Skip to content

Commit

Permalink
move offline OTP handling client side
Browse files Browse the repository at this point in the history
  • Loading branch information
@joostd
joostd committed Sep 20, 2015
1 parent f1385b3 commit 6bad005
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 66 deletions.
61 changes: 4 additions & 57 deletions www/tiqr/index.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,39 +12,6 @@

date_default_timezone_set('Europe/Amsterdam');

function login( $sessionKey, $userId, $response )
{
global $options;
global $userStorage;
$userSecret = $userStorage->getSecret($userId);
$tiqr = new Tiqr_Service($options);

// $tiqr->authenticate is not resilient for incorrect userId!!
$result = $tiqr->authenticate($userId, $userSecret, $sessionKey, $response);

//Note that actually blocking the user and keeping track of login attempts is a responsibility of your application,
switch( $result ) {
case Tiqr_Service::AUTH_RESULT_AUTHENTICATED:
//echo 'AUTHENTICATED';
return "OK";
break;
case Tiqr_Service::AUTH_RESULT_INVALID_CHALLENGE:
return 'INVALID_CHALLENGE';
break;
case Tiqr_Service::AUTH_RESULT_INVALID_REQUEST:
return 'INVALID_REQUEST';
break;
case Tiqr_Service::AUTH_RESULT_INVALID_RESPONSE:
return 'INVALID_RESPONSE';
// echo “INVALID_RESPONSE:3”; // 3 attempts left
// echo “INVALID_RESPONSE:0”; // blocked
break;
case Tiqr_Service::AUTH_RESULT_INVALID_USERID:
return 'INVALID_USERID';
break;
}
}

$app = new Silex\Application();
$app['debug'] = $options['debug'];

Expand Down Expand Up @@ -83,28 +50,6 @@ function login( $sessionKey, $userId, $response )

### tiqr Authentication ###

$app->post('/login', function (Request $request) use ($app, $tiqr, $options) {
$sessionKey = $app['session']->get('sessionKey');
$userId = $request->get('userID');
$otp = $request->get('otp');

$result = login($sessionKey, $userId, $otp);

$sid = $app['session']->getId();
$userdata = $tiqr->getAuthenticatedUser($sid);
if( $result === "OK" ) {
$app['session']->set('authn', array('username' => $userdata));
$tiqr->logout($sid);
$app['session']->remove('sessionKey');
$app['monolog']->addInfo(sprintf("[%s] verified authenticated user '%s'", $sid, $userdata));
$return = $request->getUriForPath('/');
} else {
$app['session']->set('keepSessionKey', true);
$return = $request->getUriForPath('/login');
}
return $app->redirect($return);
});

$app->get('/login', function (Request $request) use ($app, $tiqr, $options) {
$locale = $app['translator']->getLocale();
$locales = array_keys($options['translation']);
Expand Down Expand Up @@ -133,14 +78,16 @@ function login( $sessionKey, $userId, $response )
$app['session']->set('sessionKey', $sessionKey);
}
$app['monolog']->addInfo(sprintf("[%s] started new login session, session key = '%s", $sid, $sessionKey));

$authUrl = $tiqr->generateAuthURL($sessionKey).'?return='.urlencode($return);

$authUrl = $tiqr->generateAuthURL($sessionKey);
// $authUrl = $tiqr->generateAuthURL($sessionKey).'?return='.urlencode($return);

return $app['twig']->render('index.html', array(
'self' => $base,
'return_url' => $return,
'id' => $id,
'authUrl' => $authUrl,
'sessionKey' => $sessionKey,
'here' => $here,
'locale' => $locale,
'locales' => $locales,
Expand Down
47 changes: 38 additions & 9 deletions www/tiqr/views/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,33 +58,62 @@ <h2>{{ 'login.title' | trans }}</h2>
{% endif %}

<br/>
<a href="{{authUrl}}">
<img class="qr" src='qr' style="{{ id ? 'display:none;' : '' }} cursor: none;" />
</a>

<p>
{{ 'login.qr.manual.message' | trans({'%link_start%': '<a href="#" onClick="javascript:jQuery(\'#otpform\').slideToggle();">', '%link_end%': '</a>'}) | raw }}
</p>
<div class="qr" style="{{ id ? 'display:none;' : '' }}">
<a href="{{authUrl}}">
<img src='qr' style="cursor: none;" />
</a>
<p>
{{ 'login.qr.manual.message' | trans({'%link_start%': '<a href="#" onClick="javascript:jQuery(\'#otpform\').slideToggle();">', '%link_end%': '</a>'}) | raw }}
</p>
</div>

<div id="otpform" style="display:none">
<form method=POST>
<form method="POST">
<p>
{% if not id %}
{{ 'login.qr.manual.userid' | trans }}: <input type="text" tabindex="2" name="userID"/>
{% else %}
<input type="hidden" value="{{ id }}" name="userID"/>
{% endif %}
{{ 'login.qr.manual.otp' | trans }}: <input type="text" name="otp" tabindex="3"/>
{{ 'login.qr.manual.otp' | trans }}: <input type="text" name="otp" tabindex="3" placeholder="one time password..."/>
<input type="submit" value="{{ 'login.qr.manual.button' | trans }}"/>
<div id="result"></div>
</p>
</form>
</div>

<script>
$(function(){
$('a.scan').click(function(){
$( "img.qr" ).show( "slow" );
$( "div.qr" ).show( "slow" );
});
});

// Attach a submit handler to the OTP form
$( "#otpform" ).submit(function( event ) {
// Stop form from submitting normally
event.preventDefault();
// Get otp value from the form:
var $form = $( this ),
otp = $form.find( "input[name='otp']" ).val(),
url = '/tiqr/tiqr.php';
request = {
operation: "login",
notificationType: "APNS",
notificationAddress: "123abc",
userId: "{{ id }}",
response: otp,
sessionKey: "{{ sessionKey }}"
}
//var s = JSON.stringify(request);
$.post(url, request,
function(data){
if( data != "OK" )
$( "#result" ).empty().append( "Error: " + data );
});
});

</script>

</div><!-- /content -->
Expand Down

0 comments on commit 6bad005

Please sign in to comment.