LimeSurvey API - Master branch

TwoFactorAdminLogin extends AuthPluginBase
in package

Table of Contents

Constants

ERROR_ALREADY_EXISTING_USER  = 120
ERROR_AUTH_METHOD_INVALID  = 30
ERROR_INVALID_EMAIL  = 110
ERROR_IP_LOCKED_OUT  = 98
ERROR_LDAP_CONNECTION  = 130
ERROR_LDAP_MODE  = 135
ERROR_LDAP_NO_BIND  = 160
ERROR_LDAP_NO_EMAIL  = 140
ERROR_LDAP_NO_FULLNAME  = 150
ERROR_LDAP_NO_SEARCH_RESULT  = 170
ERROR_NONE  = 0
These constants reflect the error codes to be used by the identity, they are copied from LSUserIdentity and CBaseUserIdentity for easier access.
ERROR_NOT_ADDED  = 5
ERROR_PASSWORD_INVALID  = 20
ERROR_UNKNOWN_HANDLER  = 99
ERROR_UNKNOWN_IDENTITY  = 100
ERROR_USERNAME_INVALID  = 10
LDAP_INVALID_PASSWORD_TEXT  = "INVALID_PASSWORD-LDAP_USER"

Properties

$_password  : mixed
$_username  : mixed
$description  : mixed
$name  : mixed
$settings  : mixed
$storage  : mixed
$o2FA  : mixed

Methods

afterLoginFormSubmit()  : null
Set username and password by post request
afterSuccessfulLogin()  : void
If force 2FA login is enabled, redirect to the 2FA page
beforeActivate()  : void
Register new table and populate it.
beforeAdminMenuRender()  : void
Add menue to the top bar
beforeDeactivate()  : void
Delete the created tables again
deleteKeyForUserId()  : string
Deletes a users secret, effectively ending the 2FA login mechanism for that user CLI version.
deleteKeyForUserName()  : string
Deletes a users secret, effectively ending the 2FA login mechanism for that user CLI version.
direct()  : void
Event direct happen Usage : index --target=value [--function=] [--option=]
directCallConfirmKey()  : bool
Checks a submitted authentication code and stores the underlaying secret key into the Database.
directCallCreateNewKey()  : string
Renders the content of the modal to create a 2FA key registration
directCallDeleteKey()  : bool
Deletes a users secret, effectively ending the 2FA login mechanism for that user.
getAuthMethodName()  : string
Returns the authentication method's name
index()  : string
Renders a list of users including their 2FA settings To be called by fullpagewrapper
init()  : mixed
newDirectRequest()  : void
Listen to direct requests Necessary for the getMetadata function
newLoginForm()  : void
Add Two-Factor field to login page.
newUserSession()  : void
Control if login is successful by checking the transmitted 2FA-token value
remoteControlLogin()  : null
Set username and password by event
setAuthFailure()  : AuthPluginBase
Set authentication result to failure.
setAuthPlugin()  : AuthPluginBase
Set this plugin to handle the authentication
setAuthSuccess()  : AuthPluginBase
Set authentication result to success for the given user object.
userindex()  : string
Renders the user configuration page To be called by fullpagewrapper
createJSONResponse()  : bool
Generates a printed JSON-Response
getPassword()  : string|null
Get the password (if set)
getUserName()  : string|null
Get the username (if set)
pageScripts()  : void
Applies the necessary page scripts to the page through CClientScript derivate
setPassword()  : AuthPluginBase
Set the password to use for authentication
setUsername()  : AuthPluginBase
Set the username to use for authentication
confirmKey()  : bool
Checks a 2FA OTP authentication code against the stored secret
get2FAObject()  : TwoFactorAuth
Creates or returns a 2FA-library object Using Rob Janssen TwoFactorAuth - Library https://github.com/RobThree/TwoFactorAuth

Constants

ERROR_ALREADY_EXISTING_USER

public mixed ERROR_ALREADY_EXISTING_USER = 120

ERROR_AUTH_METHOD_INVALID

public mixed ERROR_AUTH_METHOD_INVALID = 30

ERROR_LDAP_NO_FULLNAME

public mixed ERROR_LDAP_NO_FULLNAME = 150

ERROR_LDAP_NO_SEARCH_RESULT

public mixed ERROR_LDAP_NO_SEARCH_RESULT = 170

ERROR_NONE

These constants reflect the error codes to be used by the identity, they are copied from LSUserIdentity and CBaseUserIdentity for easier access.

public mixed ERROR_NONE = 0

ERROR_UNKNOWN_IDENTITY

public mixed ERROR_UNKNOWN_IDENTITY = 100

LDAP_INVALID_PASSWORD_TEXT

public mixed LDAP_INVALID_PASSWORD_TEXT = "INVALID_PASSWORD-LDAP_USER"

Properties

$description

protected static mixed $description = 'Add two-factor authentication to your admin login'

$settings

protected mixed $settings = array('issuer' => array('type' => 'string', 'label' => 'Issuer', 'default' => 'LimeSurvey Survey Software', 'help' => 'This will be displayed in the 2FA app as issuer name.'), 'digits' => array('type' => 'string', 'label' => 'Code length', 'default' => '6', 'help' => 'The number of digits the resulting codes will be. Leave it at 6 for best compatibility.'), 'period' => array('type' => 'string', 'label' => 'Time period', 'default' => '30', 'help' => 'The number of seconds a code will be valid. Please leave it at 30 for best compatibility.'), 'leeway' => array('type' => 'string', 'label' => 'Discrepancy', 'default' => '5', 'help' => 'What amount of discrepancy in seconds is allowed for the client.'), 'algorithm' => array('type' => 'select', 'label' => 'Algorithm', 'default' => 'sha1', 'options' => ['sha1' => 'SHA1 (Default)', 'sha256 ' => 'SHA256', 'md5' => 'MD5'], 'help' => 'Please keep in mind, that most tools only work with SHA1 hashing.'), 'force2fa' => array('type' => 'select', 'label' => 'Prompt to activate 2FA on login', 'default' => '0', 'options' => ['0 ' => 'No', '1' => 'Yes'], 'help' => 'Upon login, users who have not enabled two-factor authentication (2FA) will be prompted to set it up.'))

Methods

afterLoginFormSubmit()

Set username and password by post request

public afterLoginFormSubmit() : null
Return values
null

afterSuccessfulLogin()

If force 2FA login is enabled, redirect to the 2FA page

public afterSuccessfulLogin() : void

beforeActivate()

Register new table and populate it.

public beforeActivate() : void

beforeAdminMenuRender()

Add menue to the top bar

public beforeAdminMenuRender() : void

beforeDeactivate()

Delete the created tables again

public beforeDeactivate() : void

deleteKeyForUserId()

Deletes a users secret, effectively ending the 2FA login mechanism for that user CLI version.

public deleteKeyForUserId(PluginEvent $oEvent, mixed $iUserId) : string

Returns a String

Parameters
$oEvent : PluginEvent
$iUserId : mixed
Return values
string

deleteKeyForUserName()

Deletes a users secret, effectively ending the 2FA login mechanism for that user CLI version.

public deleteKeyForUserName(PluginEvent $oEvent, mixed $sUserName) : string

Returns a String

Parameters
$oEvent : PluginEvent
$sUserName : mixed
Return values
string

direct()

Event direct happen Usage : index --target=value [--function=] [--option=]

public direct() : void

directCallConfirmKey()

Checks a submitted authentication code and stores the underlaying secret key into the Database.

public directCallConfirmKey(PluginEvent $oEvent, CHttpRequest $oRequest) : bool

Returns a JSON document

Parameters
$oEvent : PluginEvent
$oRequest : CHttpRequest
Return values
bool

directCallCreateNewKey()

Renders the content of the modal to create a 2FA key registration

public directCallCreateNewKey(PluginEvent $oEvent, CHttpRequest $oRequest) : string
Parameters
$oEvent : PluginEvent
$oRequest : CHttpRequest
Return values
string

directCallDeleteKey()

Deletes a users secret, effectively ending the 2FA login mechanism for that user.

public directCallDeleteKey(PluginEvent $oEvent, CHttpRequest $oRequest) : bool

Returns a JSON document

Parameters
$oEvent : PluginEvent
$oRequest : CHttpRequest
Return values
bool

getAuthMethodName()

Returns the authentication method's name

public static getAuthMethodName() : string
Return values
string

index()

Renders a list of users including their 2FA settings To be called by fullpagewrapper

public index() : string
Return values
string

newDirectRequest()

Listen to direct requests Necessary for the getMetadata function

public newDirectRequest() : void

newUserSession()

Control if login is successful by checking the transmitted 2FA-token value

public newUserSession() : void

remoteControlLogin()

Set username and password by event

public remoteControlLogin() : null
Return values
null

setAuthFailure()

Set authentication result to failure.

public setAuthFailure([int $code = self::ERROR_UNKNOWN_IDENTITY ][, string $message = '' ][, PluginEvent $event = null ]) : AuthPluginBase
Parameters
$code : int = self::ERROR_UNKNOWN_IDENTITY

Any of the constants defined in this class

$message : string = ''

An optional message to return about the failure

$event : PluginEvent = null
Return values
AuthPluginBase

userindex()

Renders the user configuration page To be called by fullpagewrapper

public userindex() : string
Return values
string

createJSONResponse()

Generates a printed JSON-Response

protected createJSONResponse(bool $success, string $message[, array<string|int, mixed> $data = [] ]) : bool
Parameters
$success : bool
$message : string
$data : array<string|int, mixed> = []
Return values
bool

$success

getPassword()

Get the password (if set)

protected getPassword() : string|null
Return values
string|null

getUserName()

Get the username (if set)

protected getUserName() : string|null
Return values
string|null

pageScripts()

Applies the necessary page scripts to the page through CClientScript derivate

protected pageScripts() : void

confirmKey()

Checks a 2FA OTP authentication code against the stored secret

private confirmKey(string $secretKey, string $authenticationCode) : bool
Parameters
$secretKey : string
$authenticationCode : string
Return values
bool

true on authentication code matching stored secret key

get2FAObject()

Creates or returns a 2FA-library object Using Rob Janssen TwoFactorAuth - Library https://github.com/RobThree/TwoFactorAuth

private get2FAObject() : TwoFactorAuth
Return values
TwoFactorAuth

        
On this page

Search results