Source for file yubikey.php
Documentation is available at yubikey.php
* @subpackage Twofactorauth.yubikey
* @copyright Copyright (C) 2005 - 2013 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE.txt
* Joomla! Two Factor Authentication using Yubikey Plugin
* @subpackage Twofactorauth.yubikey
* Affects constructor behavior. If true, language files will be loaded automatically.
* @param object &$subject The object to observe
* @param array $config An optional associative array of configuration settings.
* Recognized key values include 'name', 'group', 'params', 'language'
* (this list is not meant to be comprehensive).
public function __construct(&$subject, $config =
array())
// Load the Joomla! RAD layer
* This method returns the identification object for this two factor
* @return stdClass An object with public properties method and title
$section = (int)
$this->params->get('section', 3);
if (!($current_section & $section))
'title' =>
JText::_('PLG_TWOFACTORAUTH_YUBIKEY_METHOD_TITLE'),
* Shows the configuration page for this two factor authentication method.
* @param object $otpConfig The two factor auth configuration object
* @param integer $user_id The numeric user ID of the user whose form we'll display
* @return boolean|string False if the method is not ours, the HTML of the configuration page otherwise
* @see UsersModelUser::getOtpConfig
// This method is already activated. Reuse the same Yubikey ID.
$yubikey =
$otpConfig->config['yubikey'];
// This methods is not activated yet. We'll need a Yubikey TOTP to setup this Yubikey.
// Is this a new TOTP setup? If so, we'll have to show the code
$new_totp =
$otpConfig->method !=
$this->methodName;
// Start output buffering
// Include the form.php from a template override. If none is found use the default.
include_once $path .
'form.php';
include_once __DIR__ .
'/tmpl/form.php';
// Stop output buffering and get the form contents
// Return the form contents
* The save handler of the two factor configuration method's configuration
* @param string $method The two factor auth method for which we'll show the config page
* @return boolean|stdClass False if the method doesn't match or we have an error, OTP config object if it succeeds
* @see UsersModelUser::setOtpConfig
// Get a reference to the input data object
$rawData =
$input->get('jform', array(), 'array');
$data =
$rawData['twofactor']['yubikey'];
// Warn if the securitycode is empty
$app->enqueueMessage(JText::_('PLG_TWOFACTORAUTH_YUBIKEY_ERR_VALIDATIONFAILED'), 'error');
// This only happens when we are in a CLI application. We cannot
// enqueue a message, so just do nothing.
// Validate the Yubikey OTP
$app->enqueueMessage(JText::_('PLG_TWOFACTORAUTH_YUBIKEY_ERR_VALIDATIONFAILED'), 'error');
// Check failed. Do not change two factor authentication settings.
// Remove the last 32 digits and store the rest in the user configuration parameters
$yubikey =
substr($data['securitycode'], 0, -
32);
// Check succeedeed; return an OTP configuration object
$otpConfig = (object )
array(
* This method should handle any two factor authentication and report back
* @param array $credentials Array holding the user credentials
* @param array $options Array of extra options
* @return boolean True if the user is authorised with this two-factor authentication method
// Get the OTP configuration object
$otpConfig =
$options['otp_config'];
// Make sure it's an object
if (empty($otpConfig) ||
!is_object($otpConfig))
// Check if we have the correct method
// Check if there is a security code
if (empty($credentials['secretkey']))
// Check if the Yubikey starts with the configured Yubikey user string
$yubikey_valid =
$otpConfig->config['yubikey'];
$yubikey =
substr($credentials['secretkey'], 0, -
32);
$check =
$yubikey ==
$yubikey_valid;
* Validates a Yubikey OTP against the Yubikey servers
* @param string $otp The OTP generated by your Yubikey
* @return boolean True if it's a valid OTP
'api.yubico.com', 'api2.yubico.com', 'api3.yubico.com',
'api4.yubico.com', 'api5.yubico.com'
while (!$gotResponse &&
!empty($server_queue))
$uri =
new JUri('https://' .
$server .
'/wsapi/2.0/verify');
// I don't see where this ID is used?
// The OTP we read from the user
$uri->setVar('otp', $otp);
// This prevents a REPLAYED_OTP status of the token doesn't change
// after a user submits an invalid OTP
$uri->setVar('nonce', $nonce);
// Minimum service level required: 50% (at least 50% of the YubiCloud
// servers must reply positively for the OTP to validate)
// Timeou waiting for YubiCloud servers to reply: 5 seconds.
$uri->setVar('timeout', 5);
$response =
$http->get($uri->toString(), null, 6);
// No response, continue with the next server
// No server replied; we can't validate this OTP
$lines =
explode("\n", $response->body);
foreach ($lines as $line)
$data[$parts[0]] =
$parts[1];
// Validate the response - We need an OK message reply
if ($data['status'] !=
'OK')
// Validate the response - We need a confidence level over 50%
// Validate the response - The OTP must match
if ($data['otp'] !=
$otp)
// Validate the response - The token must match
if ($data['nonce'] !=
$nonce)
Documentation generated on Tue, 19 Nov 2013 15:18:38 +0100 by phpDocumentor 1.4.3