From f85ceca4caf874ceae2506639a5ec06719192217 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Mon, 16 Oct 2023 13:02:50 +0200 Subject: [PATCH] remove left overs from webauthn --- controllers/class.Login.php | 78 ------------------------------------- 1 file changed, 78 deletions(-) diff --git a/controllers/class.Login.php b/controllers/class.Login.php index 603edcc07..562eccaf2 100644 --- a/controllers/class.Login.php +++ b/controllers/class.Login.php @@ -31,84 +31,6 @@ class SeedDMS_Controller_Login extends SeedDMS_Controller_Common { return self::$user; } /* }}} */ - /** - * Create a webauthn challenge and return it as application/json - * - * This is called from javascript on the login page right after the - * login button is preset. The returned challange is than passed to - * javascript which instructs the browser to do the communication with - * the usb key token. - */ - function preparelogin() { /* {{{ */ - $dms = $this->params['dms']; - $login = $this->params['login']; - - if($user = $dms->getUserByLogin($login)) { - $webauthn = new \Davidearl\WebAuthn\WebAuthn($_SERVER['HTTP_HOST']); - - /* Even without a public key stored for the user (user has not - * registered yet), we will do the authentication, because an - * error msg may reveal that the user exists. - */ - $j['challenge'] = $webauthn->prepareForLogin($user->getWebauthn()); - } else { - http_response_code(401); - echo 'User cannot be authenticated.'; - exit; - } - header('Content-type: application/json'); - echo json_encode($j); - } /* }}} */ - - /** - * Alternative method to run() for authenticating with webauthn. - * - * Once the browser has successfully finished the communication with the - * usb key token, this method will be called with the signature signed - * by the usb key in 'logininfo'. That data is checked with the public - * key store in the users profile. - * - * Not like run() this method is called from within javascript and - * needs to return the uri. The calling javascript code will than - * redirect the browser to the uri. - */ - function login() { /* {{{ */ - $dms = $this->params['dms']; - $settings = $this->params['settings']; - $login = $this->params['login']; - $logininfo = $this->params['logininfo']; - $referuri = $this->params['referuri']; - - if($user = $dms->getUserByLogin($login)) { - $webauthn = new \Davidearl\WebAuthn\WebAuthn($_SERVER['HTTP_HOST']); - - if (! $webauthn->authenticate($logininfo, $user->getWebauthn())) { - http_response_code(401); - echo 'failed to authenticate with that key'; - return false; - } - - if(self::_finalize($user)) { - if (isset($referuri) && strlen($referuri)>0) { - $j = $referuri; - } else { - $j = $settings->_httpRoot.(isset($settings->_siteDefaultPage) && strlen($settings->_siteDefaultPage)>0 ? $settings->_siteDefaultPage : "out/out.ViewFolder.php?folderid=".($user->getHomeFolder() ? $user->getHomeFolder() : $settings->_rootFolderID)); - } - header('Content-type: application/json'); - echo json_encode($j); - return true; - } else { - http_response_code(401); - echo 'failed to authenticate with that key'; - return false; - } - } else { - http_response_code(401); - echo 'failed to authenticate with that key'; - return false; - } - } /* }}} */ - public function _finalize($user) { /* {{{ */ $settings = $this->params['settings']; $session = $this->params['session'];