Changeset 1405425
- Timestamp:
- 04/27/2016 10:24:31 AM (10 years ago)
- Location:
- secsign/trunk
- Files:
-
- 5 edited
-
jsApi/SecSignIDApi.js (modified) (4 diffs)
-
jsApi/signin-bridge.php (modified) (4 diffs)
-
readme.txt (modified) (3 diffs)
-
secsignfunctions.js (modified) (7 diffs)
-
secsignid_login.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
secsign/trunk/jsApi/SecSignIDApi.js
r1363524 r1405425 19 19 referer : 'SecSignIDApi_JS', 20 20 pluginname : 'SecSignIDApi_JS', 21 version : "1.31" 21 version : "1.32", 22 optionalparams : null 22 23 }; 23 24 … … 36 37 // Send query to secsign id server to create an authentication session for a certain secsign id. 37 38 // 38 SecSignIDApi.prototype.requestAuthSession = function(secsignid, servicename, serviceaddress, timezone, successCallbackFunc) {39 SecSignIDApi.prototype.requestAuthSession = function(secsignid, servicename, serviceaddress, timezone, callbackFunction) { 39 40 if(!secsignid){ 40 41 throw new Error("SecSign ID is null."); … … 80 81 requestParameter['timezone'] = timezone; 81 82 } 82 return this.sendRequest(requestParameter, successCallbackFunc);83 return this.sendRequest(requestParameter, callbackFunction); 83 84 }; 84 85 … … 149 150 "apimethod" : this.referer 150 151 }); 152 153 // merge optional params 154 if(this.optionalparams && typeof(this.optionalparams) === "object"){ 155 _merge(params, this.optionalparams); 156 } 151 157 152 158 var paramStr = ""; -
secsign/trunk/jsApi/signin-bridge.php
r1363524 r1405425 9 9 include ('phpApi/SecSignIDApi.php'); 10 10 11 $send_as_ajax = isset($_REQUEST['isajax']);12 $content_type = $send_as_ajax ? "text/xml" : "text/plain";13 14 15 11 if(isset($_REQUEST['request']) && isset($_REQUEST['apimethod'])) 16 12 { 17 // the only excepted request names are:13 // the only excepted requests are: 18 14 // ReqRequestAuthSession 19 15 // ReqGetAuthSessionState … … 30 26 $secSignIDApi->setPluginName($_POST['pluginname']); 31 27 } 32 $authsession =$secSignIDApi->requestAuthSession($_POST['secsignid'], $_POST['servicename'], $_POST['serviceaddress']);28 $secSignIDApi->requestAuthSession($_POST['secsignid'], $_POST['servicename'], $_POST['serviceaddress']); 33 29 $response = $secSignIDApi->getResponse(); 34 30 } … … 36 32 $response = $secSignIDApi->getResponse(); 37 33 } 38 } else if(strcmp($_REQUEST['request'], "ReqGetAuthSessionState") == 0){39 34 } else { 35 try 40 36 { 41 37 $servicename = isset($_POST['servicename']) ? $_POST['servicename'] : ""; … … 52 48 ), true); 53 49 54 // send request to check authentication session from javascript api to id-server via php api 55 $authSessionState = $secSignIDApi->getAuthSessionState($authsession); 56 $response = $secSignIDApi->getResponse(); 50 if(strcmp($_REQUEST['request'], "ReqGetAuthSessionState") == 0){ 51 52 // send request to check authentication session from javascript api to id-server via php api 53 $secSignIDApi->getAuthSessionState($authsession); 54 $response = $secSignIDApi->getResponse(); 55 56 } else if(strcmp($_REQUEST['request'], "ReqReleaseAuthSession") == 0){ 57 58 // send request to release authentication session from javascript api to id-server via php api 59 $secSignIDApi->releaseAuthSession($authsession); 60 $response = $secSignIDApi->getResponse(); 61 62 } else if(strcmp($_REQUEST['request'], "ReqCancelAuthSession") == 0){ 63 64 // send request to cancel authentication session from javascript api to id-server via php api 65 $secSignIDApi->cancelAuthSession($authsession); 66 $response = $secSignIDApi->getResponse(); 67 } 68 else { 69 // unknown request. cannot bridge it to id server via php api 70 $response = urlencode("error=500;errormsg=unknown request;"); 71 } 57 72 } 58 73 catch(Exception $e){ 59 74 $response = $secSignIDApi->getResponse(); 60 } 61 62 } else if(strcmp($_REQUEST['request'], "ReqReleaseAuthSession") == 0){ 63 try 64 { 65 $servicename = isset($_POST['servicename']) ? $_POST['servicename'] : ""; 66 $serviceaddress = isset($_POST['serviceaddress']) ? $_POST['serviceaddress'] : ""; 67 68 $authsession = new AuthSession(); 69 $authsession->createAuthSessionFromArray(array( 70 'requestid' => $_POST['requestid'], 71 'secsignid' => $_POST['secsignid'], 72 'authsessionid' => $_POST['authsessionid'], 73 'servicename' => $servicename, 74 'serviceaddress' => $serviceaddress 75 ), true); 76 77 78 // send request to release authentication session from javascript api to id-server via php api 79 $secSignIDApi->releaseAuthSession($authsession); 80 $response = $secSignIDApi->getResponse(); 81 82 } 83 catch(Exception $e){ 84 $response = $secSignIDApi->getResponse(); 85 } 86 } else if(strcmp($_REQUEST['request'], "ReqCancelAuthSession") == 0){ 87 try 88 { 89 // it is supposed that the javascipt api sends this information as well. but to asure that 'null' isn't sent to server... 90 $servicename = isset($_POST['servicename']) ? $_POST['servicename'] : ""; 91 $serviceaddress = isset($_POST['serviceaddress']) ? $_POST['serviceaddress'] : ""; 92 93 $authsession = new AuthSession(); 94 $authsession->createAuthSessionFromArray(array( 95 'requestid' => $_POST['requestid'], 96 'secsignid' => $_POST['secsignid'], 97 'authsessionid' => $_POST['authsessionid'], 98 'servicename' => $servicename, 99 'serviceaddress' => $serviceaddress 100 ), true); 101 102 103 // send request to cancel authentication session from javascript api to id-server via php api 104 $authSessionState = $secSignIDApi->cancelAuthSession($authsession); 105 $response = $secSignIDApi->getResponse(); 106 } 107 catch(Exception $e){ 108 $response = $secSignIDApi->getResponse(); 109 } 110 } else { 111 // unknown request. cannot bridge it to id server via php api 112 $response = "error=500;errormsg=unknown%20request;"; 75 } 113 76 } 77 } else { 78 // unknown request. cannot bridge it to id server via php api 79 $response = urlencode("error=500;errormsg=no value for request was found in header values."); 114 80 } 115 116 header("Content-Type: " . $content_type); 81 82 // response from server is url encoded string with parameter value pairs 83 header("Content-Type: " . "text/plain"); 117 84 header("Content-Length: " . strlen($response)); 118 85 -
secsign/trunk/readme.txt
r1390218 r1405425 3 3 Tags: two-factor authentication, two-factor, authentication, 2 factor authentication, login, sign in, single sign-on, challenge response, rsa, password, mobile, iphone, android, security, authenticator, authenticate, two step authentication, 2fa, tfa 4 4 Requires at least: 3.0.1 5 Tested up to: 4.5 5 Tested up to: 4.5.1 6 6 Stable tag: trunk 7 7 License: GPLv2 or later … … 160 160 == Changelog == 161 161 162 = 1.7.10 = 163 * Show server errors to user rather than a nondescriptive default error message. 164 * Check given SecSign ID if it is syntactically correct before sending it 165 * New version of [SecSignIDApi.js](https://github.com/SecSign/secsign-js-api) 166 * Tested WP compatibility for Wordpress 4.5.1 167 168 Note: Due to changes at the javascript files, please flush the page cache or any other cache you are using to have the updated files within the browser. 169 162 170 = 1.7.9 = 163 171 * Fixed form switching bug … … 168 176 169 177 = 1.7.8 = 170 * Turned autocapitalizing and autocorrection offfor username input fields171 * Fixed error whenan authentication session is canceled178 * Turned off autocapitalizing and autocorrection for username input fields 179 * Fixed error if an authentication session is canceled 172 180 * Fixed layout error when an authentication is requested. Reset all fields before showing access pass or activity indicator 173 181 * Added index.php to all subfolders to prevent directory parsing -
secsign/trunk/secsignfunctions.js
r1390218 r1405425 1 // $Id: secsignfunctions.js,v 1.7 2015/04/28 09:49:45 titus Exp $2 3 1 /*! 4 2 * This script contains general helper functions. 5 3 * components menu of the back end is selected. 6 4 * 7 * @copyright Copyright (C) 2014 , 2015SecSign Technologies Inc. All rights reserved.8 * @license 5 * @copyright Copyright (C) 2014 - 2016 SecSign Technologies Inc. All rights reserved. 6 * @license GNU General Public License version 2 or later; see LICENSE.txt. 9 7 */ 10 8 jQuery.noConflict(); … … 102 100 } 103 101 104 function showErrorOnLoginform(errormessage) { 105 jQuery("#secsignid-page-accesspass").fadeOut( 106 function () { 107 jQuery("#secsignid-page-login").fadeIn(); 108 jQuery("#secloginbtn").prop("disabled", false); 109 } 110 ); 111 jQuery("#secsignid-error").html(errormessage).fadeIn(); 102 // shows an error message at the login page 103 function showErrorOnLoginform(errormessage, slide) { 104 jQuery("#secsignid-page-accesspass").fadeOut(200, function(){ 105 jQuery("#secloginbtn").prop("disabled", false); 106 jQuery("#secsignid-page-login").fadeIn(); 107 108 var errorField = jQuery("#secsignid-error").text(errormessage); 109 if(slide){ 110 errorField.slideDown(); 111 } else { 112 errorField.fadeIn(); 113 } 114 }); 112 115 } 113 116 … … 177 180 jQuery("input[name='secsignidrequestid']").val(), 178 181 jQuery("input[name='secsignidauthsessionid']").val(), 179 function rMap(responseMap) {182 function(responseMap) { 180 183 if (responseMap) { 181 184 // check if response map contains error message or if authentication state could not be fetched from server. … … 348 351 } 349 352 350 new SecSignIDApi({posturl: apiurl}).cancelAuthSession(secsignid, requestId, authsessionId, function rMap(responseMap) {353 new SecSignIDApi({posturl: apiurl}).cancelAuthSession(secsignid, requestId, authsessionId, function(responseMap) { 351 354 // clear timeout 352 355 window.clearTimeout(checkSessionStateTimerId); … … 368 371 369 372 if (secsignid == "") { 370 // error - back to login screen371 s etTimeout(function () {372 showErrorOnLoginform(nosecsignid)373 }, 1000);373 // error - back to login screen 374 showErrorOnLoginform(nosecsignid, true); 375 } else if(!SecSignIDApi.checkSecSignId(secsignid)){ 376 showErrorOnLoginform(novalidsecsignid, true); 374 377 } else { 375 378 376 // if remember me is clicked, set cookie otherwise delete379 // if remember me is clicked, set cookie otherwise delete 377 380 if (jQuery('#rememberme').is(':checked')) { 378 381 docCookies.setItem('secsignRememberMe', secsignid, 2592000); … … 392 395 ); 393 396 394 //request auth session 395 var secSignIDApi = new SecSignIDApi({posturl: apiurl, pluginname: "wordpress"}); // to debug class object: alert(JSON.stringify(secSignIDApi)); 396 secSignIDApi.requestAuthSession(secsignid, title, url, '', function rMap(responseMap) { 397 // request auth session 398 // to debug class object: alert(JSON.stringify(secSignIDApi)); 399 new SecSignIDApi({posturl: apiurl, pluginname: "wordpress"}).requestAuthSession(secsignid, title, url, '', function(responseMap) { 400 397 401 if ("errormsg" in responseMap) { 398 //error - back to login screen 399 setTimeout(function () { 400 showErrorOnLoginform(responseMap["errormsg"]) 401 }, 1000); 402 // error - back to login screen 403 showErrorOnLoginform(responseMap["errormsg"]) 402 404 } else { 403 405 if ("authsessionicondata" in responseMap && responseMap["authsessionicondata"] != '') { … … 432 434 433 435 } else { 434 //no response from server 435 setTimeout(function () { 436 showErrorOnLoginform(noresponse) 437 }, 2000); 436 // no response from server 437 showErrorOnLoginform(noresponse + " " + JSON.stringify(responseMap)); 438 438 } 439 439 } -
secsign/trunk/secsignid_login.php
r1390218 r1405425 3 3 Plugin Name: SecSign 4 4 Plugin URI: https://www.secsign.com/add-it-to-your-website/ 5 Version: 1.7. 95 Version: 1.7.10 6 6 Description: Two-factor authentication (2FA) with the SecSign ID. The SecSign plugin allows a user to login using his SecSign ID and his smartphone. 7 7 Author: SecSign Technologies Inc. … … 108 108 var apiurl = secsignPluginPath + "jsApi/signin-bridge.php"; 109 109 var errormsg = "Your login session has expired, was canceled, or was denied."; 110 var novalidsecsignid = "Given SecSign ID contains illegal characters." 110 111 var noresponse = "The authentication server sent no response or you are not connected to the internet."; 111 112 var nosecsignid = "Invalid SecSignID.";
Note: See TracChangeset
for help on using the changeset viewer.