Yubikey.php
changeset 39 6212d849ab08
equal deleted inserted replaced
38:d109af008343 39:6212d849ab08
       
     1 <?php
       
     2 /**!info**
       
     3 {
       
     4 	"Plugin Name"  : "Yubikey authentication",
       
     5 	"Plugin URI"   : "http://enanocms.org/plugin/yubikey",
       
     6 	"Description"  : "Allows authentication to Enano via Yubico's Yubikey, a one-time password device.",
       
     7 	"Author"       : "Dan Fuhry",
       
     8 	"Version"      : "1.1.7",
       
     9 	"Author URI"   : "http://enanocms.org/",
       
    10 	"Auth plugin"  : true
       
    11 }
       
    12 **!*/
       
    13 
       
    14 // Include files
       
    15 require( ENANO_ROOT . '/plugins/yubikey/corelib.php' );
       
    16 require( ENANO_ROOT . '/plugins/yubikey/admincp.php' );
       
    17 
       
    18 if ( getConfig('yubikey_enable', '1') == '1' )
       
    19 {
       
    20 	require( ENANO_ROOT . '/plugins/yubikey/auth.php' );
       
    21 	require( ENANO_ROOT . '/plugins/yubikey/usercp.php' );
       
    22 }
       
    23 
       
    24 // Install schema: MySQL
       
    25 /**!install dbms="mysql"; **
       
    26 CREATE TABLE {{TABLE_PREFIX}}yubikey(
       
    27 	yubi_id int(12) NOT NULL auto_increment,
       
    28 	user_id mediumint(8) NOT NULL DEFAULT 1,
       
    29 	yubi_uid char(12) NOT NULL DEFAULT '____________',
       
    30 	PRIMARY KEY ( yubi_id )
       
    31 ) ENGINE `MyISAM` CHARACTER SET `utf8` COLLATE `utf8_bin`;
       
    32 
       
    33 ALTER TABLE {{TABLE_PREFIX}}users ADD COLUMN user_yubikey_flags smallint(3) NOT NULL DEFAULT 0;
       
    34 **!*/
       
    35 
       
    36 // Install schema: PostgreSQL
       
    37 /**!install dbms="postgresql"; **
       
    38 CREATE TABLE {{TABLE_PREFIX}}yubikey(
       
    39 	yubi_id SERIAL,
       
    40 	user_id int NOT NULL DEFAULT 1,
       
    41 	yubi_uid char(12) NOT NULL DEFAULT '____________',
       
    42 	PRIMARY KEY ( yubi_id )
       
    43 );
       
    44 
       
    45 ALTER TABLE {{TABLE_PREFIX}}users ADD COLUMN user_yubikey_flags smallint NOT NULL DEFAULT 0;
       
    46 **!*/
       
    47 
       
    48 // Uninstall schema
       
    49 /**!uninstall**
       
    50 DROP TABLE {{TABLE_PREFIX}}yubikey;
       
    51 ALTER TABLE {{TABLE_PREFIX}}users DROP user_yubikey_flags;
       
    52 **!*/
       
    53 
       
    54 /**!language**
       
    55 
       
    56 The following text up to the closing comment tag is JSON language data.
       
    57 It is not PHP code but your editor or IDE may highlight it as such. This
       
    58 data is imported when the plugin is loaded for the first time; it provides
       
    59 the strings displayed by this plugin's interface.
       
    60 
       
    61 You should copy and paste this block when you create your own plugins so
       
    62 that these comments and the basic structure of the language data is
       
    63 preserved. All language data is in the same format as the Enano core
       
    64 language files in the /language/* directories. See the Enano Localization
       
    65 Guide and Enano API Documentation for further information on the format of
       
    66 language files.
       
    67 
       
    68 The exception in plugin language file format is that multiple languages
       
    69 may be specified in the language block. This should be done by way of making
       
    70 the top-level elements each a JSON language object, with elements named
       
    71 according to the ISO-639-1 language they are representing. The path should be:
       
    72 
       
    73 	root => language ID => categories array, ( strings object => category \
       
    74 	objects => strings )
       
    75 
       
    76 All text leading up to first curly brace is stripped by the parser; using
       
    77 a code tag makes jEdit and other editors do automatic indentation and
       
    78 syntax highlighting on the language data. The use of the code tag is not
       
    79 necessary; it is only included as a tool for development.
       
    80 
       
    81 <code>
       
    82 {
       
    83 	// english
       
    84 	eng: {
       
    85 		categories: [ 'meta', 'yubiauth', 'yubiucp', 'yubiacp' ],
       
    86 		strings: {
       
    87 			meta: {
       
    88 				yubiauth: 'Yubikey authentication messages',
       
    89 				yubiucp: 'Yubikey user CP',
       
    90 				yubiacp: 'Yubikey admin CP',
       
    91 			},
       
    92 			yubiauth: {
       
    93 				msg_please_touch_key: 'Please touch your Yubikey',
       
    94 				msg_close_instructions: 'or press <tt>Esc</tt>',
       
    95 				msg_invalid_chars: 'OTP contains invalid characters',
       
    96 				msg_too_long: 'OTP is too long',
       
    97 				msg_validating_otp: 'Validating OTP...',
       
    98 				msg_otp_valid: 'OTP validated',
       
    99 				btn_enter_otp: 'Log in with Yubikey',
       
   100 				lbl_otp_field: 'Yubikey OTP:',
       
   101 				
       
   102 				ctl_btn_change_key: 'Change key',
       
   103 				ctl_btn_clear: 'Clear',
       
   104 				ctl_btn_enroll: 'Enroll',
       
   105 				ctl_status_enrolled_pending: 'Enrolled (pending)',
       
   106 				ctl_status_empty: 'Not enrolled',
       
   107 				ctl_status_remove_pending: 'Removed (pending)',
       
   108 				ctl_status_enrolled: 'Enrolled',
       
   109 				
       
   110 				err_invalid_otp: 'Your login was rejected because the Yubikey OTP you entered contains invalid characters.',
       
   111 				err_invalid_auth_url: 'Login with Yubikey was rejected because the URL to the authentication server is not valid.',
       
   112 				err_nothing_provided: 'You did not provide a Yubikey OTP or a username. One of these is required for login to work.',
       
   113 				err_must_have_otp: 'Please provide a Yubikey OTP to log in to this account.',
       
   114 				err_must_have_username: 'Please provide your username.',
       
   115 				err_must_have_password: 'Please enter your password in addition to your username and Yubikey.',
       
   116 				err_key_not_authorized: 'This Yubikey is not authorized on this site.',
       
   117 				err_otp_invalid_chars: '%this.yubiauth_err_invalid_otp%',
       
   118 				err_http_failed: 'Your OTP could not be validated because the authentication server could not be contacted. Technical error message: %http_error%',
       
   119 				err_missing_api_key: 'Your OTP could not be validated because no Yubico API key is registered on this site.',
       
   120 				err_http_response_error: 'Your OTP could not be validated because the Yubico authentication server reported an error.',
       
   121 				err_malformed_response: 'Your OTP could not be validated because the Yubico authentication server returned an unexpected response.',
       
   122 				err_timestamp_check_failed: 'Your OTP could not be validated because the timestamp of the response from the Yubico authentication server was out of bounds.',
       
   123 				err_uid_mismatch: 'This Yubikey is registered to a different user account than the one you are trying to log into.',
       
   124 				err_response_missing_sig: 'Your OTP could not be validated because the Yubico authentication server did not sign its response.',
       
   125 				err_response_invalid_sig: 'Your OTP could not be validated because the signature of the authentication response was invalid.',
       
   126 				err_response_missing_status: '%this.yubiauth_err_malformed_response%',
       
   127 				err_response_ok: 'OTP is OK',
       
   128 				err_response_bad_otp: 'Authentication failed because the Yubikey OTP is invalid.',
       
   129 				err_response_replayed_otp: 'Authentication failed because the Yubikey OTP you entered has been used before.',
       
   130 				err_response_bad_signature: 'Authentication failed because the Yubico authentication server reported an invalid signature.',
       
   131 				err_response_missing_parameter: 'Authentication failed because of a Dan Fuhry error.',
       
   132 				err_response_no_such_client: 'Authentication failed because the Yubikey you used is not registered with Yubico.',
       
   133 				err_response_operation_not_allowed: 'Authentication failed because the Enano server was denied the request to validate the OTP.',
       
   134 				err_response_backend_error: 'Authentication failed because an unexpected problem happened with the Yubico server.',
       
   135 				err_response_security_error: 'Authentication failed because the Yubico authentication server reported an unknown security error.',
       
   136 				
       
   137 				specialpage_yubikey: 'Yubikey API'
       
   138 			},
       
   139 			yubiucp: {
       
   140 				panel_title: 'Yubikey settings',
       
   141 				
       
   142 				msg_save_title: 'Yubikey preferences saved',
       
   143 				msg_save_body: 'Your preferences have been saved. You will be transferred back to the User CP momentarily.',
       
   144 				
       
   145 				field_enable_title: 'Enable Yubikey support on my account:',
       
   146 				field_enable_hint: 'Disabling support will remove any keys that are enrolled for your account.',
       
   147 				field_enable: 'Enabled',
       
   148 				field_keys_title: 'Enrolled Yubikeys:',
       
   149 				field_keys_hint: 'Enroll a Yubikey to allow it to log into your account.',
       
   150 				field_keys_maximum: 'You can enroll up to %max% Yubikeys.',
       
   151 				field_normal_flags: 'When logging in, ask me for:',
       
   152 				field_elev_flags: 'When performing sensitive operations, require:',
       
   153 				field_flags_keyonly: 'Just my Yubikey',
       
   154 				field_flags_username: 'My Yubikey and username',
       
   155 				field_flags_userandpw: 'My <acronym title="Two factor authentication">Yubikey, username and password</acronym>',
       
   156 				field_allow_plain_login: 'Allow me to log in without my Yubikey',
       
   157 				field_allow_plain_login_hint: 'If this option is turned off, you will be unable to access your account if all of your enrolled Yubikeys become lost or broken. However, turning this option off provides greater security.',
       
   158 				err_double_enrollment: 'One of the Yubikeys you tried to enroll is already enrolled on another account on this website. A single Yubikey can only be associated with one account at a time.',
       
   159 				err_double_enrollment_single: 'The Yubikey you tried to enroll is already enrolled on another account on this website. A single Yubikey can only be associated with one account at a time.',
       
   160 				
       
   161 				reg_field_otp: 'Enroll a <a href="http://www.yubico.com/products/yubikey" onclick="window.open(this.href); return false;">Yubikey</a>:',
       
   162 				reg_field_otp_hint_optional: 'If you have a Yubikey, you can authorize it for use in your new account here.',
       
   163 				reg_field_otp_hint_required: 'Please enroll a Yubikey here to create an account. This is a required step.',
       
   164 				reg_err_otp_required: 'Please enroll a Yubikey to register on this site.',
       
   165 				reg_err_otp_invalid: 'Your Yubikey OTP failed to validate.'
       
   166 			},
       
   167 			yubiacp: {
       
   168 				th: 'Yubikey authentication',
       
   169 				field_enable_title: 'Yubikey support:',
       
   170 				field_enable: 'Enable Yubikey authentication',
       
   171 				field_api_key: 'Yubico API key:',
       
   172 				field_api_key_id: 'Yubico numeric ID:',
       
   173 				field_auth_server: 'Authentication server URL:',
       
   174 				field_enroll_limit: 'Number of enrolled keys permitted per account:',
       
   175 				field_reg_require_otp_title: 'Yubikey required for registration:',
       
   176 				field_reg_require_otp_hint: 'If this is enabled, users will be asked to enroll a Yubikey during registration. The enrolled Yubikey will be authorized for the new account.',
       
   177 				field_reg_require_otp: 'Require Yubikey during registration',
       
   178 				field_use_local_pre: 'Or:',
       
   179 				field_use_local: 'Use local YMS',
       
   180 				
       
   181 				err_invalid_auth_server: 'The URL to the Yubikey authentication server that you entered is invalid.'
       
   182 			}
       
   183 		}
       
   184 	}
       
   185 }
       
   186 </code>
       
   187 **!*/
       
   188