Changeset 1077585

Timestamp:

01/28/2015 02:48:39 PM (10 years ago)

Author:

rcdevs

Message:

Addes Support for OpenOTP v1.2 and FIDO U2F

Location:

openotp-authentication/trunk

Files:

• openotp.class.php (modified) (1 diff)
• openotp.js (modified) (5 diffs)
• openotp.php (modified) (10 diffs)
• openotp.wsdl (modified) (5 diffs)
• readme.txt (modified) (5 diffs)

openotp-authentication/trunk/openotp.class.php

@@ -212 +212 @@
     }
     
-    public function openOTPChallenge($username, $domain, $state, $password){
+    public function openOTPChallenge($username, $domain, $state, $password, $u2f){
         if (!$this->soapRequest()) return false;
-        $resp = $this->soap_client->openotpChallenge($username, $domain, $state, $password);
+        $resp = $this->soap_client->openotpChallenge($username, $domain, $state, $password, $u2f);
         
         return $resp;

openotp-authentication/trunk/openotp.js

@@ -32 +32 @@
     overlay.style.MozBoxShadow = '1px 1px 12px #555555';
     overlay.style.zIndex = "9999"; 
-    overlay.innerHTML = '<a style="position:absolute; top:-12px; right:-12px; background-color:transparent;" href="wp-login.php" title="close"><img src="'+otp_settings.openotp_path+'openotp_closebtn.png"/></a>'
+    oinnerHTML = '<a style="position:absolute; top:-12px; right:-12px; background-color:transparent;" href="wp-login.php" title="close"><img src="'+otp_settings.openotp_path+'openotp_closebtn.png"/></a>'
+    + '<style>'
+    + 'blink { -webkit-animation: blink 1s steps(5, start) infinite; -moz-animation:    blink 1s steps(5, start) infinite; -o-animation:      blink 1s steps(5, start) infinite; animation: blink 1s steps(5, start) infinite; }'
+    + ' @-webkit-keyframes blink { to { visibility: hidden; } }'
+    + '@-moz-keyframes blink { to { visibility: hidden; } }'
+    + '@-o-keyframes blink { to { visibility: hidden; } }'
+    + '@keyframes blink { to { visibility: hidden; } }'
+    + '</style>'    
     + '<div style="background-color:red; margin:0 -40px 0; height:4px; width:360px; padding:0;" id="count_red"><div style="background-color:orange; margin:0; height:4px; width:360px; padding:0;" id="div_orange"></div></div>'
-    + '<form style="margin:30px 0 0 0; padding:0; background:none; box-shadow:none;" action="wp-login.php" name="loginform" method="POST">'
+    + '<form style="margin:30px 0 0 0; padding:0; background:none; box-shadow:none;" action="wp-login.php" name="loginform1" id="openotpform" method="POST">'
     + '<input type="hidden" name="redirect_to" value="'+redirect_to+'">'
     + '<input type="hidden" name="testcookie" value="1">'
@@ -42 +49 @@
     + '<input type="hidden" name="openotp_username" value="'+otp_settings.openotp_username+'">'
     + '<input type="hidden" name="openotp_ldappw" value="'+otp_settings.openotp_ldappw+'">'
+    + '<input type="hidden" name="form_send" value="1">'
     + '<table width="100%">'
     + '<tr style="border:none;"><td style="text-align:center; font-weight:bold; font-size:14px; border:none;">'+otp_settings.openotp_message+'</td></tr>'
-    + '<tr style="border:none;"><td id="timout_cell" style="text-align:center; padding-top:4px; font-weight:bold; font-style:italic; font-size:11px; border:none;">Timeout: <span id="timeout">'+otp_settings.openotp_timeout+' seconds</span></td></tr>'
-    + '<tr style="border:none;"><td id="inputs_cell" style="text-align:center; padding-top:25px; border:none;"><input style="border:1px solid grey; background-color:white; margin-top:0; margin-bottom:0; padding:3px; vertical-align:middle; font-size:14px; width:auto;" type="text" size=15 name="openotp_password">&nbsp;'
-    + '<input style="vertical-align:middle; padding:0 10px;" name="submit" type="submit" value="Ok" class="button btn btn-primary"></td></tr>'
-    + '</table></form>';
+    + '<tr style="border:none;"><td id="timout_cell" style="text-align:center; padding-top:4px; font-weight:bold; font-style:italic; font-size:11px; border:none;">Timeout: <span id="timeout">'+otp_settings.openotp_timeout+' seconds</span></td></tr>';
+        
+    if( otp_settings.openotp_otpChallenge || ( !otp_settings.openotp_otpChallenge && !otp_settings.openotp_u2fChallenge ) ){
+    oinnerHTML += '<tr style="border:none;"><td id="inputs_cell" style="text-align:center; padding-top:25px; border:none;"><input style="border:1px solid grey; background-color:white; margin-top:0; margin-bottom:0; padding:3px; vertical-align:middle; font-size:14px; width:auto;" type="text" size=15 name="openotp_password">&nbsp;'
+        + '<input style="vertical-align:middle; padding:0 10px;" name="submit1" type="submit" value="Ok" class="button btn btn-primary"></td></tr>';
+    }
+    
+    if( otp_settings.openotp_u2fChallenge){
+        oinnerHTML += '<tr style=\"border:none;\"><td id=\"inputs_cell\" style=\"text-align:center; padding-top:5px; border:none;\"><input type=\"hidden\" name=\"openotp_u2f\" value=\"\">';
+        if( otp_settings.openotp_otpChallenge){
+            oinnerHTML += '<br/><b>U2F response</b> &nbsp; <blink id=\"u2f_activate\">[Activate Device]</blink></td></tr>';
+        } else {
+            oinnerHTML += '<img src=\"'+otp_settings.openotp_path+'/u2f.png\"><br><br><blink id=\"u2f_activate\">[Activate Device]</blink></td></tr>';
+        }
+    }
+        
+    oinnerHTML += '</table></form>';
+    overlay.innerHTML = oinnerHTML;
     
     document.body.appendChild(overlay_bg);    
@@ -54 +76 @@
 
 addOpenOTPDivs();
+
 
 /* Compute Timeout */   
@@ -66 +89 @@
     document.getElementById('div_orange').style.width=new_width+'px';
     
+    if( document.getElementById('openotp_password') ){
+        document.getElementById('openotp_password').focus();
+    }
+    
     if(c == 0 || c < 0) {
         c = 0;
@@ -75 +102 @@
 }
 count();
-var timer = setInterval(function() {count(); }, 1000);
+
+function getInternetExplorerVersion() {
+
+    var rv = -1;
+
+    if (navigator.appName == "Microsoft Internet Explorer") {
+        var ua = navigator.userAgent;
+        var re = new RegExp("MSIE ([0-9]{1,}[\.0-9]{0,})");
+        if (re.exec(ua) != null)
+            rv = parseFloat(RegExp.$1);
+    }
+    return rv;
+}
+
+var ver = getInternetExplorerVersion();
+
+if (navigator.appName == "Microsoft Internet Explorer"){
+    if (ver <= 10){
+        toggleItem = function(){
+            
+            var el = document.getElementsByTagName("blink")[0];
+            if (el.style.display === "block") {
+                el.style.display = "none";
+            } else {
+                el.style.display = "block";
+            }
+        }
+        var t = setInterval(function() {toggleItem; }, 1000);
+    }
+}
+
+var timer = setInterval(function() {count();  }, 1000);
+
+
+if( otp_settings.openotp_u2fChallenge){
+    if (typeof u2f !== 'object' || typeof u2f.sign !== 'function'){ var u2f_activate = document.getElementById('u2f_activate'); u2f_activate.innerHTML = '[Not Supported]'; u2f_activate.style.color='red'; }
+    else { u2f.sign([ JSON.parse(otp_settings.openotp_u2fChallenge)], 
+        function(response) {  
+            document.getElementsByName('openotp_u2f')[0].value = JSON.stringify(response); 
+            document.getElementById("openotpform").submit(); }, 
+            otp_settings.openotp_timeout
+        ); 
+    }
+}

openotp-authentication/trunk/openotp.php

@@ -5 +5 @@
  * Description: Add <a href="http://www.rcdevs.com/">OpenOTP</a> two-factor authentication to WordPress.
  * Author: RCDevs Inc
- * Version: 1.1.0
+ * Version: 1.2.0
  * Author URI: https://www.rcdevs.com
  * License: GPL2+
@@ -45 +45 @@
     private $username = null;
     private $password = null;
+    private $u2f = null;
+    private $u2fChallenge = null;
+    private $otpChallenge = null;
     private $rememberme = null;
     private $show_openotp_challenge = false;
@@ -109 +112 @@
 
         add_filter( 'plugin_action_links', array( $this, 'filter_plugin_action_links' ), 10, 2 );
-
+        
+        
         // Anything other than plugin configuration belongs in here.
         if ( $this->ready ) {
@@ -127 +131 @@
             // add Login Form Overlay
             add_action('login_enqueue_scripts', array( $this, 'openotp_AddJSToLogin' ));
-        }
-    }
+            
+        }
+    }
+
 
     /**
@@ -596 +602 @@
 
     
-    
+    public function js_inside_body() {
+        $c =  "<script src=\"chrome-extension://pfboblefjcgdjicmnffhdgionmgcdmne/u2f-api.js\" type=\"text/javascript\"></script>";
+        echo $c;
+    }
+        
     public function openotp_AddJSToLogin(){
         if($this->show_openotp_challenge){
+            $this->js_inside_body();
+            //wp_enqueue_script( 'u2f_api', '//chrome-extension://pfboblefjcgdjicmnffhdgionmgcdmne/u2f-api.js', array(), '3', true);
+            
             wp_enqueue_script( 'openotp_overlay', plugin_dir_url( __FILE__ ) . 'openotp.js',null,'',true);
             wp_localize_script( 'openotp_overlay', 'otp_settings', array(
@@ -606 +619 @@
                 'openotp_timeout' => $this->timeout,
                 'openotp_ldappw' => $this->password,
+                'openotp_u2fChallenge' => $this->u2fChallenge,
+                'openotp_otpChallenge' => $this->otpChallenge,
                 'openotp_path' => plugin_dir_url( __FILE__ ),
                 'openotp_domain' => $this->domain,
@@ -619 +634 @@
     public function authenticate_user( $user = '', $username = '', $password = '' ) {
         // Form not send
-        if( !isset( $_POST['wp-submit']) && !isset( $_POST['submit']) ) { 
+                
+       if( !isset( $_POST['wp-submit']) && !isset( $_POST['form_send']) ) { 
             return $user;
         }
@@ -625 +641 @@
         $this->username = isset($_POST['openotp_username']) && $_POST['openotp_username'] != NULL ? $_POST['openotp_username'] : $username;
         $this->password = isset($_POST['openotp_password']) && $_POST['openotp_password'] != NULL ? $_POST['openotp_password'] : $password;
+        $this->u2f = isset($_POST['openotp_u2f']) ? stripslashes($_POST['openotp_u2f']) : "";
+        
         $state = isset($_POST['openotp_state']) ? $_POST['openotp_state'] : "";
         $this->rememberme = isset($_POST['rememberme']) ? $_POST['rememberme'] : "";
@@ -666 +684 @@
         if ($state != NULL) {
             // OpenOTP Challenge
-            $resp = $this->openotp_auth->openOTPChallenge($this->username, $this->domain, $state, $this->password);
+            //echo $this->u2f; die;
+            $resp = $this->openotp_auth->openOTPChallenge($this->username, $this->domain, $state, $this->password, $this->u2f);
         } else {
             // OpenOTP Login
@@ -695 +714 @@
 
                 $resp['domain'] = $this->domain;
+                $this->u2fChallenge = $resp['u2fChallenge'];
+                $this->otpChallenge = $resp['otpChallenge'];
                 $this->show_openotp_challenge = true;
                 break;

openotp-authentication/trunk/openotp.wsdl

@@ -17 +17 @@
     <part name="source" type="xsd:string"/>
     <part name="settings" type="xsd:string"/>
+    <part name="options" type="xsd:string"/>
 </message>
 
@@ -27 +28 @@
     <part name="source" type="xsd:string"/>
     <part name="settings" type="xsd:string"/>
+    <part name="options" type="xsd:string"/>
 </message>
 
@@ -35 +37 @@
     <part name="data" type="xsd:string"/>
     <part name="timeout" type="xsd:integer"/>
+    <part name="otpChallenge" type="xsd:string"/>
+    <part name="u2fChallenge" type="xsd:string"/>
 </message>
 
@@ -42 +46 @@
     <part name="session" type="xsd:string"/>
     <part name="otpPassword" type="xsd:string"/>
+    <part name="u2fResponse" type="xsd:string"/>
 </message>
 
@@ -113 +118 @@
 <service name="openotpService">
    <port name="openotpPort" binding="tns:openotpBinding">
-      <soap:address location="http://localhost:8080/openotp/"/>
+      <soap:address location="%ADDRESS%"/>
    </port>
 </service>

openotp-authentication/trunk/readme.txt

@@ -4 +4 @@
 Donate link: http://rcdevs.com/
 Requires at least: 3.0
-Tested up to: 3.6.1
+Tested up to: 4.1
 Stable tag: trunk
 License: GPLv2 or later
@@ -12 +12 @@
 
 == Description ==
-This Plugin enables strong two factor authentication for admins and users. It displays an overlay on Challenge-Response session, after fill in username and password. The plugin supports global, per role and per user settings configuration. The plugin will transparently handle any OpenOTP Login Mode including, LDAP only, OTP only and LDAP+OTP.
 
 It is versatile, device-independent and based on opened security standards. 
@@ -40 +39 @@
 = Is OpenOTP's two-factor service really free? =
 
-Yes, OpenOTP is free up to 35 users, for more details please contact us.
+Yes, OpenOTP is free up to 40 users, for more details please contact us.
 
 == Screenshots ==
@@ -49 +48 @@
 
 == Changelog ==
+
+= 1.2.0 =
+- Added support for OpenOTP v1.2 and FIDO U2F authentication. 
 
 = 1.1.0 =
@@ -61 +63 @@
 == Upgrade Notice ==
 
+= 1.2.0 =
+- Added support for OpenOTP v1.2 and FIDO U2F authentication. 
+
 = 1.1.0 =
 Initial release!