Changeset 2052662
- Timestamp:
- 03/18/2019 01:23:23 PM (7 years ago)
- Location:
- secsign/trunk
- Files:
-
- 4 edited
-
jsApi/SecSignIDApi.js (modified) (1 diff)
-
jsApi/phpApi/SecSignIDApi.php (modified) (38 diffs)
-
readme.txt (modified) (3 diffs)
-
secsignid_login.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
secsign/trunk/jsApi/SecSignIDApi.js
r1892046 r2052662 20 20 referer : 'SecSignIDApi_JS', 21 21 pluginname : 'SecSignIDApi_JS', 22 version : "1. 37",22 version : "1.40", 23 23 optionalparams : null 24 24 }; -
secsign/trunk/jsApi/phpApi/SecSignIDApi.php
r1892046 r2052662 1 1 <?php 2 2 3 3 // 4 4 // SecSign ID Api in php. 5 5 // 6 // (c) 2014-201 7SecSign Technologies Inc.6 // (c) 2014-2019 SecSign Technologies Inc. 7 7 // 8 9 define("SCRIPT_VERSION", '1.4 6');10 11 8 9 define("SCRIPT_VERSION", '1.48'); 10 11 12 12 /* 13 13 * PHP class to connect to a secsign id server. the class will check secsign id server certificate and request for authentication session generation for a given … … 24 24 private $secSignIDServer_fallback = NULL; 25 25 private $secSignIDServerPort_fallback = NULL; 26 26 27 27 // numeric script version. 28 28 private $scriptVersion = 0; 29 29 private $referer = NULL; 30 30 private $logger = NULL; 31 31 32 32 private $pluginName = NULL; 33 private $showAccesspass = NULL; 33 34 private $lastResponse = NULL; 34 35 35 36 36 37 /* 37 38 * Constructor … … 44 45 $this->secSignIDServer_fallback = (string) "https://httpapi2.secsign.com"; 45 46 $this->secSignIDServerPort_fallback = (int) 443; 46 47 47 48 // script version from cvs revision string 48 49 $this->scriptVersion = SCRIPT_VERSION; 49 50 // use a constant string rather than using the __CLASS__ definition 50 51 // use a constant string rather than using the __CLASS__ definition 51 52 // because this could cause problems when the class is in a submodule 52 53 $this->referer = "SecSignIDApi_PHP"; 53 54 } 54 55 55 56 /* 56 57 * Destructor … … 63 64 $this->secSignIDServerPort_fallback = NULL; 64 65 $this->pluginName = NULL; 65 $this->scriptVersion = NULL; 66 $this->showAccesspass = NULL; 67 $this->scriptVersion = NULL; 66 68 $this->logger = NULL; 67 69 } 68 70 69 71 /** 70 72 * Function to check whether curl is available … … 75 77 return false; 76 78 } 77 79 78 80 if(! function_exists("curl_exec")){ 79 81 return false; 80 82 } 81 83 82 84 if(! is_callable("curl_init", true, $callable_name)){ 83 85 return false; 84 86 } 85 87 86 88 if(! is_callable("curl_exec", true, $callable_name)){ 87 89 return false; 88 90 } 89 91 90 92 return true; 91 93 } 92 94 93 95 /* 94 96 * Sets a function which is used as a logger … … 96 98 function setLogger($logger) 97 99 { 98 if($logger != NULL && isset($logger) && is_callable($logger)== TRUE){100 if($logger !== NULL && isset($logger) && is_callable($logger) === TRUE){ 99 101 $this->logger = $logger; 100 102 } 101 103 } 102 104 103 105 /* 104 106 * logs a message if logger instance is not NULL … … 106 108 private function log($message) 107 109 { 108 if($this->logger != NULL){110 if($this->logger !== NULL){ 109 111 $logMessage = __CLASS__ . " (v" . $this->scriptVersion . "): " . $message; 110 112 call_user_func($this->logger, $logMessage); 111 113 } 112 114 } 113 115 114 116 /* 115 117 * Sets an optional plugin name … … 119 121 $this->pluginName = $pluginName; 120 122 } 121 123 124 /* 125 * Sets an optional parameter to determine if the accesspass should be used 126 */ 127 function setShowAccesspass($showAccesspass) 128 { 129 $this->showAccesspass = $showAccesspass; 130 } 131 122 132 /* 123 133 * Gets last response … … 127 137 return $this->lastResponse; 128 138 } 129 130 139 140 131 141 /* 132 142 * Send query to secsign id server to create an authentication session for a certain secsign id. This method returns the authentication session itself. … … 135 145 { 136 146 $this->log("Call of function 'requestAuthSession'."); 137 147 138 148 if(empty($servicename)){ 139 149 $this->log("Parameter \$servicename must not be null."); 140 150 throw new Exception("Parameter \$servicename must not be null."); 141 151 } 142 152 143 153 if(empty($serviceadress)){ 144 154 $this->log("Parameter \$serviceadress must not be null."); 145 155 throw new Exception("Parameter \$serviceadress must not be null."); 146 156 } 147 157 148 158 if(empty($secsignid)){ 149 159 $this->log("Parameter \$secsignid must not be null."); … … 153 163 // secsign id is always key insensitive. comvert to lower case and trim whitespace 154 164 $secsignid = trim(strtolower($secsignid)); 155 165 156 166 // check again. probably just spacess which will ne empty after trim() 157 167 if(empty($secsignid)){ … … 164 174 'servicename' => $servicename, 165 175 'serviceaddress' => $serviceadress); 166 167 if($this->pluginName != NULL){176 177 if($this->pluginName !== NULL){ 168 178 $requestParameter['pluginname'] = $this->pluginName; 169 179 } 170 180 181 if($this->showAccesspass !== NULL){ 182 $requestParameter['showaccesspass'] = $this->showAccesspass; 183 } 184 171 185 $response = $this->send($requestParameter, NULL); 172 186 173 187 $authSession = new AuthSession(); 174 188 $authSession->CreateAuthSessionFromArray($response); 175 189 176 190 return $authSession; 177 191 } 178 179 192 193 180 194 /* 181 195 * Gets the authentication session state for a certain secsign id whether the authentication session is still pending or it was accepted or denied. … … 184 198 { 185 199 $this->log("Call of function 'getAuthSessionState'."); 186 187 if($authSession == NULL || !($authSession instanceof AuthSession)){200 201 if($authSession === NULL || !($authSession instanceof AuthSession)){ 188 202 $message = "Parameter \$authSession is not an instance of AuthSession. get_class(\$authSession)=" . get_class($authSession); 189 203 $this->log($message); 190 204 throw new Exception($message); 191 205 } 192 206 193 207 $requestParameter = array('request' => 'ReqGetAuthSessionState'); 194 208 $response = $this->send($requestParameter, $authSession); 195 209 196 210 return $response['authsessionstate']; 197 211 } 198 199 212 213 200 214 /* 201 215 * Cancel the given auth session. … … 204 218 { 205 219 $this->log("Call of function 'cancelAuthSession'."); 206 207 if($authSession == NULL || !($authSession instanceof AuthSession)){220 221 if($authSession === NULL || !($authSession instanceof AuthSession)){ 208 222 $message = "Parameter \$authSession is not an instance of AuthSession. get_class(\$authSession)=" . get_class($authSession); 209 223 $this->log($message); 210 224 throw new Exception($message); 211 } 212 225 } 226 213 227 $requestParameter = array('request' => 'ReqCancelAuthSession'); 214 228 $response = $this->send($requestParameter, $authSession); 215 229 216 230 return $response['authsessionstate']; 217 231 } 218 232 219 233 /* 220 234 * build an array with all parameters which has to be send to server … … 224 238 //$mandatoryParams = array('apimethod' => $this->referer, 'scriptversion' => $this->scriptVersion); 225 239 $mandatoryParams = array('apimethod' => $this->referer); 226 240 227 241 if(isset($authSession)) 228 242 { … … 231 245 'authsessionid' => $authSession->getAuthSessionID(), 232 246 'requestid' => $authSession->getRequestID()); 233 247 234 248 $mandatoryParams = array_merge($mandatoryParams, $authSessionData); 235 249 } 236 250 return array_merge($mandatoryParams, $parameter); 237 251 } 238 239 252 253 240 254 /* 241 255 * sends given parameters to secsign id server and wait given amount … … 243 257 */ 244 258 function send($parameter, $authSession) 245 { 259 { 246 260 $requestQuery = http_build_query($this->buildParameterArray($parameter, $authSession), '', '&'); 247 261 $timeout_in_seconds = 15; 248 262 249 263 // create cURL resource 250 264 $ch = $this->getCURLHandle($this->secSignIDServer, $this->secSignIDServerPort, $requestQuery, $timeout_in_seconds); 251 265 $this->log("curl_init: " . $ch); 252 266 253 267 // $output contains the output string 254 268 $this->log("cURL curl_exec sent params: " . $requestQuery); 255 269 $output = curl_exec($ch); 256 if ($output === false) 270 if ($output === false) 257 271 { 258 272 $this->log("curl_error: " . curl_error($ch)); … … 262 276 $this->log("curl_close: " . $ch); 263 277 curl_close($ch); 264 278 265 279 // check if output is NULL. in that case the secsign id might not have been reached. 266 if($output == NULL)280 if($output === NULL) 267 281 { 268 282 $this->log("curl: output is NULL. Server " . $this->secSignIDServer . ":" . $this->secSignIDServerPort . " has not been reached."); 269 270 if($this->secSignIDServer_fallback != NULL)283 284 if($this->secSignIDServer_fallback !== NULL) 271 285 { 272 286 $this->log("curl: get new handle from fallback server."); 273 287 $ch = $this->getCURLHandle($this->secSignIDServer_fallback, $this->secSignIDServerPort_fallback, $requestQuery, $timeout_in_seconds); 274 288 $this->log("curl_init: " . $ch . " connecting to " . curl_getinfo($ch, CURLINFO_EFFECTIVE_URL)); 275 289 276 290 // $output contains the output string 277 291 $output = curl_exec($ch); 278 if($output == NULL)292 if($output === NULL) 279 293 { 280 294 $this->log("output is NULL. Fallback server " . $this->secSignIDServer_fallback . ":" . $this->secSignIDServerPort_fallback . " has not been reached."); … … 282 296 throw new Exception("curl_exec error: can't connect to Server - " . curl_error($ch)); 283 297 } 284 298 285 299 // close curl resource to free up system resources 286 300 $this->log("curl_close: " . $ch); 287 301 curl_close($ch); 288 289 } 290 else 302 303 } 304 else 291 305 { 292 306 $this->log("curl: no fallback server has been specified."); 293 307 } 294 308 } 295 $this->log("curl_exec response: " . ($output == NULL ? "NULL" : $output));309 $this->log("curl_exec response: " . ($output === NULL ? "NULL" : $output)); 296 310 $this->lastResponse = $output; 297 311 298 312 return $this->checkResponse($output, TRUE); // will throw an exception in case of an error 299 313 } 300 301 314 315 302 316 /* 303 317 * checks the secsign id server response string … … 313 327 } 314 328 } 315 329 316 330 $responseArray = array(); 317 331 318 332 // server send parameter strings like: 319 333 // var1=value1&var2=value2&var3=value3&... … … 322 336 { 323 337 $exploded = explode("=", $pair, 2); 324 if (count($exploded) == 2)338 if (count($exploded) === 2) 325 339 { 326 340 list($key, $value) = $exploded; … … 328 342 } 329 343 } 330 344 331 345 // check if server send a parameter named 'error' 332 346 if(isset($responseArray['error'])) … … 340 354 return $responseArray; 341 355 } 342 343 356 357 344 358 /* 345 359 * Gets a cURL resource handle. … … 349 363 // create cURL resource 350 364 $ch = curl_init(); 351 365 352 366 // set url 353 367 curl_setopt($ch, CURLOPT_URL, $server); … … 355 369 curl_setopt($ch, CURLOPT_PORT, $port); 356 370 //curl_setopt($ch, CURLOPT_SSLVERSION, 3); 357 371 358 372 //return the transfer as a string 359 373 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 360 curl_setopt($ch, CURLOPT_HEADER, 0); // value 0 will strip header information in response 361 374 curl_setopt($ch, CURLOPT_HEADER, 0); // value 0 will strip header information in response 375 362 376 // set connection timeout 363 377 curl_setopt($ch, CURLOPT_TIMEOUT, $timeout_in_seconds); 364 378 curl_setopt($ch, CURLOPT_FRESH_CONNECT, 1); 365 379 366 380 // make sure the common name of the certificate's subject matches the server's host name 367 381 curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); 368 382 369 383 // validate the certificate chain of the server 370 384 curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); 371 385 372 386 //The CA certificates 373 387 curl_setopt($ch, CURLOPT_CAINFO, realpath(dirname(__FILE__)) .'/curl-ca-bundle.crt'); 374 388 375 389 // add referer 376 curl_setopt($ch, CURLOPT_REFERER, $this->referer); 377 390 curl_setopt($ch, CURLOPT_REFERER, $this->referer); 391 378 392 // add all parameter and change request mode to POST 379 393 curl_setopt($ch, CURLOPT_POST, 2); 380 394 curl_setopt($ch, CURLOPT_POSTFIELDS, $parameter); 381 395 382 396 return $ch; 383 397 } … … 394 408 { 395 409 /* 396 * No State: Used when the session state is undefined. 410 * No State: Used when the session state is undefined. 397 411 */ 398 412 const NOSTATE = 0; 399 413 400 414 /* 401 415 * Pending: The session is still pending for authentication. 402 416 */ 403 417 const PENDING = 1; 404 418 405 419 /* 406 420 * Expired: The authentication timeout has been exceeded. 407 421 */ 408 422 const EXPIRED = 2; 409 423 410 424 /* 411 425 * Authenticated: The user was successfully authenticated. 412 426 */ 413 427 const AUTHENTICATED = 3; 414 428 415 429 /* 416 430 * Denied: The user denied this session. 417 431 */ 418 432 const DENIED = 4; 419 433 420 434 /* 421 435 * Suspended: The server suspended this session, because another authentication request was received while this session was still pending. 422 436 */ 423 437 const SUSPENDED = 5; 424 438 425 439 /* 426 440 * Canceled: The service has canceled this session. 427 441 */ 428 442 const CANCELED = 6; 429 443 430 444 /* 431 445 * Fetched: The device has already fetched the session, but the session hasn't been authenticated or denied yet. 432 446 */ 433 447 const FETCHED = 7; 434 448 435 449 /* 436 450 * Invalid: This session has become invalid. 437 451 */ 438 452 const INVALID = 8; 439 440 441 /* 453 454 455 /* 442 456 * the secsign id the authentication session has been craeted for 443 457 */ 444 458 private $secSignID = NULL; 445 459 446 460 /* 447 461 * authentication session id 448 462 */ 449 463 private $authSessionID = NULL; 450 464 451 465 /* 452 466 * the name of the requesting service. this will be shown at the smartphone 453 467 */ 454 468 private $requestingServiceName = NULL; 455 469 456 470 /* 457 471 * the address, a valid url, of the requesting service. this will be shown at the smartphone 458 472 */ 459 473 private $requestingServiceAddress = NULL; 460 461 /* 462 * the request ID is similar to a server side session ID. 474 475 /* 476 * the request ID is similar to a server side session ID. 463 477 * it is generated after a authentication session has been created. all other request like dispose, withdraw or to get the auth session state 464 478 * will be rejected if a request id is not specified. 465 479 */ 466 480 private $requestID = NULL; 467 481 468 482 /* 469 483 * icon data of the so called access pass. the image data needs to be displayed otherwise the user does not know which access apss he needs to choose in order to accept the authentication session. 470 484 */ 471 485 private $authSessionIconData = NULL; 472 473 486 487 474 488 /* 475 489 * Getter for secsign id … … 479 493 return $this->secSignID; 480 494 } 481 495 482 496 /* 483 497 * Getter for auth session id … … 487 501 return $this->authSessionID; 488 502 } 489 503 490 504 /* 491 505 * Getter for auth session requesting service … … 495 509 return $this->requestingServiceName; 496 510 } 497 511 498 512 /* 499 513 * Getter for auth session requesting service … … 503 517 return $this->requestingServiceAddress; 504 518 } 505 519 506 520 /* 507 521 * Getter for request id … … 511 525 return $this->requestID; 512 526 } 513 527 514 528 /* 515 529 * Getter for icon data which needs to be display … … 519 533 return $this->authSessionIconData; 520 534 } 521 535 522 536 /* 523 537 * method to get string representation of this authentication session object … … 527 541 return $this->authSessionID . " (" . $this->secSignID . ", " . $this->requestingServiceAddress . ", icondata=" . $this->authSessionIconData . ")"; 528 542 } 529 543 530 544 /* 531 545 * builds an url parameter string like key1=value1&key2=value2&foo=bar … … 540 554 'requestid' => $this->requestID); 541 555 } 542 543 556 557 544 558 /* 545 559 * Creates/Fills the auth session obejct using the given array. The array must use secsignid, auth session id etc as keys. … … 550 564 throw new Exception("Parameter array is NULL."); 551 565 } 552 566 553 567 if(! is_array($array)){ 554 568 throw new Exception("Parameter array is not an array. (array=" . $array . ")"); … … 571 585 throw new Exception("Parameter array does not contain a value 'requestid'."); 572 586 } 573 587 574 588 $this->secSignID = $array['secsignid']; 575 589 $this->authSessionID = $array['authsessionid']; … … 577 591 $this->requestingServiceAddress = $array['serviceaddress']; 578 592 $this->requestID = $array['requestid']; 579 593 580 594 // everything else must exist 581 595 if(isset($array['authsessionicondata'])){ … … 584 598 } 585 599 } 586 600 587 601 ?> -
secsign/trunk/readme.txt
r1981260 r2052662 3 3 Tags: two-factor authentication, two-factor, authentication, 2 factor authentication, login, sign in, single sign-on, challenge response, rsa, password, mobile, iphone, android, security, authenticator, authenticate, two step authentication, 2fa, tfa 4 4 Requires at least: 3.0.1 5 Tested up to: 4.9.85 Tested up to: 5.1.1 6 6 Stable tag: trunk 7 7 License: GPLv2 or later … … 144 144 4. The SecSign ID WordPress Plugin is now deactivated. Click on "Plugins" in the main menu, look for "SecSign" and activate it. 145 145 5. Adjust options in the SecSign ID settings. 146 147 = I get the error: The authentication server sent no response or you are not connected to the internet. 148 149 The plugin needs to make a connection to https://httpapi.secsign.com to work correctly. This error means it can't connect to our server. There are some possible reasons for this: 150 151 1. Please check if you have a firewall or router that might block the connection to httpapi.secsign.com on port 443. 152 2. Please check that the curl packet (http://php.net/manual/de/book.curl.php) is installed in your PHP installation. If this is not the case you should see a curl error about this in your webserver logs. 153 3. Please check if you have another wordpress plugin which might block the connection to our server. There are several wordpress security plugins doing this. 154 155 If you can't find the reason please contact our support at support@secsign.com 146 156 147 157 == Screenshots == … … 160 170 == Changelog == 161 171 172 = 1.7.16 = 173 * Added new PHP API 174 * Added new JS API 175 * Added new FAQ entry for connection problems 176 * Tested WP compatibility for Wordpress 5.1.1 177 178 Note: Due to changes at the javascript files, please flush the page cache or any other cache you are using to have the updated files within the browser. 179 162 180 = 1.7.15 = 163 181 * Removed WP_DEBUG Notices -
secsign/trunk/secsignid_login.php
r1981260 r2052662 3 3 Plugin Name: SecSign 4 4 Plugin URI: https://www.secsign.com/wordpress-tutorial/ 5 Version: 1.7.1 55 Version: 1.7.16 6 6 Description: Two-factor authentication (2FA) with the SecSign ID. The SecSign plugin allows a user to login using his SecSign ID and his smartphone. 7 7 Author: SecSign Technologies Inc.
Note: See TracChangeset
for help on using the changeset viewer.