59 } |
59 } |
60 // make HTTP request |
60 // make HTTP request |
61 require_once( ENANO_ROOT . '/includes/http.php' ); |
61 require_once( ENANO_ROOT . '/includes/http.php' ); |
62 $auth_url = getConfig('yubikey_auth_server', YK_DEFAULT_VERIFY_URL); |
62 $auth_url = getConfig('yubikey_auth_server', YK_DEFAULT_VERIFY_URL); |
63 $auth_url = preg_replace('#^https?://#i', '', $auth_url); |
63 $auth_url = preg_replace('#^https?://#i', '', $auth_url); |
64 if ( !preg_match('#^(\[?[a-z0-9-:]+(?:\.[a-z0-9-:]+\]?)*)(/.*)$#', $auth_url, $match) ) |
64 if ( !preg_match('#^(\[?[a-z0-9-:]+(?:\.[a-z0-9-:]+\]?)*)(?::([0-9]+))?(/.*)$#U', $auth_url, $match) ) |
65 { |
65 { |
66 return array( |
66 return array( |
67 'success' => false, |
67 'success' => false, |
68 'error' => 'invalid_auth_url' |
68 'error' => 'invalid_auth_url' |
69 ); |
69 ); |
70 } |
70 } |
71 $auth_server =& $match[1]; |
71 $auth_server =& $match[1]; |
72 $auth_uri =& $match[2]; |
72 $auth_port = ( !empty($match[2]) ) ? intval($match[2]) : 80; |
73 $req = new Request_HTTP($auth_server, $auth_uri); |
73 $auth_uri =& $match[3]; |
74 $req->add_get('id', strval($api_id)); |
74 try |
75 $req->add_get('otp', $otp); |
75 { |
76 $req->add_get('h', yubikey_sign($req->parms_get)); |
76 $req = new Request_HTTP($auth_server, $auth_uri, 'GET', $auth_port); |
77 |
77 $req->add_get('id', strval($api_id)); |
78 $response = $req->get_response_body(); |
78 $req->add_get('otp', $otp); |
|
79 $req->add_get('h', yubikey_sign($req->parms_get)); |
|
80 |
|
81 $response = $req->get_response_body(); |
|
82 } |
|
83 catch ( Exception $e ) |
|
84 { |
|
85 return array( |
|
86 'success' => false, |
|
87 'error' => 'http_failed', |
|
88 'http_error' => $e->getMessage() |
|
89 ); |
|
90 } |
79 |
91 |
80 if ( $req->response_code != HTTP_OK ) |
92 if ( $req->response_code != HTTP_OK ) |
81 { |
93 { |
82 return array( |
94 return array( |
83 'success' => false, |
95 'success' => false, |
187 function yubikey_verify_timestamp($timestamp) |
199 function yubikey_verify_timestamp($timestamp) |
188 { |
200 { |
189 $tolerance = intval(getConfig('yubikey_api_ts_tolerance', 150)); |
201 $tolerance = intval(getConfig('yubikey_api_ts_tolerance', 150)); |
190 |
202 |
191 $now = time(); |
203 $now = time(); |
192 $timestamp_seconds = strtotime(substr($timestamp, 0, -4)); |
204 $timestamp = preg_replace('/Z[0-9]{3}$/', '', $timestamp); |
|
205 $timestamp_seconds = strtotime($timestamp); |
193 |
206 |
194 if ( !$timestamp || !$now ) |
207 if ( !$timestamp || !$now ) |
195 { |
208 { |
196 return false; |
209 return false; |
197 } |
210 } |