mirror of
https://git.code.sf.net/p/seeddms/code
synced 2026-02-11 11:02:02 +00:00
remove left overs from webauthn
This commit is contained in:
Uwe Steinmann
parent
de446b9f2d
commit
f85ceca4ca
|
|
@ -31,84 +31,6 @@ class SeedDMS_Controller_Login extends SeedDMS_Controller_Common {
|
|||
return self::$user;
|
||||
} /* }}} */
|
||||
|
||||
/**
|
||||
* Create a webauthn challenge and return it as application/json
|
||||
*
|
||||
* This is called from javascript on the login page right after the
|
||||
* login button is preset. The returned challange is than passed to
|
||||
* javascript which instructs the browser to do the communication with
|
||||
* the usb key token.
|
||||
*/
|
||||
function preparelogin() { /* {{{ */
|
||||
$dms = $this->params['dms'];
|
||||
$login = $this->params['login'];
|
||||
|
||||
if($user = $dms->getUserByLogin($login)) {
|
||||
$webauthn = new \Davidearl\WebAuthn\WebAuthn($_SERVER['HTTP_HOST']);
|
||||
|
||||
/* Even without a public key stored for the user (user has not
|
||||
* registered yet), we will do the authentication, because an
|
||||
* error msg may reveal that the user exists.
|
||||
*/
|
||||
$j['challenge'] = $webauthn->prepareForLogin($user->getWebauthn());
|
||||
} else {
|
||||
http_response_code(401);
|
||||
echo 'User cannot be authenticated.';
|
||||
exit;
|
||||
}
|
||||
header('Content-type: application/json');
|
||||
echo json_encode($j);
|
||||
} /* }}} */
|
||||
|
||||
/**
|
||||
* Alternative method to run() for authenticating with webauthn.
|
||||
*
|
||||
* Once the browser has successfully finished the communication with the
|
||||
* usb key token, this method will be called with the signature signed
|
||||
* by the usb key in 'logininfo'. That data is checked with the public
|
||||
* key store in the users profile.
|
||||
*
|
||||
* Not like run() this method is called from within javascript and
|
||||
* needs to return the uri. The calling javascript code will than
|
||||
* redirect the browser to the uri.
|
||||
*/
|
||||
function login() { /* {{{ */
|
||||
$dms = $this->params['dms'];
|
||||
$settings = $this->params['settings'];
|
||||
$login = $this->params['login'];
|
||||
$logininfo = $this->params['logininfo'];
|
||||
$referuri = $this->params['referuri'];
|
||||
|
||||
if($user = $dms->getUserByLogin($login)) {
|
||||
$webauthn = new \Davidearl\WebAuthn\WebAuthn($_SERVER['HTTP_HOST']);
|
||||
|
||||
if (! $webauthn->authenticate($logininfo, $user->getWebauthn())) {
|
||||
http_response_code(401);
|
||||
echo 'failed to authenticate with that key';
|
||||
return false;
|
||||
}
|
||||
|
||||
if(self::_finalize($user)) {
|
||||
if (isset($referuri) && strlen($referuri)>0) {
|
||||
$j = $referuri;
|
||||
} else {
|
||||
$j = $settings->_httpRoot.(isset($settings->_siteDefaultPage) && strlen($settings->_siteDefaultPage)>0 ? $settings->_siteDefaultPage : "out/out.ViewFolder.php?folderid=".($user->getHomeFolder() ? $user->getHomeFolder() : $settings->_rootFolderID));
|
||||
}
|
||||
header('Content-type: application/json');
|
||||
echo json_encode($j);
|
||||
return true;
|
||||
} else {
|
||||
http_response_code(401);
|
||||
echo 'failed to authenticate with that key';
|
||||
return false;
|
||||
}
|
||||
} else {
|
||||
http_response_code(401);
|
||||
echo 'failed to authenticate with that key';
|
||||
return false;
|
||||
}
|
||||
} /* }}} */
|
||||
|
||||
public function _finalize($user) { /* {{{ */
|
||||
$settings = $this->params['settings'];
|
||||
$session = $this->params['session'];
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user