Changeset 1486368
- Timestamp:
- 08/30/2016 12:38:00 PM (10 years ago)
- Location:
- secsign/trunk
- Files:
-
- 10 edited
-
images/index.php (modified) (1 diff)
-
index.php (modified) (1 diff)
-
jsApi/SecSignIDApi.js (modified) (11 diffs)
-
jsApi/index.php (modified) (1 diff)
-
jsApi/phpApi/index.php (modified) (1 diff)
-
readme.txt (modified) (2 diffs)
-
secsignfunctions.js (modified) (5 diffs)
-
secsignid_layout.css (modified) (1 diff)
-
secsignid_login.php (modified) (4 diffs)
-
secsignid_login_admin.php (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
secsign/trunk/images/index.php
r1390218 r1486368 1 1 <?php 2 # Silence is golden. 2 // Silence is golden. 3 ?> -
secsign/trunk/index.php
r1390218 r1486368 1 1 <?php 2 # Silence is golden. 2 // Silence is golden. 3 ?> -
secsign/trunk/jsApi/SecSignIDApi.js
r1405425 r1486368 1 1 /*! 2 * (c) 2014, 2015 SecSign Technologies Inc.2 * (c) 2014, 2015, 2016 SecSign Technologies Inc. 3 3 */ 4 4 5 5 6 6 /** 7 * Javascript class to connect to a secsign id server. The class will check secsign id server certificate and request for an authentication session for a given 8 * user id which is called secsign id. 7 * Javascript class to connect to a secsign id server. 8 * The class will check secsign id server certificate and 9 * request for an authentication session for a given user id which is called secsign id. 9 10 * Each authentication session generation needs a new instance of this class. 10 11 * … … 19 20 referer : 'SecSignIDApi_JS', 20 21 pluginname : 'SecSignIDApi_JS', 21 version : "1.3 2",22 version : "1.34", 22 23 optionalparams : null 23 24 }; … … 37 38 // Send query to secsign id server to create an authentication session for a certain secsign id. 38 39 // 39 SecSignIDApi.prototype.requestAuthSession = function(secsignid, servicename, serviceaddress, timezone, callbackFunction) { 40 if(!secsignid){ 40 SecSignIDApi.prototype.requestAuthSession = function(options) { 41 42 if(!options){ 43 throw new Error("No options given to request authentication session."); 44 } 45 46 /* 47 options = { 48 secsignid : "titus", 49 servicename : "SecSign Portal", 50 serviceaddress : "https://portal.secsign.com", 51 callbackFunction : function(){ 52 ... 53 } 54 } 55 */ 56 57 if(!options.secsignid){ 41 58 throw new Error("SecSign ID is null."); 42 59 } 43 if(! servicename){60 if(!options.servicename){ 44 61 throw new Error("Servicename is null."); 45 62 } 46 if(! serviceaddress){63 if(!options.serviceaddress){ 47 64 throw new Error("Serviceaddress is null."); 48 65 } 49 66 50 67 // ensure that the secsign id is lower case 51 secsignid = secsignid.toLowerCase().trim(); 68 secsignid = options.secsignid.toLowerCase().trim(); 69 70 // check again. probably just spacess which will ne empty after trim() 71 if(!options.secsignid){ 72 throw new Error("SecSign ID is null."); 73 } 52 74 53 75 // ensure that service name is not to long... 54 if( servicename.length > 255){55 servicename =servicename.substr(0, 255);76 if(options.servicename.length > 255){ 77 options.servicename = options.servicename.substr(0, 255); 56 78 } 57 79 58 80 // ensure that service address is not to long... 59 81 // e.g. http://localhost/secsign/newjoomlaupdates/administrator/index.php?option=com_config&view=component&component=com_secsignid&path=&return=aHR0cDovL2xvY2FsaG9zdC9zZWNzaWduL25ld2pvb21sYXVwZGF0ZXMvYWRtaW5pc3RyYXRvci9pbmRleC5waHA%2Fb3B0aW9uPWNvbV9zZWNzaWduaWQ%3D 60 if(serviceaddress.length > 255){ 61 serviceaddress = serviceaddress.substr(0, 255); 62 } 63 64 // check again. probably just spacess which will ne empty after trim() 65 if(!secsignid){ 66 throw new Error("SecSign ID is null."); 82 if(options.serviceaddress.length > 255){ 83 options.serviceaddress = options.serviceaddress.substr(0, 255); 67 84 } 68 85 69 86 var requestParameter = { 70 87 'request' : 'ReqRequestAuthSession', 71 'secsignid' : secsignid, 72 'servicename' : servicename, 73 'serviceaddress' : serviceaddress 74 }; 88 'secsignid' : options.secsignid, 89 'servicename' : options.servicename, 90 'serviceaddress' : options.serviceaddress 91 }; 92 93 if(options.showaccesspass != undefined){ 94 requestParameter['showaccesspass'] = options.showaccesspass === true ? "true" : "false"; 95 } 75 96 76 97 if(this.pluginname){ … … 78 99 } 79 100 80 if(timezone){ 81 requestParameter['timezone'] = timezone; 82 } 83 return this.sendRequest(requestParameter, callbackFunction); 101 return this.sendRequest(requestParameter, options.callbackFunction); 84 102 }; 85 103 … … 88 106 // Gets the authentication session state for a certain secsign id whether the authentication session is still pending or it was accepted or denied. 89 107 // 90 SecSignIDApi.prototype.getAuthSessionState = function(secsignid, requestId, authsessionId, callbackFunction) { 91 92 // ensure that the secsign id is lower case 93 secsignid = secsignid.toLowerCase(); 108 SecSignIDApi.prototype.getAuthSessionState = function(options) { 109 110 if(!options){ 111 throw new Error("No options given to get authentication session state."); 112 } 113 114 /* 115 options = { 116 secsignid : "titus", 117 requestid : "98723408097328623947235", 118 authsessionid : "-872346324", 119 callbackFunction : function(){ 120 ... 121 } 122 } 123 */ 94 124 95 125 var requestParameter = { 96 126 'request' : 'ReqGetAuthSessionState', 97 'secsignid' : secsignid,98 'authsessionid' : authsessionId,99 'requestid' : requestId100 }; 101 return this.sendRequest(requestParameter, callbackFunction);127 'secsignid' : options.secsignid.toLowerCase(), // ensure that the secsign id is lower case 128 'authsessionid' : options.authsessionid, 129 'requestid' : options.requestid 130 }; 131 return this.sendRequest(requestParameter, options.callbackFunction); 102 132 }; 103 133 … … 106 136 // Cancel the given auth session. 107 137 // 108 SecSignIDApi.prototype.cancelAuthSession = function(secsignid, requestId, authsessionId, callbackFunction) { 109 // ensure that the secsign id is lower case 110 secsignid = secsignid.toLowerCase(); 111 138 SecSignIDApi.prototype.cancelAuthSession = function(options) { 139 140 if(!options){ 141 throw new Error("No options given to cancel authentication session."); 142 } 143 144 /* 145 options = { 146 secsignid : "titus", 147 requestid : "98723408097328623947235", 148 authsessionid : "-872346324", 149 callbackFunction : function(){ 150 ... 151 } 152 } 153 */ 154 112 155 var requestParameter = { 113 156 'request' : 'ReqCancelAuthSession', 114 'secsignid' : secsignid,115 'authsessionid' : authsessionId,116 'requestid' : requestId117 }; 118 return this.sendRequest(requestParameter, callbackFunction);157 'secsignid' : options.secsignid.toLowerCase(), // ensure that the secsign id is lower case 158 'authsessionid' : options.authsessionid, 159 'requestid' : options.requestid 160 }; 161 return this.sendRequest(requestParameter, options.callbackFunction); 119 162 }; 120 163 … … 123 166 // Releases an authentication session if it was accepted and not used any longer 124 167 // 125 SecSignIDApi.prototype.releaseAuthSession = function(secsignid, requestId, authsessionId, callbackFunction) { 126 // ensure that the secsign id is lower case 127 secsignid = secsignid.toLowerCase(); 128 168 SecSignIDApi.prototype.releaseAuthSession = function(options) { 169 170 if(!options){ 171 throw new Error("No options given to release authentication session."); 172 } 173 174 /* 175 options = { 176 secsignid : "titus", 177 requestid : "98723408097328623947235", 178 authsessionid : "-872346324", 179 callbackFunction : function(){ 180 ... 181 } 182 } 183 */ 184 129 185 var requestParameter = { 130 186 'request' : 'ReqReleaseAuthSession', 131 'secsignid' : secsignid,132 'authsessionid' : authsessionId,133 'requestid' : requestId134 }; 135 return this.sendRequest(requestParameter, callbackFunction);187 'secsignid' : options.secsignid.toLowerCase(), // ensure that the secsign id is lower case 188 'authsessionid' : options.authsessionid, 189 'requestid' : options.requestid 190 }; 191 return this.sendRequest(requestParameter, options.callbackFunction); 136 192 }; 137 193 … … 190 246 return this; 191 247 }; 192 193 248 194 249 // … … 233 288 }; 234 289 235 236 290 // 237 291 // several check methods 238 292 // 239 293 240 / **241 *Checks whether a secsign id meets some requirements242 */294 // 295 // Checks whether a secsign id meets some requirements 296 // 243 297 SecSignIDApi.checkSecSignId = function(secSignIdString){ 244 298 // illegal characters are e.g. #+*?!%$&(){}[]: … … 248 302 return secSignIdCheckResult; 249 303 }; 304 305 250 306 251 307 /** … … 256 312 function AuthSession(){ 257 313 } 258 259 314 260 315 // override toString method -
secsign/trunk/jsApi/index.php
r1390218 r1486368 1 1 <?php 2 # Silence is golden. 2 // Silence is golden. 3 ?> -
secsign/trunk/jsApi/phpApi/index.php
r1390218 r1486368 1 1 <?php 2 # Silence is golden. 2 // Silence is golden. 3 ?> -
secsign/trunk/readme.txt
r1405425 r1486368 3 3 Tags: two-factor authentication, two-factor, authentication, 2 factor authentication, login, sign in, single sign-on, challenge response, rsa, password, mobile, iphone, android, security, authenticator, authenticate, two step authentication, 2fa, tfa 4 4 Requires at least: 3.0.1 5 Tested up to: 4. 5.15 Tested up to: 4.6 6 6 Stable tag: trunk 7 7 License: GPLv2 or later … … 160 160 == Changelog == 161 161 162 = 1.7.11 = 163 * New version of [SecSignIDApi.js](https://github.com/SecSign/secsign-js-api) 164 * Accepted authentication sessions are handled by server. No need to release them manually 165 * Minor CSS changes 166 * Tested WP compatibility for Wordpress 4.6 167 168 Note: Due to changes at the javascript files, please flush the page cache or any other cache you are using to have the updated files within the browser. 169 162 170 = 1.7.10 = 163 171 * Show server errors to user rather than a nondescriptive default error message. -
secsign/trunk/secsignfunctions.js
r1405425 r1486368 175 175 176 176 function checkSecSignIdAuthSessionState() { 177 var secSignIDApi = new SecSignIDApi({posturl: apiurl}); 178 secSignIDApi.getAuthSessionState( 179 jQuery("input[name='secsigniduserid']").val(), 180 jQuery("input[name='secsignidrequestid']").val(), 181 jQuery("input[name='secsignidauthsessionid']").val(), 182 function(responseMap) { 177 new SecSignIDApi({posturl: apiurl}).getAuthSessionState({ 178 'secsignid' : jQuery("input[name='secsigniduserid']").val(), 179 'requestid' : jQuery("input[name='secsignidrequestid']").val(), 180 'authsessionid' : jQuery("input[name='secsignidauthsessionid']").val(), 181 'callbackFunction' : function(responseMap) { 183 182 if (responseMap) { 184 183 // check if response map contains error message or if authentication state could not be fetched from server. … … 256 255 257 256 // actually no need to cancel an already invalid session 258 // new SecSignIDApi({posturl: apiurl}).cancelAuthSession( secsignid, requestId, authsessionId);257 // new SecSignIDApi({posturl: apiurl}).cancelAuthSession({'secsignid' : secsignid, 'requestid' : requestId, 'authsessionid' : authsessionId}); 259 258 } 260 259 ); … … 262 261 } 263 262 } 264 );265 } 263 }); // end of api function getAuthSessionState 264 }; // end of function checkSecSignIdAuthSessionState 266 265 267 266 //Polling timeout … … 351 350 } 352 351 353 new SecSignIDApi({posturl: apiurl}).cancelAuthSession(secsignid, requestId, authsessionId, function(responseMap) { 354 // clear timeout 355 window.clearTimeout(checkSessionStateTimerId); 352 new SecSignIDApi({posturl: apiurl}).cancelAuthSession({'secsignid' : secsignid, 353 'requestid' : requestId, 354 'authsessionid' : authsessionId, 355 'callbackFunction' : function(responseMap) { 356 // clear timeout 357 window.clearTimeout(checkSessionStateTimerId); 358 } 356 359 }); 357 360 } … … 397 400 // request auth session 398 401 // to debug class object: alert(JSON.stringify(secSignIDApi)); 399 new SecSignIDApi({posturl: apiurl, pluginname: "wordpress"}).requestAuthSession(secsignid, title, url, '', function(responseMap) { 402 new SecSignIDApi({posturl: apiurl, pluginname: "wordpress"}).requestAuthSession({ 403 'secsignid' : secsignid, 404 'servicename' : title, 405 'serviceaddress' : url, 406 'callbackFunction' : function(responseMap) { 400 407 401 if ("errormsg" in responseMap) { 402 // error - back to login screen 403 showErrorOnLoginform(responseMap["errormsg"]) 404 } else { 405 if ("authsessionicondata" in responseMap && responseMap["authsessionicondata"] != '') { 406 // check whether cancel was pressed to fast? 407 if (cancelPressedBeforeAuthSessionRetrieved) { 408 // cancel this session straight away 409 // other possibility could be: switch back to access path view... 410 new SecSignIDApi({posturl: apiurl}).cancelAuthSession(responseMap["secsignid"], responseMap["requestid"], responseMap["authsessionid"]); 411 cancelPressedBeforeAuthSessionRetrieved = false; 412 return; 413 } 414 415 // no error so far. 416 // and the user did not cancel the session to fast 417 418 //fill hidden form 419 jQuery("input[name='secsigniduserid']").val(responseMap["secsignid"]); 420 jQuery("input[name='secsignidauthsessionid']").val(responseMap["authsessionid"]); 421 jQuery("input[name='secsignidrequestid']").val(responseMap["requestid"]); 422 jQuery("input[name='secsignidserviceaddress']").val(responseMap["serviceaddress"]); 423 jQuery("input[name='secsignidservicename']").val(responseMap["servicename"]); 424 425 //show Accesspass 426 jQuery("#secsignid-accesspass-img").fadeOut( 427 function () { 428 jQuery("#secsignid-accesspass-img").attr('src', 'data:image/png;base64,' + responseMap["authsessionicondata"]).fadeIn(); 429 } 430 ); 431 432 // activate polling. 433 checkSessionStateTimerId = window.setTimeout(checkSecSignIdAuthSessionState, timeUntilAuthSessionCheck); 434 435 } else { 436 // no response from server 437 showErrorOnLoginform(noresponse + " " + JSON.stringify(responseMap)); 438 } 439 } 408 if ("errormsg" in responseMap) { 409 // error - back to login screen 410 showErrorOnLoginform(responseMap["errormsg"]) 411 } else { 412 if ("authsessionicondata" in responseMap && responseMap["authsessionicondata"] != '') { 413 // check whether cancel was pressed to fast? 414 if (cancelPressedBeforeAuthSessionRetrieved) { 415 // cancel this session straight away 416 // other possibility could be: switch back to access path view... 417 new SecSignIDApi({posturl: apiurl}).cancelAuthSession({'secsignid' : responseMap["secsignid"], 418 'requestid' : responseMap["requestid"], 419 'authsessionid' : responseMap["authsessionid"]}); 420 cancelPressedBeforeAuthSessionRetrieved = false; 421 return; 422 } 423 424 // no error so far. 425 // and the user did not cancel the session to fast 426 427 //fill hidden form 428 jQuery("input[name='secsigniduserid']").val(responseMap["secsignid"]); 429 jQuery("input[name='secsignidauthsessionid']").val(responseMap["authsessionid"]); 430 jQuery("input[name='secsignidrequestid']").val(responseMap["requestid"]); 431 jQuery("input[name='secsignidserviceaddress']").val(responseMap["serviceaddress"]); 432 jQuery("input[name='secsignidservicename']").val(responseMap["servicename"]); 433 434 //show Accesspass 435 jQuery("#secsignid-accesspass-img").fadeOut( 436 function () { 437 jQuery("#secsignid-accesspass-img").attr('src', 'data:image/png;base64,' + responseMap["authsessionicondata"]).fadeIn(); 438 } 439 ); 440 441 // activate polling. 442 checkSessionStateTimerId = window.setTimeout(checkSecSignIdAuthSessionState, timeUntilAuthSessionCheck); 443 444 } else { 445 // no response from server 446 showErrorOnLoginform(noresponse + " " + JSON.stringify(responseMap)); 447 } 448 } 449 } // end of callback function 440 450 }); 441 451 } -
secsign/trunk/secsignid_layout.css
r1223760 r1486368 73 73 } 74 74 75 #secsignidplugin #login-secsignid { 76 text-align:center; 77 } 78 75 79 #secsignidplugin #login-pw, #secsignidplugin #login-user, #secsignidplugin #wp-username, #secsignidplugin #wp-password, #secsignidplugin #user_login, #secsignidplugin #user_pass { 76 80 background: none; -
secsign/trunk/secsignid_login.php
r1405425 r1486368 2 2 /* 3 3 Plugin Name: SecSign 4 Plugin URI: https://www.secsign.com/ add-it-to-your-website/5 Version: 1.7.1 04 Plugin URI: https://www.secsign.com/wordpress-tutorial/ 5 Version: 1.7.11 6 6 Description: Two-factor authentication (2FA) with the SecSign ID. The SecSign plugin allows a user to login using his SecSign ID and his smartphone. 7 7 Author: SecSign Technologies Inc. … … 101 101 $wp_site_url = get_site_url(); 102 102 echo '<script> 103 // Parameters103 // Parameters 104 104 var url = "' . $wp_site_url . '"; 105 var siteurl = "' . $wp_site_url . '";106 105 var title = "' . addslashes(get_option('secsignid_service_name')) . '"; 107 106 var secsignPluginPath = "' .addslashes($plugin_path) . '"; … … 117 116 url = location.href; 118 117 } 118 119 // now check that secsignPluginPath and url starts with current location href 120 // otherwise the url differs from the wordpress site url. In this case the browser will block javascript posts 121 // due to same domain policy 122 var parser = document.createElement("a"); 123 parser.href = url; 124 if(parser.hostname != location.hostname){ 125 //alert("The wordpress site url does not match current url in browser. A login cannot be done"); 126 } 127 128 parser.href = apiurl; 129 if(parser.hostname != location.hostname){ 130 //alert("The wordpress site url does not match current url in browser. A login cannot be done"); 131 } 132 119 133 if(!title) { 120 134 title = document.title; … … 826 840 //save to the session, that the secsign id was authenticated. This will later allow the assignment to/creation of a wordpress user 827 841 $_SESSION['authenticated'] = $_POST['secsigniduserid']; 828 829 // release authentication session. it is not used any more830 try {831 $secSignIDApi->releaseAuthSession($authsession);832 } catch(Exception $e){833 //do nothing if the authentication session cannot be released, proceed with user login834 }835 836 842 $user_to_login = get_wp_user($_POST['secsigniduserid']); 837 843 if ($user_to_login) { -
secsign/trunk/secsignid_login_admin.php
r1306089 r1486368 5 5 add_action('admin_init', 'secsignid_login_options_init'); 6 6 add_action('admin_menu', 'secsignid_login_options_add_page'); 7 8 7 add_action('delete_user', 'delete_user_secsignid_mapping'); // is called when a user is deleted 9 10 8 add_action('show_user_profile', 'add_secsignid_login_fields'); // is called if logged in user opens his own profile... 11 9 add_action('edit_user_profile', 'add_secsignid_login_fields'); // is called when admin edits a user profile... 12 13 10 add_action('user_profile_update_errors', 'check_secsignid_login_fields'); // called before a user is updated. when creating a new user this hook action is called too. http://adambrown.info/p/wp_hooks/hook/profile_update 14 15 11 add_action('profile_update', 'save_secsignid_login_fields'); // is called whenever a profile is updated. 16 12 … … 18 14 19 15 add_action('admin_notices', 'secsign_admin_notice'); 16 add_action('admin_enqueue_scripts', 'enqueue_secsign_admin_scripts'); 17 18 19 20 if (!(function_exists('enqueue_secsign_admin_scripts'))) { 21 /** 22 * Enqueue all js scripts 23 */ 24 function enqueue_secsign_admin_scripts() { 25 wp_register_script('SecSignIDApi', plugins_url('/jsApi/SecSignIDApi.js', __FILE__), array('jquery')); 26 wp_enqueue_script('SecSignIDApi'); 27 } 28 } 20 29 21 30 … … 321 330 } 322 331 323 if (!SecSignI dApi.checkSecSignId(value)) {332 if (!SecSignIDApi.checkSecSignId(value)) { 324 333 alert("SecSign ID for wordpress user '" + span.innerHTML + "' contains illegal characters."); 325 334 return false;
Note: See TracChangeset
for help on using the changeset viewer.