Chen Fengyuan
|
|||
style/600_cropper*.css B 2018 Chen Fengyuan
|
||||
templates/lib/extra/duo/*.js E 2019 Duo Security
|
||||
lib/3rdParty/duo/*.php E 2019 Duo Security
|
||||
graphics/webauthn.svg F 2017 Duo Security, Inc.
|
||||
templates/lib/600_jquery.magnific-popup.js B 2016 Dmitry Semenov
|
||||
style/610_magnific-popup.css B 2016 Dmitry Semenov
|
||||
style/responsive/105_normalize.css B Nicolas Gallagher and Jonathan Neal
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
|
After Width: | Height: | Size: 27 KiB |
|
|
@ -3,8 +3,8 @@ namespace LAM\LIB\TWO_FACTOR;
|
|||
use \selfServiceProfile;
|
||||
use \LAMConfig;
|
||||
use \htmlScript;
|
||||
use \htmlInputField;
|
||||
use \htmlIframe;
|
||||
use \htmlImage;
|
||||
|
||||
/*
|
||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||
|
|
@ -464,6 +464,76 @@ class DuoProvider extends BaseProvider {
|
|||
|
||||
}
|
||||
|
||||
/**
|
||||
* Provider for Webauthn.
|
||||
*/
|
||||
class WebauthnProvider extends BaseProvider {
|
||||
|
||||
/**
|
||||
* Constructor.
|
||||
*
|
||||
* @param TwoFactorConfiguration $config configuration
|
||||
*/
|
||||
public function __construct(&$config) {
|
||||
$this->config = $config;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
* @see \LAM\LIB\TWO_FACTOR\TwoFactorProvider::getSerials()
|
||||
*/
|
||||
public function getSerials($user, $password) {
|
||||
return array('WEBAUTHN');
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
* @see \LAM\LIB\TWO_FACTOR\TwoFactorProvider::isShowSubmitButton()
|
||||
*/
|
||||
public function isShowSubmitButton() {
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
* @see \LAM\LIB\TWO_FACTOR\TwoFactorProvider::hasCustomInputForm()
|
||||
*/
|
||||
public function hasCustomInputForm() {
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
* @see \LAM\LIB\TWO_FACTOR\BaseProvider::addCustomInput()
|
||||
*/
|
||||
public function addCustomInput(&$row, $userDn) {
|
||||
$pathPrefix = $this->config->isSelfService ? '../' : '';
|
||||
$row->add(new htmlImage($pathPrefix . '../graphics/webauthn.svg'), 12);
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
* @see \LAM\LIB\TWO_FACTOR\TwoFactorProvider::verify2ndFactor()
|
||||
*/
|
||||
public function verify2ndFactor($user, $password, $serial, $twoFactorInput) {
|
||||
logNewMessage(LOG_DEBUG, 'PrivacyIDEAProvider: Checking 2nd factor for ' . $user);
|
||||
$loginAttribute = $this->getLoginAttributeValue($user);
|
||||
$response = $_POST['sig_response'];
|
||||
include_once(__DIR__ . "/3rdParty/duo/Web.php");
|
||||
$result = \Duo\Web::verifyResponse(
|
||||
$this->config->twoFactorAuthenticationClientId,
|
||||
$this->config->twoFactorAuthenticationSecretKey,
|
||||
$this->getAKey(),
|
||||
$response);
|
||||
if ($result === $loginAttribute) {
|
||||
return true;
|
||||
}
|
||||
logNewMessage(LOG_ERR, 'DUO authentication failed');
|
||||
return false;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the correct 2 factor provider.
|
||||
*/
|
||||
|
|
@ -477,6 +547,8 @@ class TwoFactorProviderService {
|
|||
const TWO_FACTOR_YUBICO = 'yubico';
|
||||
/** 2factor authentication via DUO */
|
||||
const TWO_FACTOR_DUO = 'duo';
|
||||
/** 2factor authentication via webauthn */
|
||||
const TWO_FACTOR_WEBAUTHN = 'webauthn';
|
||||
|
||||
private $config;
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue