LDAPAccountManager/lam/templates/tools/webauthn.php

175 lines
6.0 KiB
PHP

<?php
namespace LAM\TOOLS\WEBAUTHN;
use \htmlButton;
use \htmlDiv;
use \htmlGroup;
use htmlHiddenInput;
use \htmlOutputText;
use \htmlResponsiveRow;
use \htmlResponsiveTable;
use \htmlSpacer;
use \htmlStatusMessage;
use \htmlTitle;
use \LAM\LOGIN\WEBAUTHN\PublicKeyCredentialSourceRepositorySQLite;
use LAM\LOGIN\WEBAUTHN\WebauthnManager;
use Webauthn\PublicKeyCredentialCreationOptions;
/*
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2020 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
* Allows webauthn device management.
*
* @author Roland Gruber
* @package tools
*/
/** security functions */
include_once(__DIR__ . "/../../lib/security.inc");
/** access to configuration options */
include_once(__DIR__ . "/../../lib/config.inc");
/** webauthn */
include_once __DIR__ . '/../../lib/webauthn.inc';
// start session
startSecureSession();
enforceUserIsLoggedIn();
validateSecurityToken();
checkIfToolIsActive('toolWebauthn');
setlanguage();
include __DIR__ . '/../../lib/adminHeader.inc';
echo '<div class="user-bright smallPaddingContent">';
echo "<form id='webauthnform' action=\"webauthn.php\" method=\"post\">\n";
$tabindex = 1;
$container = new htmlResponsiveRow();
$container->add(new htmlTitle(_("WebAuthn devices")), 12);
$webauthnManager = new WebauthnManager();
$userDn = $_SESSION['ldap']->getUserName();
$database = new PublicKeyCredentialSourceRepositorySQLite();
showRemoveMessage($container);
addNewDevice($container, $webauthnManager);
$container->addVerticalSpacer('0.5rem');
$container->add(new htmlHiddenInput('registrationData', ''), 12);
$errorMessageDiv = new htmlDiv('generic-webauthn-error', new htmlOutputText(''));
$errorMessageDiv->addDataAttribute('button', _('Ok'));
$errorMessageDiv->addDataAttribute('title', _('WebAuthn failed'));
$container->add($errorMessageDiv, 12);
$buttonGroup = new htmlGroup();
$registerButton = new htmlButton('register', _('Register new device'));
$registerButton->addDataAttribute('dn', $userDn);
$registerButton->addDataAttribute('sec_token_value', getSecurityTokenValue());
$registerButton->addDataAttribute('sec_token_name', getSecurityTokenName());
$registration = $webauthnManager->getRegistrationObject($userDn, false);
$registrationJson = json_encode($registration);
$_SESSION['webauthn_registration'] = $registrationJson;
$registerButton->addDataAttribute('publickey', $registrationJson);
$registerButton->setIconClass('createButton');
$registerButton->setOnClick('window.lam.webauthn.registerOwnDevice(event, false);');
$buttonGroup->addElement($registerButton);
$buttonGroup->addElement(new htmlSpacer('1rem', null));
$reloadButton = new htmlButton('reload', _('Reload'));
$reloadButton->setIconClass('refreshButton');
$buttonGroup->addElement($reloadButton);
$container->add($buttonGroup, 12);
$container->addVerticalSpacer('2rem');
$results = $database->searchDevices($userDn);
if (empty($results)) {
$container->add(new htmlStatusMessage('INFO', _('No devices found.')), 12);
}
else {
$titles = array(
_('Registration'),
_('Last use'),
_('Delete')
);
$data = array();
$id = 0;
foreach ($results as $result) {
$delButton = new htmlButton('deleteDevice' . $id, 'delete.png', true);
$delButton->addDataAttribute('credential', $result['credentialId']);
$delButton->addDataAttribute('dn', $result['dn']);
$delButton->addDataAttribute('dialogtitle', _('Remove device'));
$delButton->addDataAttribute('oktext', _('Ok'));
$delButton->addDataAttribute('canceltext', _('Cancel'));
$delButton->setOnClick('window.lam.webauthn.removeOwnDevice(event, false);');
$data[] = array(
new htmlOutputText(date('Y-m-d H:i:s', $result['registrationTime'])),
new htmlOutputText(date('Y-m-d H:i:s', $result['lastUseTime'])),
$delButton
);
$id++;
}
$table = new htmlResponsiveTable($titles, $data);
$tableDiv = new htmlDiv('webauthn_results', $table);
$tableDiv->addDataAttribute('sec_token_value', getSecurityTokenValue());
$container->add($tableDiv, 12);
}
$container->addVerticalSpacer('2rem');
$confirmationDiv = new htmlDiv('webauthnDeleteConfirm', new htmlOutputText(_('Do you really want to remove this device?')), array('hidden'));
$container->add($confirmationDiv, 12);
addSecurityTokenToMetaHTML($container);
parseHtml(null, $container, array(), false, $tabindex, 'user');
echo '</form>';
echo '</div>';
include __DIR__ . '/../../lib/adminFooter.inc';
/**
* Checks if a new device should be registered and adds it.
*
* @param htmlResponsiveRow $container row
* @param WebauthnManager $webauthnManager webauthn manager
*/
function addNewDevice($container, $webauthnManager) {
if (empty($_POST['registrationData'])) {
return;
}
$registrationData = base64_decode($_POST['registrationData']);
$registrationObject = PublicKeyCredentialCreationOptions::createFromString($_SESSION['webauthn_registration']);
$success = $webauthnManager->storeNewRegistration($registrationObject, $registrationData);
if ($success) {
$container->add(new htmlStatusMessage('INFO', _('The device was registered.')), 12);
}
else {
$container->add(new htmlStatusMessage('ERROR', _('The device failed to register.')), 12);
}
}
/**
* Shows the message if a device was removed.
*
* @param htmlResponsiveRow $container row
*/
function showRemoveMessage($container) {
if (!empty($_POST['removed']) && ($_POST['removed'] === 'true')) {
$container->add(new htmlStatusMessage('INFO', _('The device was deleted.')), 12);
}
}