Class TfishYubikeyAuthenticator
Two-factor authentication class.
Handles two-factor authentication via a Yubikey hardware token, available from yubico.com.
Set up requires obtaining a Client ID and secret key from Yubico, please refer to the manual for
instructions on how to set it up.
Note that the Yubikey authentication methods within this class are Copyright Tom Corwine and
distributed under the GPL (V2). Please see the separate copyright block within the class file.
Do not attempt to use this file without reading the manual.
Methods summary
public
|
#
__construct( )
Initialise default property values and unset unneeded ones.
Initialise default property values and unset unneeded ones.
|
public
integer
|
#
getTimestampTolerance( )
Returns the timestamp tolerance (seconds).
Returns the timestamp tolerance (seconds).
Timestamp tolerance is how long an authentication request will be accepted after it is
generated. You need to allow some time for discrepancies between clocks and user delays.
Default: 10 minutes.
Returns
integer Timestamp tolerance (seconds).
|
public
boolean
|
#
setTimestampTolerance( integer $int )
Set the timestamp tolerance.
Set the timestamp tolerance.
Parameters
- $int
- Timestamp tolerance (seconds).
Returns
boolean True on success, false on failure.
|
public
integer
|
#
getCurlTimeout( )
Get the timeout for cURL requests, in seconds.
Get the timeout for cURL requests, in seconds.
Returns
integer cURL timeout (seconds).
|
public
boolean
|
#
setCurlTimeout( integer $int )
Set the cURL timeout.
Parameters
- $int
- cURL timeout (seconds).
Returns
boolean True on success, false on failure.
|
public
string
|
#
getLastResponse( )
Returns response message from last verification attempt.
Returns response message from last verification attempt.
Returns
string Last response message.
|
public
boolean
|
#
verify( string $otp )
Authenticate using a Yubikey one-time password.
Authenticate using a Yubikey one-time password.
Parameters
- $otp
- One time password generated by Yubikey hardware token.
Returns
boolean True for successful authentication, false if fail.
|
protected
string
|
#
createSignedRequest( string $urlParams )
Create URL with embedded and signed authentication request for Yubico authentication server.
Create URL with embedded and signed authentication request for Yubico authentication server.
Parameters
- $urlParams
- URL parameters.
Returns
string URL to Yubico authentication server with query string parameters attached.
|
protected
string
|
#
curlRequest( string $url )
Make cURL request.
Parameters
Returns
string Error message.
|
protected
boolean
|
#
otpIsProperLength( string $otp )
Check Yubikey one time password is expected length.
Check Yubikey one time password is expected length.
Parameters
- $otp
- Yubikey one-time password.
Returns
boolean True if length is ok, otherwise false.
|
protected
boolean
|
#
otpIsModhex( string $otp )
Check Yubikey one time password is modhex encoded.
Check Yubikey one time password is modhex encoded.
Parameters
- $otp
- Yubikey one-time password.
Returns
boolean True if modhex encoded, otherwise false.
|
protected
boolean
|
#
resultTimestampIsGood( string $timestamp )
Check timestamp is within tolerance.
Check timestamp is within tolerance.
Parameters
- $timestamp
- Timestamp to check.
Returns
boolean True if timestamp is within tolerance, otherwise false.
|
protected
boolean
|
#
resultSignatureIsGood( string $signedMessage, string $signature )
Validate result signature.
Validate result signature.
Parameters
- $signedMessage
- Signed message.
- $signature
- Signature.
Returns
boolean True if signature is good, otherwise false.
|