surfnet/stepup-u2f-bundle

该包已被弃用且不再维护。未建议替代包。

SURFnet Step-up U2F 包包含服务器端设备验证,以及使客户端能够与Step-up 身份进行U2F交互所需的表单和资源

维护者

详细信息

github.com/OpenConext/Stepup-u2f-bundle

源代码

问题

安装次数: 5,405

依赖项: 0

建议者: 0

安全: 0

星标: 0

关注者: 12

分支: 0

开放问题: 1

4.0.0 2020-06-24 10:11 UTC

Requires

Requires (Dev)

Apache-2.0 d0df4132a817355b4ad5586f37f1967d9ef67efe

This package is auto-updated.

Last update: 2023-04-06 15:47:21 UTC

README

Build Status Scrutinizer Code Quality

SURFnet Step-up U2F 包包含服务器端设备验证,以及使客户端能够与Step-up 身份进行U2F交互所需的表单和资源

安装和配置

  • 将包添加到您的Composer文件中

    composer require surfnet/stepup-u2f-bundle

  • 将包添加到您的内核文件app/AppKernel.php

    public function registerBundles()
{
    // ...
    $bundles[] = new Surfnet\StepupU2fBundle\SurfnetStepupU2fBundle();
}

配置

AppID

# config.yml
surfnet_stepup_u2f:
    app_id: 'https://application.tld/U2F/AppID'

使用方法

注册U2F设备

/** @Template */
public function registerDeviceAction(Request $request)
{
    $service = $this->get('surfnet_stepup_u2f.service.u2f');

    $registerRequest = $service->requestRegistration();
    $registerResponse = new RegisterResponse();
    $form = $this->createForm('surfnet_stepup_u2f_register_device', $registerResponse, [
        'register_request' => $registerRequest,
    ]);

    if (!$form->isValid()) {
        $this->get('my.session.bag')->set('request', $registerRequest);
        return ['form' => $form->createView()];
    }

    $result = $service->verifyRegistration(
        $this->get('my.session.bag')->get('request'),
        $registerResponse
    );

    if ($result->wasSuccessful()) {
        $registration = $result->getRegistration());
        // ...
    } elseif ($result->handleAllErrorMethods()) {
        // Display an error to the user and allow him/her to retry with a new request
    }
}

注意: 出错后不要显示注册表单:浏览器或设备可能会立即响应相同的错误,导致无限循环表单提交。让用户决定是否启动新的注册。

验证U2F设备身份验证

/** @Template */
public function verifyDeviceAuthenticationAction(Request $request)
{
    $service = $this->get('surfnet_stepup_u2f.service.authentication');

    $signRequest = $service->requestAuthentication();
    $signResponse = new SignResponse();
    $form = $this->createForm('surfnet_stepup_u2f_verify_device_authentication', $signResponse, [
        'sign_request' => $signRequest,
    ]);

    if (!$form->isValid()) {
        $this->get('my.session.bag')->set('request', $signRequest);
        return ['form' => $form->createView()];
    }

    $result = $service->verifyAuthentication(
        $this->get('my.session.bag')->get('request'),
        $signResponse
    );

    if ($result->wasSuccessful()) {
        // ...
    } elseif ($result->handleAllErrorMethods()) {
        // Display an error to the user and allow him/her to retry with a new request
    }
}

注意: 出错后不要显示身份验证表单:浏览器或设备可能会立即响应相同的错误,导致无限循环表单提交。让用户决定是否启动新的身份验证。