# U2F-php-server
[![Latest Stable Version](https://img.shields.io/packagist/v/samyoul/u2f-php-server.svg?style=flat-square)](https://packagist.org/packages/samyoul/u2f-php-server)
[![License](https://img.shields.io/badge/license-BSD_2_Clause-brightgreen.svg?style=flat-square)](LICENCE.md)
Server-side handling of FIDO U2F registration and authentication for PHP.
Securing your online accounts and doing your bit to protect your data is extremely important and increasingly more so as hackers get more sophisticated.
FIDO's U2F enables you to add a simple unobtrusive method of 2nd factor authentication, allowing users of your service and/or application to link a hardware key to their account.
## The Family of U2F php Libraries
**Base Library**
https://github.com/Samyoul/U2F-php-server
**Fido Test Suite (UTD)**
https://github.com/Samyoul/U2F-php-UTD
**Frameworks**
*Laravel* https://github.com/Samyoul/U2F-Laravel-server
*Yii* https://github.com/Samyoul/U2F-Yii-server
*CodeIgniter* https://github.com/Samyoul/U2F-CodeIgniter-server
## Contents
1. [Installation](#installation)
2. [Requirements](#requirements)
1. [OpenSSL](#openssl)
1. [Clientside Magic](#client-side-the-magic-javascript-bit-of-talking-with-a-usb-device)
1. [HTTPS and SSL](#https-and-ssl)
3. [Terminology](#terminology)
4. [Recommended Datastore Structure](#recommended-datastore-structure)
5. [Process Workflow](#process-workflow)
1. [Registration Process Flow](#registration-process-flow)
1. [Authentication Process Flow](#authentication-process-flow)
6. [Example Code](#example-code)
1. [Compatibility Check](#compatibility-code)
1. [Registration Code](#registration-code)
1. [Authentication Code](#authentication-code)
7. [Frameworks](#frameworks)
1. [Laravel](#laravel-framework)
1. [Yii](#yii-framework)
1. [CodeIgniter](#codeigniter-framework)
8. [Licence](#licence)
9. [Credits](#credits)
## Installation
`composer require samyoul/u2f-php-server`
## Requirements
A few **things you need** to know before working with this:
1. [**_OpenSSL_**](#openssl) You need at least OpenSSL 1.0.0 or higher.
2. [**_Client-side Handling_**](#client-side) You need to be able to communicate with a some kind of device.
3. [**_A HTTPS URL_**](#https-and-ssl) This is very important, without HTTPS U2F simply will not work.
4. [**_A Datastore_**](#recommended-datastore-structure) You need some kind of datastore for all your U2F registered users (although if you have a system with user authentication I'm presuming you've got this one sorted).
### OpenSSL
This repository requires OpenSSL 1.0.0 or higher. For further details on installing OpenSSL please refer to the php manual http://php.net/manual/en/openssl.installation.php .
Also see [Compatibility Code](#compatibility-code), to check if you have the correct version of OpenSSL installed, and are unsure how else to check.
### Client-side (The magic JavaScript Bit of talking with a USB device)
My presumption is that if you are looking to add U2F authentication to a php system, then you'll probably are also looking for some client-side handling. You've got a U2F enabled USB device and you want to get the USB device speaking with the browser and then with your server running php.
1. Google already have this bit sorted : https://github.com/google/u2f-ref-code/blob/master/u2f-gae-demo/war/js/u2f-api.js
2. [Mastahyeti](https://github.com/mastahyeti) has created a repo dedicated to Google's JavaScript Client-side API : https://github.com/mastahyeti/u2f-api
### HTTPS and SSL
For U2F to work your website/service must use a HTTPS URL. Without a HTTPS URL your code won't work, so get one for your localhost, get one for your production. https://letsencrypt.org/
Basically encrypt everything.
## Terminology
**_HID_** : _Human Interface Device_, like A USB Device [like these things](https://www.google.co.uk/search?q=fido+usb+key&safe=off&tbm=isch)
## Recommended Datastore Structure
You don't need to follow this structure exactly, but you will need to associate your Registration data with a user. You'll also need to store the key handle, public key and the certificate, counter isn't 100% essential but it makes your application more secure.
|Name|Type|Description|
|---|---|---|
|id|integer primary key||
|user_id|integer||
|key_handle|varchar(255)||
|public_key|varchar(255)||
|certificate|text||
|counter|integer||
TODO the descriptions
## Process Workflow
### Registration Process Flow
1. User navigates to a 2nd factor authentication page in your application.
... TODO add the rest of the registration process flow ...
### Authentication Process Flow
1. User navigates to their login page as they usually would, submits username and password.
1. Server received POST request authentication data, normal username + password validation occurs
1. On successful authentication, the application checks 2nd factor authentication is required. We're going to presume it is, otherwise the user would just be logged in at this stage.
1. Application gets the user's registered signatures from the application datastore: `$registrations`.
1. Application gets its ID, usually the domain the application is accessible from: `$appId`
1. Application makes a `U2F::makeAuthentication($registrations, $appId)` call, the method returns an array of `SignRequest` objects: `$authenticationRequest`.
1. Application JSON encodes the array and passes the data to the view
1. When the browser loads the page the JavaScript fires the `u2f.sign(authenticationRequest, function(data){ // Callback logic })` function
1. The view will use JavaScript / Browser to poll the host machine's ports for a FIDO U2F device
1. Once the HID has been found the JavaScript / Browser will send the sign request with data.
1. The HID will prompt the user to authorise the sign request
1. On success the HID returns authentication data
1. The JavaScript receives the HID's returned data and passes it to the server
1. The application takes the returned data passes it to the `U2F::authenticate($authenticationRequest, $registrations, $authenticationResponse)` method
1. If the method returns a registration and doesn't throw an Exception, authentication is complete.
1. Set the user's session, inform the user of the success, and redirect them.
## Example Code
For a full working code example for this repository please see [the dedicated example repository](https://github.com/Samyoul/U2F-php-server-examples)
You can also install it with the following:
```bash
$ git clone https://github.com/Samyoul/U2F-php-server-examples.git
$ cd u2f-php-server-examples
$ composer install
```
1. [Compatibility Code](#compatibility-code)
2. [Registration Code](#registration-code)
1. [Step 1: Starting](#registration-step-1)
1. [Step 2: Talking to the HID](#registration-step-2)
1. [Step 3: Validation & Storage](#registration-step-3)
3. [Authentication Code]()
1. [Step 1: Starting]()
1. [Step 2: Talking to the HID]()
1. [Step 3: Validation]()
---
### Compatibility Code
You'll only ever need to use this method call once per installation and only in the context of debugging if the class is giving you unexpected errors. This method call will check your OpenSSL version and ensure it is at least 1.0.0 .
```php
<?php
require('vendor/autoload.php');
use Samyoul\U2F\U2FServer\U2FServer as U2F;
var_dump(U2F::checkOpenSSLVersion());
```
---
### Registration Code
#### Registration Step 1:
**Starting the registration process:**
We assume that user has successfully authenticated and wishes to register.
```php
<?php
require('vendor/autoload.php');
use Samyoul\U2F\U2FServer\U2FServer as U2F;
session_start();
// This can be anything, but usually easier if you choose your applications domain and top level domain.
$appId = "yourdomain.tld";
// Call the makeRegistration method, passing in the app ID
$registrationData = U2F::makeRegistration($appId);
// Store the request for later
$_
没有合适的资源?快使用搜索试试~ 我知道了~
基于PHP的MyAdmin(MySQL数据库管理)官方版源码.zip
共2000个文件
png:708个
php:527个
twig:255个
1.该资源内容由用户上传,如若侵权请联系客服进行举报
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
版权申诉
0 下载量 77 浏览量
2023-08-27
23:51:09
上传
评论
收藏 14.69MB ZIP 举报
温馨提示
基于PHP的MyAdmin(MySQL数据库管理)官方版源码.zip
资源推荐
资源详情
资源评论
收起资源包目录
基于PHP的MyAdmin(MySQL数据库管理)官方版源码.zip (2000个子文件)
6187b673.0 2KB
4042bcee.0 2KB
12d55845.0 1KB
2e5ac55d.0 1KB
ChangeLog 48KB
theme-rtl.css 217KB
theme.css 210KB
blueeyes-theme-rtl.css 207KB
theme-rtl.css 207KB
redmond-theme-rtl.css 207KB
teal-theme-rtl.css 207KB
mono-theme-rtl.css 207KB
theme-rtl.css 203KB
blueeyes-theme.css 199KB
theme.css 199KB
redmond-theme.css 199KB
teal-theme.css 199KB
mono-theme.css 199KB
theme.css 196KB
jquery-ui.css 36KB
jquery-ui.css 36KB
jquery-ui.css 36KB
basic.css 11KB
styles.css 10KB
codemirror.css 9KB
pygments.css 4KB
classic.css 4KB
ol.css 4KB
lint.css 3KB
printview.css 2KB
printview.css 1KB
printview.css 1KB
print.css 1KB
show-hint.css 623B
default.css 28B
ajax_clock_small.gif 2KB
ajax_clock_small.gif 2KB
ajax_clock_small.gif 2KB
b_globe.gif 1KB
b_globe.gif 1KB
b_globe.gif 1KB
ajax-loader.gif 673B
dot.gif 43B
cleardot.gif 43B
config.html 371KB
faq.html 201KB
genindex.html 146KB
setup.html 125KB
credits.html 46KB
glossary.html 36KB
import_export.html 27KB
transformations.html 15KB
index.html 15KB
charts.html 15KB
security.html 12KB
themes.html 11KB
intro.html 11KB
bookmarks.html 10KB
relations.html 10KB
privileges.html 10KB
two_factor.html 9KB
user.html 8KB
require.html 8KB
vendors.html 8KB
other.html 7KB
copyright.html 6KB
settings.html 6KB
developers.html 5KB
search.html 4KB
error.ico 5KB
error.ico 5KB
favicon.ico 1KB
favicon.ico 1KB
error.ico 1KB
OpenLayers.js 1.04MB
zxcvbn.js 803KB
jquery.jqplot.js 461KB
codemirror.js 389KB
jquery.js 265KB
jquery-ui.min.js 248KB
functions.js 177KB
functions.js 157KB
jquery.tablesorter.js 106KB
makegrid.js 96KB
jquery.min.js 87KB
monitor.js 85KB
bootstrap.bundle.min.js 82KB
move.js 81KB
makegrid.js 77KB
searchindex.js 77KB
jquery-ui-timepicker-addon.js 77KB
monitor.js 73KB
move.js 71KB
navigation.js 62KB
underscore.js 58KB
console.js 56KB
jquery.svg.js 55KB
navigation.js 53KB
additional-methods.js 51KB
jquery.validate.js 50KB
共 2000 条
- 1
- 2
- 3
- 4
- 5
- 6
- 20
资源评论
毕业_设计
- 粉丝: 1921
- 资源: 1万+
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功