Tuskfish API V1.1.1
  • Package
  • Class

Packages

  • content
  • core
  • database
  • installation
  • security
  • user
  • utilities

Classes

  • TfSession
  • TfValidator
  • TfValidatorFactory
  • TfYubikeyAuthenticator

Class TfYubikeyAuthenticator

Handles two-factor authentication via a Yubikey hardware token.

Tokens are available from yubico.com. Set up requires obtaining a Client ID and secret key from Yubico, please refer to the manual for instructions on how to set it up.

Note that the Yubikey authentication methods within this class are Copyright Tom Corwine and distributed under the GPL (V2). Please see the separate copyright block within the class file.

Do not attempt to use this file without reading the manual.

Package: security
Copyright: Simon Wilkinson 2013+ (https://tuskfish.biz)
License: GNU General Public License (GPL) V2
Author: Simon Wilkinson simon@isengard.biz
Version: Release: 1.0
Since: 1.0
Var: TfValidator $validator Instance of the Tuskfish data validator class.
Var: int $_id ID of the Yubikey hardware token (first 12 characters of output).
Var: string $_signatureKey Yubikey API key obtained from https://upgrade.yubico.com/getapikey/
Var: string $_response Response message from last verification attempt
Var: array $_curlResult Response from cURL request to Yubico authentication server.
Var: string $_curlError Error message.
Var: int $_timestampTolerance Timeout limit (expiry) for authentication requests.
Var: int $_curlTimeout Timeout limit when contacting Yubico authentication server.
Located at trust_path/libraries/tuskfish/class/TfYubikeyAuthenticator.php

Methods summary

public boolean
# __construct( TfValidator $validator )

Constructor.

Constructor.

Parameters

$validator
An instance of the Tuskfish data validator class.

Returns

boolean
protected string
# createSignedRequest( string $urlParams )

Create URL with embedded and signed authentication request for Yubico authentication server.

Create URL with embedded and signed authentication request for Yubico authentication server.

Parameters

$urlParams
URL parameters.

Returns

string
URL to Yubico authentication server with query string parameters attached.
protected string
# curlRequest( string $url )

Make cURL request.

Make cURL request.

Parameters

$url
Target URL.

Returns

string
Error message.
public integer
# getCurlTimeout( )

Get the timeout for cURL requests, in seconds.

Get the timeout for cURL requests, in seconds.

Returns

integer
cURL timeout (seconds).
public string
# getLastResponse( )

Returns response message from last verification attempt.

Returns response message from last verification attempt.

Returns

string
Last response message.
public integer
# getTimestampTolerance( )

Returns the timestamp tolerance (seconds).

Returns the timestamp tolerance (seconds).

Timestamp tolerance is how long an authentication request will be accepted after it is generated. You need to allow some time for discrepancies between clocks and user delays. Default: 10 minutes.

Returns

integer
Timestamp tolerance (seconds).
protected boolean
# otpIsProperLength( string $otp )

Check Yubikey one time password is expected length.

Check Yubikey one time password is expected length.

Parameters

$otp
Yubikey one-time password.

Returns

boolean
True if length is ok, otherwise false.
protected boolean
# otpIsModhex( string $otp )

Check Yubikey one time password is modhex encoded.

Check Yubikey one time password is modhex encoded.

Parameters

$otp
Yubikey one-time password.

Returns

boolean
True if modhex encoded, otherwise false.
protected boolean
# resultTimestampIsGood( string $timestamp )

Check timestamp is within tolerance.

Check timestamp is within tolerance.

Parameters

$timestamp
Timestamp to check.

Returns

boolean
True if timestamp is within tolerance, otherwise false.
protected boolean
# resultSignatureIsGood( string $signedMessage, string $signature )

Validate result signature.

Validate result signature.

Parameters

$signedMessage
Signed message.
$signature
Signature.

Returns

boolean
True if signature is good, otherwise false.
public boolean
# setCurlTimeout( integer $int )

Set the cURL timeout.

Set the cURL timeout.

Parameters

$int
cURL timeout (seconds).

Returns

boolean
True on success, false on failure.
public boolean
# setTimestampTolerance( integer $int )

Set the timestamp tolerance.

Set the timestamp tolerance.

Parameters

$int
Timestamp tolerance (seconds).

Returns

boolean
True on success, false on failure.
public boolean
# verify( string $otp )

Authenticate using a Yubikey one-time password.

Authenticate using a Yubikey one-time password.

Parameters

$otp
One time password generated by Yubikey hardware token.

Returns

boolean
True for successful authentication, false if fail.

Properties summary

protected $validator
#
Tuskfish API V1.1.1 API documentation generated by ApiGen