author | Dan |
Sat, 16 May 2009 18:24:45 -0400 | |
changeset 22 | 9b8688df52d5 |
parent 16 | 3163b9f58ae8 |
child 27 | 647f0aa485dd |
permissions | -rw-r--r-- |
0 | 1 |
<?php |
2 |
/**!info** |
|
3 |
{ |
|
4 |
"Plugin Name" : "Yubikey authentication", |
|
5 |
"Plugin URI" : "http://enanocms.org/plugin/yubikey", |
|
6 |
"Description" : "Allows authentication to Enano via Yubico's Yubikey, a one-time password device.", |
|
7 |
"Author" : "Dan Fuhry", |
|
8 |
"Version" : "1.1.6", |
|
13 | 9 |
"Author URI" : "http://enanocms.org/", |
10 |
"Auth plugin" : true |
|
0 | 11 |
} |
12 |
**!*/ |
|
13 |
||
14 |
// Include files |
|
15 |
require( ENANO_ROOT . '/plugins/yubikey/corelib.php' ); |
|
16 |
require( ENANO_ROOT . '/plugins/yubikey/admincp.php' ); |
|
17 |
||
18 |
if ( getConfig('yubikey_enable', '1') == '1' ) |
|
19 |
{ |
|
20 |
require( ENANO_ROOT . '/plugins/yubikey/auth.php' ); |
|
21 |
require( ENANO_ROOT . '/plugins/yubikey/usercp.php' ); |
|
22 |
} |
|
23 |
||
24 |
// Install schema: MySQL |
|
25 |
/**!install dbms="mysql"; ** |
|
26 |
CREATE TABLE {{TABLE_PREFIX}}yubikey( |
|
27 |
yubi_id int(12) NOT NULL auto_increment, |
|
28 |
user_id mediumint(8) NOT NULL DEFAULT 1, |
|
29 |
yubi_uid char(12) NOT NULL DEFAULT '____________', |
|
30 |
PRIMARY KEY ( yubi_id ) |
|
31 |
) ENGINE `MyISAM` CHARACTER SET `utf8` COLLATE `utf8_bin`; |
|
32 |
||
33 |
ALTER TABLE {{TABLE_PREFIX}}users ADD COLUMN user_yubikey_flags smallint(3) NOT NULL DEFAULT 0; |
|
34 |
**!*/ |
|
35 |
||
36 |
// Install schema: PostgreSQL |
|
37 |
/**!install dbms="postgresql"; ** |
|
38 |
CREATE TABLE {{TABLE_PREFIX}}yubikey( |
|
39 |
yubi_id SERIAL, |
|
40 |
user_id int NOT NULL DEFAULT 1, |
|
41 |
yubi_uid char(12) NOT NULL DEFAULT '____________', |
|
42 |
PRIMARY KEY ( yubi_id ) |
|
43 |
); |
|
44 |
||
45 |
ALTER TABLE {{TABLE_PREFIX}}users ADD COLUMN user_yubikey_flags smallint NOT NULL DEFAULT 0; |
|
46 |
**!*/ |
|
47 |
||
48 |
// Uninstall schema |
|
49 |
/**!uninstall** |
|
50 |
DROP TABLE {{TABLE_PREFIX}}yubikey; |
|
1
86d41fd204a0
Typo! STOP -> DROP. See Spot run. Spot runs to the house. Spot licks Dick. Dick pets Spot.
Dan
parents:
0
diff
changeset
|
51 |
ALTER TABLE {{TABLE_PREFIX}}users DROP user_yubikey_flags; |
0 | 52 |
**!*/ |
53 |
||
54 |
/**!language** |
|
55 |
||
56 |
The following text up to the closing comment tag is JSON language data. |
|
57 |
It is not PHP code but your editor or IDE may highlight it as such. This |
|
58 |
data is imported when the plugin is loaded for the first time; it provides |
|
59 |
the strings displayed by this plugin's interface. |
|
60 |
||
61 |
You should copy and paste this block when you create your own plugins so |
|
62 |
that these comments and the basic structure of the language data is |
|
63 |
preserved. All language data is in the same format as the Enano core |
|
64 |
language files in the /language/* directories. See the Enano Localization |
|
65 |
Guide and Enano API Documentation for further information on the format of |
|
66 |
language files. |
|
67 |
||
68 |
The exception in plugin language file format is that multiple languages |
|
69 |
may be specified in the language block. This should be done by way of making |
|
70 |
the top-level elements each a JSON language object, with elements named |
|
71 |
according to the ISO-639-1 language they are representing. The path should be: |
|
72 |
||
73 |
root => language ID => categories array, ( strings object => category \ |
|
74 |
objects => strings ) |
|
75 |
||
76 |
All text leading up to first curly brace is stripped by the parser; using |
|
77 |
a code tag makes jEdit and other editors do automatic indentation and |
|
78 |
syntax highlighting on the language data. The use of the code tag is not |
|
79 |
necessary; it is only included as a tool for development. |
|
80 |
||
81 |
<code> |
|
82 |
{ |
|
83 |
// english |
|
84 |
eng: { |
|
85 |
categories: [ 'meta', 'yubiauth', 'yubiucp', 'yubiacp' ], |
|
86 |
strings: { |
|
87 |
meta: { |
|
88 |
yubiauth: 'Yubikey authentication messages', |
|
89 |
yubiucp: 'Yubikey user CP', |
|
90 |
yubiacp: 'Yubikey admin CP', |
|
91 |
}, |
|
92 |
yubiauth: { |
|
93 |
msg_please_touch_key: 'Please touch your Yubikey', |
|
94 |
msg_close_instructions: 'Press <tt>Esc</tt> to cancel', |
|
95 |
msg_invalid_chars: 'OTP contains invalid characters', |
|
8
032ca892b9a2
Added option to enroll Yubikey during registration + option in admin CP to require enrollment
Dan
parents:
5
diff
changeset
|
96 |
msg_too_long: 'OTP is too long', |
0 | 97 |
msg_validating_otp: 'Validating OTP...', |
98 |
msg_otp_valid: 'OTP validated', |
|
99 |
btn_enter_otp: 'Enter a Yubikey OTP', |
|
100 |
lbl_otp_field: 'Yubikey OTP:', |
|
101 |
||
102 |
ctl_btn_change_key: 'Change key', |
|
103 |
ctl_btn_clear: 'Clear', |
|
104 |
ctl_btn_enroll: 'Enroll', |
|
105 |
ctl_status_enrolled_pending: 'Enrolled (pending)', |
|
106 |
ctl_status_empty: 'Not enrolled', |
|
107 |
ctl_status_remove_pending: 'Removed (pending)', |
|
108 |
ctl_status_enrolled: 'Enrolled', |
|
109 |
||
110 |
err_invalid_otp: 'Your login was rejected because the Yubikey OTP you entered contains invalid characters.', |
|
111 |
err_invalid_auth_url: 'Login with Yubikey was rejected because the URL to the authentication server is not valid.', |
|
112 |
err_nothing_provided: 'You did not provide a Yubikey OTP or a username. One of these is required for login to work.', |
|
113 |
err_must_have_otp: 'Please provide a Yubikey OTP to log in to this account.', |
|
114 |
err_must_have_username: 'Please provide your username.', |
|
5 | 115 |
err_must_have_password: 'Please enter your password in addition to your username and Yubikey.', |
0 | 116 |
err_key_not_authorized: 'This Yubikey is not authorized on this site.', |
117 |
err_otp_invalid_chars: '%this.yubiauth_err_invalid_otp%', |
|
16 | 118 |
err_http_failed: 'Your OTP could not be validated because the authentication server could not be contacted. Technical error message: %http_error%', |
0 | 119 |
err_missing_api_key: 'Your OTP could not be validated because no Yubico API key is registered on this site.', |
120 |
err_http_response_error: 'Your OTP could not be validated because the Yubico authentication server reported an error.', |
|
121 |
err_malformed_response: 'Your OTP could not be validated because the Yubico authentication server returned an unexpected response.', |
|
10 | 122 |
err_timestamp_check_failed: 'Your OTP could not be validated because the timestamp of the response from the Yubico authentication server was out of bounds.', |
0 | 123 |
err_response_missing_sig: 'Your OTP could not be validated because the Yubico authentication server did not sign its response.', |
124 |
err_response_invalid_sig: 'Your OTP could not be validated because the signature of the authentication response was invalid.', |
|
125 |
err_response_missing_status: '%this.yubiauth_err_malformed_response%', |
|
126 |
err_response_ok: 'OTP is OK', |
|
127 |
err_response_bad_otp: 'Authentication failed because the Yubikey OTP is invalid.', |
|
128 |
err_response_replayed_otp: 'Authentication failed because the Yubikey OTP you entered has been used before.', |
|
129 |
err_response_bad_signature: 'Authentication failed because the Yubico authentication server reported an invalid signature.', |
|
130 |
err_response_missing_parameter: 'Authentication failed because of a Dan Fuhry error.', |
|
131 |
err_response_no_such_client: 'Authentication failed because the Yubikey you used is not registered with Yubico.', |
|
132 |
err_response_operation_not_allowed: 'Authentication failed because the Enano server was denied the request to validate the OTP.', |
|
133 |
err_response_backend_error: 'Authentication failed because an unexpected problem happened with the Yubico server.', |
|
134 |
err_response_security_error: 'Authentication failed because the Yubico authentication server reported an unknown security error.', |
|
135 |
||
136 |
specialpage_yubikey: 'Yubikey API' |
|
137 |
}, |
|
138 |
yubiucp: { |
|
139 |
panel_title: 'Yubikey settings', |
|
140 |
||
141 |
field_enable_title: 'Enable Yubikey support on my account:', |
|
142 |
field_enable_hint: 'Disabling support will remove any keys that are enrolled for your account.', |
|
143 |
field_enable: 'Enabled', |
|
144 |
field_keys_title: 'Enrolled Yubikeys:', |
|
145 |
field_keys_hint: 'Enroll a Yubikey to allow it to log into your account.', |
|
146 |
field_keys_maximum: 'You can enroll up to %max% Yubikeys.', |
|
147 |
field_normal_flags: 'When logging in:', |
|
148 |
field_elev_flags: 'When performing sensitive operations:', |
|
149 |
field_flags_keyonly: 'Only require my Yubikey', |
|
150 |
field_flags_username: 'Require a username', |
|
151 |
field_flags_userandpw: 'Require a username and password', |
|
152 |
field_allow_plain_login: 'Allow me to log in without my Yubikey', |
|
153 |
field_allow_plain_login_hint: 'If this option is turned off, you will be unable to access your account if all of your enrolled Yubikeys become lost or broken. However, turning this option off provides greater security.', |
|
154 |
err_double_enrollment: 'One of the Yubikeys you tried to enroll is already enrolled on another account on this website. A single Yubikey can only be associated with one account at a time.', |
|
8
032ca892b9a2
Added option to enroll Yubikey during registration + option in admin CP to require enrollment
Dan
parents:
5
diff
changeset
|
155 |
err_double_enrollment_single: 'The Yubikey you tried to enroll is already enrolled on another account on this website. A single Yubikey can only be associated with one account at a time.', |
032ca892b9a2
Added option to enroll Yubikey during registration + option in admin CP to require enrollment
Dan
parents:
5
diff
changeset
|
156 |
|
032ca892b9a2
Added option to enroll Yubikey during registration + option in admin CP to require enrollment
Dan
parents:
5
diff
changeset
|
157 |
reg_field_otp: 'Enroll a <a href="http://www.yubico.com/products/yubikey" onclick="window.open(this.href); return false;">Yubikey</a>:', |
032ca892b9a2
Added option to enroll Yubikey during registration + option in admin CP to require enrollment
Dan
parents:
5
diff
changeset
|
158 |
reg_field_otp_hint_optional: 'If you have a Yubikey, you can authorize it for use in your new account here.', |
032ca892b9a2
Added option to enroll Yubikey during registration + option in admin CP to require enrollment
Dan
parents:
5
diff
changeset
|
159 |
reg_field_otp_hint_required: 'Please enroll a Yubikey here to create an account. This is a required step.', |
032ca892b9a2
Added option to enroll Yubikey during registration + option in admin CP to require enrollment
Dan
parents:
5
diff
changeset
|
160 |
reg_err_otp_required: 'Please enroll a Yubikey to register on this site.', |
032ca892b9a2
Added option to enroll Yubikey during registration + option in admin CP to require enrollment
Dan
parents:
5
diff
changeset
|
161 |
reg_err_otp_invalid: 'Your Yubikey OTP failed to validate.' |
0 | 162 |
}, |
163 |
yubiacp: { |
|
164 |
th: 'Yubikey authentication', |
|
165 |
field_enable_title: 'Yubikey support:', |
|
166 |
field_enable: 'Enable Yubikey authentication', |
|
167 |
field_api_key: 'Yubico API key:', |
|
168 |
field_api_key_id: 'Yubico numeric ID:', |
|
169 |
field_auth_server: 'Authentication server URL:', |
|
170 |
field_enroll_limit: 'Number of enrolled keys permitted per account:', |
|
8
032ca892b9a2
Added option to enroll Yubikey during registration + option in admin CP to require enrollment
Dan
parents:
5
diff
changeset
|
171 |
field_reg_require_otp_title: 'Yubikey required for registration:', |
032ca892b9a2
Added option to enroll Yubikey during registration + option in admin CP to require enrollment
Dan
parents:
5
diff
changeset
|
172 |
field_reg_require_otp_hint: 'If this is enabled, users will be asked to enroll a Yubikey during registration. The enrolled Yubikey will be authorized for the new account.', |
032ca892b9a2
Added option to enroll Yubikey during registration + option in admin CP to require enrollment
Dan
parents:
5
diff
changeset
|
173 |
field_reg_require_otp: 'Require Yubikey during registration', |
0 | 174 |
|
175 |
err_invalid_auth_server: 'The URL to the Yubikey authentication server that you entered is invalid.' |
|
176 |
} |
|
177 |
} |
|
178 |
} |
|
179 |
} |
|
180 |
</code> |
|
181 |
**!*/ |
|
182 |