surfnet / stepup-u2f-bundle
The SURFnet Step-up U2F bundle contains server-side device verification, and the necessary forms and resources to enable client-side U2F interaction with Step-up Identities
Installs: 5 407
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 12
Forks: 0
Open Issues: 1
Requires
- php: ^7
- symfony/config: ^3.4|^4.4
- symfony/dependency-injection: ^3.4|^4.4
- symfony/form: ^3.4|^4.4
- symfony/http-kernel: ^3.4|^4.4
- symfony/validator: ^3.4|^4.4
- yubico/u2flib-server: ^0.1.0
Requires (Dev)
- matthiasnoback/symfony-config-test: ^2.2
- mockery/mockery: ~0.9
- phpmd/phpmd: ^2.6
- phpunit/phpunit: ^5.7
- sebastian/phpcpd: ^2.0
- sensiolabs/security-checker: ^3.0
- squizlabs/php_codesniffer: ^1.0
- symfony/phpunit-bridge: ^3.0
This package is auto-updated.
Last update: 2023-04-06 15:47:21 UTC
README
The SURFnet Step-up U2F Bundle contains server-side device verification, and the necessary forms and resources to enable client-side U2F interaction with Step-up Identities
Installation and configuration
-
Add the package to your Composer file
composer require surfnet/stepup-u2f-bundle
-
Add the bundle to your kernel in
app/AppKernel.php
public function registerBundles() { // ... $bundles[] = new Surfnet\StepupU2fBundle\SurfnetStepupU2fBundle(); }
Configuration
AppID
# config.yml surfnet_stepup_u2f: app_id: 'https://application.tld/U2F/AppID'
Usage
Registering U2F devices
/** @Template */ public function registerDeviceAction(Request $request) { $service = $this->get('surfnet_stepup_u2f.service.u2f'); $registerRequest = $service->requestRegistration(); $registerResponse = new RegisterResponse(); $form = $this->createForm('surfnet_stepup_u2f_register_device', $registerResponse, [ 'register_request' => $registerRequest, ]); if (!$form->isValid()) { $this->get('my.session.bag')->set('request', $registerRequest); return ['form' => $form->createView()]; } $result = $service->verifyRegistration( $this->get('my.session.bag')->get('request'), $registerResponse ); if ($result->wasSuccessful()) { $registration = $result->getRegistration()); // ... } elseif ($result->handleAllErrorMethods()) { // Display an error to the user and allow him/her to retry with a new request } }
Note: Don't display the registration form after an error: the browser or device may immediately respond with the same error, causing an infinite form submission loop. Let the user device whether to initiate a new registration.
Verifying U2F device authentications
/** @Template */ public function verifyDeviceAuthenticationAction(Request $request) { $service = $this->get('surfnet_stepup_u2f.service.authentication'); $signRequest = $service->requestAuthentication(); $signResponse = new SignResponse(); $form = $this->createForm('surfnet_stepup_u2f_verify_device_authentication', $signResponse, [ 'sign_request' => $signRequest, ]); if (!$form->isValid()) { $this->get('my.session.bag')->set('request', $signRequest); return ['form' => $form->createView()]; } $result = $service->verifyAuthentication( $this->get('my.session.bag')->get('request'), $signResponse ); if ($result->wasSuccessful()) { // ... } elseif ($result->handleAllErrorMethods()) { // Display an error to the user and allow him/her to retry with a new request } }
Note: Don't display the authentication form after an error: the browser or device may immediately respond with the same error, causing an infinite form submission loop. Let the user device whether to initiate a new authentication.