TFAYubikeyOtpHelper
in package
Table of Contents
Properties
- $allowReplayedOtp : bool
- $clientId : string
- $clientSecret : string
- $lastError : string
- $otpCode : string
Methods
- __construct() : mixed
- clearLastError() : mixed
- Clears the last error message.
- getLastError() : string
- Returns the last error message, if any.
- getPublicId() : string
- Returns the public ID part of the OTP code (in modhex format)
- setLastError() : mixed
- Sets the last error message.
- verifyOtp() : bool
- Validates the OTP code against the YubiCloud API.
- generateNonce() : mixed
- getHmacSignature() : string
- Calculates the HMAC signature for the given parameters.
- parseResponse() : array<string|int, mixed>
- Parses the YubiCloud response into an associative array.
- validateResponse() : bool
- Validates the authenticity of the YubiCloud response.
Properties
$allowReplayedOtp
private
bool
$allowReplayedOtp
= \false
If true, already seen OTPs will not be rejected.
$clientId
private
string
$clientId
the client ID for the YubiCloud API
$clientSecret
private
string
$clientSecret
the client secret for the YubiCloud API
$lastError
private
string
$lastError
= ""
the last error message, if any
$otpCode
private
string
$otpCode
the OTP code to be validated
Methods
__construct()
public
__construct(string $otpCode[, string $clientId = null ][, string $clientSecret = null ]) : mixed
Parameters
- $otpCode : string
-
The full Yubikey OTP code
- $clientId : string = null
-
The client ID. If not set, the test mode ID will be used.
- $clientSecret : string = null
-
The client secret. The request won't be signed and the response signature won't be verified.
clearLastError()
Clears the last error message.
public
clearLastError() : mixed
getLastError()
Returns the last error message, if any.
public
getLastError() : string
Return values
string —the last error message
getPublicId()
Returns the public ID part of the OTP code (in modhex format)
public
getPublicId() : string
Return values
stringsetLastError()
Sets the last error message.
public
setLastError(string $error) : mixed
Parameters
- $error : string
-
the error message
verifyOtp()
Validates the OTP code against the YubiCloud API.
public
verifyOtp() : bool
If the code is not valid, the error can be retrieved using getLastError().
Return values
bool —true if the OTP code is valid, false otherwise
generateNonce()
private
generateNonce() : mixed
getHmacSignature()
Calculates the HMAC signature for the given parameters.
private
getHmacSignature(array<string|int, mixed> $params) : string
Parameters
- $params : array<string|int, mixed>
-
the parameters to be signed
Return values
string —the HMAC signature
parseResponse()
Parses the YubiCloud response into an associative array.
private
parseResponse(string $response) : array<string|int, mixed>
Parameters
- $response : string
-
the YubiCloud response
Return values
array<string|int, mixed> —the parsed response
validateResponse()
Validates the authenticity of the YubiCloud response.
private
validateResponse(array<string|int, mixed> $response, string $originalNonce) : bool
Parameters
- $response : array<string|int, mixed>
-
the YubiCloud response
- $originalNonce : string
-
the original nonce included in the request
Return values
bool —true if the response is valid, false otherwise