Mercurial Mercurial > repos > yubikey / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
plugins/Yubikey.php
changeset 37 5e946a3f405b
parent 35 03d6287d4a8b
child 38 d109af008343
equal deleted inserted replaced
36:f2aa4bc50d2f 37:5e946a3f405b 
     1 <?php
 
     1 <?php
 
     2 /**!info**
 
     2 /**!info**
 
     3 {
 
     3 {
 
     4   "Plugin Name"  : "Yubikey authentication",
 
     4 	"Plugin Name"  : "Yubikey authentication",
 
     5   "Plugin URI"   : "http://enanocms.org/plugin/yubikey",
 
     5 	"Plugin URI"   : "http://enanocms.org/plugin/yubikey",
 
     6   "Description"  : "Allows authentication to Enano via Yubico's Yubikey, a one-time password device.",
 
     6 	"Description"  : "Allows authentication to Enano via Yubico's Yubikey, a one-time password device.",
 
     7   "Author"       : "Dan Fuhry",
 
     7 	"Author"       : "Dan Fuhry",
 
     8   "Version"      : "1.1.7",
 
     8 	"Version"      : "1.1.7",
 
     9   "Author URI"   : "http://enanocms.org/",
 
     9 	"Author URI"   : "http://enanocms.org/",
 
    10   "Auth plugin"  : true
 
    10 	"Auth plugin"  : true
 
    11 }
 
    11 }
 
    12 **!*/
 
    12 **!*/
 
    13 
    13 
    14 // Include files
 
    14 // Include files
 
    15 require( ENANO_ROOT . '/plugins/yubikey/corelib.php' );
 
    15 require( ENANO_ROOT . '/plugins/yubikey/corelib.php' );
 
    16 require( ENANO_ROOT . '/plugins/yubikey/admincp.php' );
 
    16 require( ENANO_ROOT . '/plugins/yubikey/admincp.php' );
 
    17 
    17 
    18 if ( getConfig('yubikey_enable', '1') == '1' )
 
    18 if ( getConfig('yubikey_enable', '1') == '1' )
 
    19 {
 
    19 {
 
    20   require( ENANO_ROOT . '/plugins/yubikey/auth.php' );
 
    20 	require( ENANO_ROOT . '/plugins/yubikey/auth.php' );
 
    21   require( ENANO_ROOT . '/plugins/yubikey/usercp.php' );
 
    21 	require( ENANO_ROOT . '/plugins/yubikey/usercp.php' );
 
    22 }
 
    22 }
 
    23 
    23 
    24 // Install schema: MySQL
 
    24 // Install schema: MySQL
 
    25 /**!install dbms="mysql"; **
 
    25 /**!install dbms="mysql"; **
 
    26 CREATE TABLE {{TABLE_PREFIX}}yubikey(
 
    26 CREATE TABLE {{TABLE_PREFIX}}yubikey(
 
    27   yubi_id int(12) NOT NULL auto_increment,
 
    27 	yubi_id int(12) NOT NULL auto_increment,
 
    28   user_id mediumint(8) NOT NULL DEFAULT 1,
 
    28 	user_id mediumint(8) NOT NULL DEFAULT 1,
 
    29   yubi_uid char(12) NOT NULL DEFAULT '____________',
 
    29 	yubi_uid char(12) NOT NULL DEFAULT '____________',
 
    30   PRIMARY KEY ( yubi_id )
 
    30 	PRIMARY KEY ( yubi_id )
 
    31 ) ENGINE `MyISAM` CHARACTER SET `utf8` COLLATE `utf8_bin`;
 
    31 ) ENGINE `MyISAM` CHARACTER SET `utf8` COLLATE `utf8_bin`;
 
    32 
    32 
    33 ALTER TABLE {{TABLE_PREFIX}}users ADD COLUMN user_yubikey_flags smallint(3) NOT NULL DEFAULT 0;
 
    33 ALTER TABLE {{TABLE_PREFIX}}users ADD COLUMN user_yubikey_flags smallint(3) NOT NULL DEFAULT 0;
 
    34 **!*/
 
    34 **!*/
 
    35 
    35 
    36 // Install schema: PostgreSQL
 
    36 // Install schema: PostgreSQL
 
    37 /**!install dbms="postgresql"; **
 
    37 /**!install dbms="postgresql"; **
 
    38 CREATE TABLE {{TABLE_PREFIX}}yubikey(
 
    38 CREATE TABLE {{TABLE_PREFIX}}yubikey(
 
    39   yubi_id SERIAL,
 
    39 	yubi_id SERIAL,
 
    40   user_id int NOT NULL DEFAULT 1,
 
    40 	user_id int NOT NULL DEFAULT 1,
 
    41   yubi_uid char(12) NOT NULL DEFAULT '____________',
 
    41 	yubi_uid char(12) NOT NULL DEFAULT '____________',
 
    42   PRIMARY KEY ( yubi_id )
 
    42 	PRIMARY KEY ( yubi_id )
 
    43 );
 
    43 );
 
    44 
    44 
    45 ALTER TABLE {{TABLE_PREFIX}}users ADD COLUMN user_yubikey_flags smallint NOT NULL DEFAULT 0;
 
    45 ALTER TABLE {{TABLE_PREFIX}}users ADD COLUMN user_yubikey_flags smallint NOT NULL DEFAULT 0;
 
    46 **!*/
 
    46 **!*/
 
    47 
    47 
    68 The exception in plugin language file format is that multiple languages
 
    68 The exception in plugin language file format is that multiple languages
 
    69 may be specified in the language block. This should be done by way of making
 
    69 may be specified in the language block. This should be done by way of making
 
    70 the top-level elements each a JSON language object, with elements named
 
    70 the top-level elements each a JSON language object, with elements named
 
    71 according to the ISO-639-1 language they are representing. The path should be:
 
    71 according to the ISO-639-1 language they are representing. The path should be:
 
    72 
    72 
    73   root => language ID => categories array, ( strings object => category \
 
    73 	root => language ID => categories array, ( strings object => category \
 
    74   objects => strings )
 
    74 	objects => strings )
 
    75 
    75 
    76 All text leading up to first curly brace is stripped by the parser; using
 
    76 All text leading up to first curly brace is stripped by the parser; using
 
    77 a code tag makes jEdit and other editors do automatic indentation and
 
    77 a code tag makes jEdit and other editors do automatic indentation and
 
    78 syntax highlighting on the language data. The use of the code tag is not
 
    78 syntax highlighting on the language data. The use of the code tag is not
 
    79 necessary; it is only included as a tool for development.
 
    79 necessary; it is only included as a tool for development.
 
    80 
    80 
    81 <code>
 
    81 <code>
 
    82 {
 
    82 {
 
    83   // english
 
    83 	// english
 
    84   eng: {
 
    84 	eng: {
 
    85     categories: [ 'meta', 'yubiauth', 'yubiucp', 'yubiacp' ],
 
    85 		categories: [ 'meta', 'yubiauth', 'yubiucp', 'yubiacp' ],
 
    86     strings: {
 
    86 		strings: {
 
    87       meta: {
 
    87 			meta: {
 
    88         yubiauth: 'Yubikey authentication messages',
 
    88 				yubiauth: 'Yubikey authentication messages',
 
    89         yubiucp: 'Yubikey user CP',
 
    89 				yubiucp: 'Yubikey user CP',
 
    90         yubiacp: 'Yubikey admin CP',
 
    90 				yubiacp: 'Yubikey admin CP',
 
    91       },
 
    91 			},
 
    92       yubiauth: {
 
    92 			yubiauth: {
 
    93         msg_please_touch_key: 'Please touch your Yubikey',
 
    93 				msg_please_touch_key: 'Please touch your Yubikey',
 
    94         msg_close_instructions: 'or press <tt>Esc</tt>',
 
    94 				msg_close_instructions: 'or press <tt>Esc</tt>',
 
    95         msg_invalid_chars: 'OTP contains invalid characters',
 
    95 				msg_invalid_chars: 'OTP contains invalid characters',
 
    96         msg_too_long: 'OTP is too long',
 
    96 				msg_too_long: 'OTP is too long',
 
    97         msg_validating_otp: 'Validating OTP...',
 
    97 				msg_validating_otp: 'Validating OTP...',
 
    98         msg_otp_valid: 'OTP validated',
 
    98 				msg_otp_valid: 'OTP validated',
 
    99         btn_enter_otp: 'Log in with Yubikey',
 
    99 				btn_enter_otp: 'Log in with Yubikey',
 
   100         lbl_otp_field: 'Yubikey OTP:',
 
   100 				lbl_otp_field: 'Yubikey OTP:',
 
   101         
   101 				
   102         ctl_btn_change_key: 'Change key',
 
   102 				ctl_btn_change_key: 'Change key',
 
   103         ctl_btn_clear: 'Clear',
 
   103 				ctl_btn_clear: 'Clear',
 
   104         ctl_btn_enroll: 'Enroll',
 
   104 				ctl_btn_enroll: 'Enroll',
 
   105         ctl_status_enrolled_pending: 'Enrolled (pending)',
 
   105 				ctl_status_enrolled_pending: 'Enrolled (pending)',
 
   106         ctl_status_empty: 'Not enrolled',
 
   106 				ctl_status_empty: 'Not enrolled',
 
   107         ctl_status_remove_pending: 'Removed (pending)',
 
   107 				ctl_status_remove_pending: 'Removed (pending)',
 
   108         ctl_status_enrolled: 'Enrolled',
 
   108 				ctl_status_enrolled: 'Enrolled',
 
   109         
   109 				
   110         err_invalid_otp: 'Your login was rejected because the Yubikey OTP you entered contains invalid characters.',
 
   110 				err_invalid_otp: 'Your login was rejected because the Yubikey OTP you entered contains invalid characters.',
 
   111         err_invalid_auth_url: 'Login with Yubikey was rejected because the URL to the authentication server is not valid.',
 
   111 				err_invalid_auth_url: 'Login with Yubikey was rejected because the URL to the authentication server is not valid.',
 
   112         err_nothing_provided: 'You did not provide a Yubikey OTP or a username. One of these is required for login to work.',
 
   112 				err_nothing_provided: 'You did not provide a Yubikey OTP or a username. One of these is required for login to work.',
 
   113         err_must_have_otp: 'Please provide a Yubikey OTP to log in to this account.',
 
   113 				err_must_have_otp: 'Please provide a Yubikey OTP to log in to this account.',
 
   114         err_must_have_username: 'Please provide your username.',
 
   114 				err_must_have_username: 'Please provide your username.',
 
   115         err_must_have_password: 'Please enter your password in addition to your username and Yubikey.',
 
   115 				err_must_have_password: 'Please enter your password in addition to your username and Yubikey.',
 
   116         err_key_not_authorized: 'This Yubikey is not authorized on this site.',
 
   116 				err_key_not_authorized: 'This Yubikey is not authorized on this site.',
 
   117         err_otp_invalid_chars: '%this.yubiauth_err_invalid_otp%',
 
   117 				err_otp_invalid_chars: '%this.yubiauth_err_invalid_otp%',
 
   118         err_http_failed: 'Your OTP could not be validated because the authentication server could not be contacted. Technical error message: %http_error%',
 
   118 				err_http_failed: 'Your OTP could not be validated because the authentication server could not be contacted. Technical error message: %http_error%',
 
   119         err_missing_api_key: 'Your OTP could not be validated because no Yubico API key is registered on this site.',
 
   119 				err_missing_api_key: 'Your OTP could not be validated because no Yubico API key is registered on this site.',
 
   120         err_http_response_error: 'Your OTP could not be validated because the Yubico authentication server reported an error.',
 
   120 				err_http_response_error: 'Your OTP could not be validated because the Yubico authentication server reported an error.',
 
   121         err_malformed_response: 'Your OTP could not be validated because the Yubico authentication server returned an unexpected response.',
 
   121 				err_malformed_response: 'Your OTP could not be validated because the Yubico authentication server returned an unexpected response.',
 
   122         err_timestamp_check_failed: 'Your OTP could not be validated because the timestamp of the response from the Yubico authentication server was out of bounds.',
 
   122 				err_timestamp_check_failed: 'Your OTP could not be validated because the timestamp of the response from the Yubico authentication server was out of bounds.',
 
   123         err_response_missing_sig: 'Your OTP could not be validated because the Yubico authentication server did not sign its response.',
 
   123 				err_response_missing_sig: 'Your OTP could not be validated because the Yubico authentication server did not sign its response.',
 
   124         err_response_invalid_sig: 'Your OTP could not be validated because the signature of the authentication response was invalid.',
 
   124 				err_response_invalid_sig: 'Your OTP could not be validated because the signature of the authentication response was invalid.',
 
   125         err_response_missing_status: '%this.yubiauth_err_malformed_response%',
 
   125 				err_response_missing_status: '%this.yubiauth_err_malformed_response%',
 
   126         err_response_ok: 'OTP is OK',
 
   126 				err_response_ok: 'OTP is OK',
 
   127         err_response_bad_otp: 'Authentication failed because the Yubikey OTP is invalid.',
 
   127 				err_response_bad_otp: 'Authentication failed because the Yubikey OTP is invalid.',
 
   128         err_response_replayed_otp: 'Authentication failed because the Yubikey OTP you entered has been used before.',
 
   128 				err_response_replayed_otp: 'Authentication failed because the Yubikey OTP you entered has been used before.',
 
   129         err_response_bad_signature: 'Authentication failed because the Yubico authentication server reported an invalid signature.',
 
   129 				err_response_bad_signature: 'Authentication failed because the Yubico authentication server reported an invalid signature.',
 
   130         err_response_missing_parameter: 'Authentication failed because of a Dan Fuhry error.',
 
   130 				err_response_missing_parameter: 'Authentication failed because of a Dan Fuhry error.',
 
   131         err_response_no_such_client: 'Authentication failed because the Yubikey you used is not registered with Yubico.',
 
   131 				err_response_no_such_client: 'Authentication failed because the Yubikey you used is not registered with Yubico.',
 
   132         err_response_operation_not_allowed: 'Authentication failed because the Enano server was denied the request to validate the OTP.',
 
   132 				err_response_operation_not_allowed: 'Authentication failed because the Enano server was denied the request to validate the OTP.',
 
   133         err_response_backend_error: 'Authentication failed because an unexpected problem happened with the Yubico server.',
 
   133 				err_response_backend_error: 'Authentication failed because an unexpected problem happened with the Yubico server.',
 
   134         err_response_security_error: 'Authentication failed because the Yubico authentication server reported an unknown security error.',
 
   134 				err_response_security_error: 'Authentication failed because the Yubico authentication server reported an unknown security error.',
 
   135         
   135 				
   136         specialpage_yubikey: 'Yubikey API'
 
   136 				specialpage_yubikey: 'Yubikey API'
 
   137       },
 
   137 			},
 
   138       yubiucp: {
 
   138 			yubiucp: {
 
   139         panel_title: 'Yubikey settings',
 
   139 				panel_title: 'Yubikey settings',
 
   140         
   140 				
   141         msg_save_title: 'Yubikey preferences saved',
 
   141 				msg_save_title: 'Yubikey preferences saved',
 
   142         msg_save_body: 'Your preferences have been saved. You will be transferred back to the User CP momentarily.',
 
   142 				msg_save_body: 'Your preferences have been saved. You will be transferred back to the User CP momentarily.',
 
   143         
   143 				
   144         field_enable_title: 'Enable Yubikey support on my account:',
 
   144 				field_enable_title: 'Enable Yubikey support on my account:',
 
   145         field_enable_hint: 'Disabling support will remove any keys that are enrolled for your account.',
 
   145 				field_enable_hint: 'Disabling support will remove any keys that are enrolled for your account.',
 
   146         field_enable: 'Enabled',
 
   146 				field_enable: 'Enabled',
 
   147         field_keys_title: 'Enrolled Yubikeys:',
 
   147 				field_keys_title: 'Enrolled Yubikeys:',
 
   148         field_keys_hint: 'Enroll a Yubikey to allow it to log into your account.',
 
   148 				field_keys_hint: 'Enroll a Yubikey to allow it to log into your account.',
 
   149         field_keys_maximum: 'You can enroll up to %max% Yubikeys.',
 
   149 				field_keys_maximum: 'You can enroll up to %max% Yubikeys.',
 
   150         field_normal_flags: 'When logging in, ask me for:',
 
   150 				field_normal_flags: 'When logging in, ask me for:',
 
   151         field_elev_flags: 'When performing sensitive operations, require:',
 
   151 				field_elev_flags: 'When performing sensitive operations, require:',
 
   152         field_flags_keyonly: 'Just my Yubikey',
 
   152 				field_flags_keyonly: 'Just my Yubikey',
 
   153         field_flags_username: 'My Yubikey and username',
 
   153 				field_flags_username: 'My Yubikey and username',
 
   154         field_flags_userandpw: 'My <acronym title="Two factor authentication">Yubikey, username and password</acronym>',
 
   154 				field_flags_userandpw: 'My <acronym title="Two factor authentication">Yubikey, username and password</acronym>',
 
   155         field_allow_plain_login: 'Allow me to log in without my Yubikey',
 
   155 				field_allow_plain_login: 'Allow me to log in without my Yubikey',
 
   156         field_allow_plain_login_hint: 'If this option is turned off, you will be unable to access your account if all of your enrolled Yubikeys become lost or broken. However, turning this option off provides greater security.',
 
   156 				field_allow_plain_login_hint: 'If this option is turned off, you will be unable to access your account if all of your enrolled Yubikeys become lost or broken. However, turning this option off provides greater security.',
 
   157         err_double_enrollment: 'One of the Yubikeys you tried to enroll is already enrolled on another account on this website. A single Yubikey can only be associated with one account at a time.',
 
   157 				err_double_enrollment: 'One of the Yubikeys you tried to enroll is already enrolled on another account on this website. A single Yubikey can only be associated with one account at a time.',
 
   158         err_double_enrollment_single: 'The Yubikey you tried to enroll is already enrolled on another account on this website. A single Yubikey can only be associated with one account at a time.',
 
   158 				err_double_enrollment_single: 'The Yubikey you tried to enroll is already enrolled on another account on this website. A single Yubikey can only be associated with one account at a time.',
 
   159         
   159 				
   160         reg_field_otp: 'Enroll a <a href="http://www.yubico.com/products/yubikey" onclick="window.open(this.href); return false;">Yubikey</a>:',
 
   160 				reg_field_otp: 'Enroll a <a href="http://www.yubico.com/products/yubikey" onclick="window.open(this.href); return false;">Yubikey</a>:',
 
   161         reg_field_otp_hint_optional: 'If you have a Yubikey, you can authorize it for use in your new account here.',
 
   161 				reg_field_otp_hint_optional: 'If you have a Yubikey, you can authorize it for use in your new account here.',
 
   162         reg_field_otp_hint_required: 'Please enroll a Yubikey here to create an account. This is a required step.',
 
   162 				reg_field_otp_hint_required: 'Please enroll a Yubikey here to create an account. This is a required step.',
 
   163         reg_err_otp_required: 'Please enroll a Yubikey to register on this site.',
 
   163 				reg_err_otp_required: 'Please enroll a Yubikey to register on this site.',
 
   164         reg_err_otp_invalid: 'Your Yubikey OTP failed to validate.'
 
   164 				reg_err_otp_invalid: 'Your Yubikey OTP failed to validate.'
 
   165       },
 
   165 			},
 
   166       yubiacp: {
 
   166 			yubiacp: {
 
   167         th: 'Yubikey authentication',
 
   167 				th: 'Yubikey authentication',
 
   168         field_enable_title: 'Yubikey support:',
 
   168 				field_enable_title: 'Yubikey support:',
 
   169         field_enable: 'Enable Yubikey authentication',
 
   169 				field_enable: 'Enable Yubikey authentication',
 
   170         field_api_key: 'Yubico API key:',
 
   170 				field_api_key: 'Yubico API key:',
 
   171         field_api_key_id: 'Yubico numeric ID:',
 
   171 				field_api_key_id: 'Yubico numeric ID:',
 
   172         field_auth_server: 'Authentication server URL:',
 
   172 				field_auth_server: 'Authentication server URL:',
 
   173         field_enroll_limit: 'Number of enrolled keys permitted per account:',
 
   173 				field_enroll_limit: 'Number of enrolled keys permitted per account:',
 
   174         field_reg_require_otp_title: 'Yubikey required for registration:',
 
   174 				field_reg_require_otp_title: 'Yubikey required for registration:',
 
   175         field_reg_require_otp_hint: 'If this is enabled, users will be asked to enroll a Yubikey during registration. The enrolled Yubikey will be authorized for the new account.',
 
   175 				field_reg_require_otp_hint: 'If this is enabled, users will be asked to enroll a Yubikey during registration. The enrolled Yubikey will be authorized for the new account.',
 
   176         field_reg_require_otp: 'Require Yubikey during registration',
 
   176 				field_reg_require_otp: 'Require Yubikey during registration',
 
   177         field_use_local_pre: 'Or:',
 
   177 				field_use_local_pre: 'Or:',
 
   178         field_use_local: 'Use local YMS',
 
   178 				field_use_local: 'Use local YMS',
 
   179         
   179 				
   180         err_invalid_auth_server: 'The URL to the Yubikey authentication server that you entered is invalid.'
 
   180 				err_invalid_auth_server: 'The URL to the Yubikey authentication server that you entered is invalid.'
 
   181       }
 
   181 			}
 
   182     }
 
   182 		}
 
   183   }
 
   183 	}
 
   184 }
 
   184 }
 
   185 </code>
 
   185 </code>
 
   186 **!*/
 
   186 **!*/
 
   187 
   187
Yubikey support