# U2F-php-server
[![Latest Stable Version](https://img.shields.io/packagist/v/samyoul/u2f-php-server.svg?style=flat-square)](https://packagist.org/packages/samyoul/u2f-php-server)
[![License](https://img.shields.io/badge/license-BSD_2_Clause-brightgreen.svg?style=flat-square)](LICENCE.md)
Server-side handling of FIDO U2F registration and authentication for PHP.
Securing your online accounts and doing your bit to protect your data is extremely important and increasingly more so as hackers get more sophisticated.
FIDO's U2F enables you to add a simple unobtrusive method of 2nd factor authentication, allowing users of your service and/or application to link a hardware key to their account.
## The Family of U2F php Libraries
**Base Library**
https://github.com/Samyoul/U2F-php-server
**Fido Test Suite (UTD)**
https://github.com/Samyoul/U2F-php-UTD
**Frameworks**
*Laravel* https://github.com/Samyoul/U2F-Laravel-server
*Yii* https://github.com/Samyoul/U2F-Yii-server
*CodeIgniter* https://github.com/Samyoul/U2F-CodeIgniter-server
## Contents
1. [Installation](#installation)
2. [Requirements](#requirements)
1. [OpenSSL](#openssl)
1. [Clientside Magic](#client-side-the-magic-javascript-bit-of-talking-with-a-usb-device)
1. [HTTPS and SSL](#https-and-ssl)
3. [Terminology](#terminology)
4. [Recommended Datastore Structure](#recommended-datastore-structure)
5. [Process Workflow](#process-workflow)
1. [Registration Process Flow](#registration-process-flow)
1. [Authentication Process Flow](#authentication-process-flow)
6. [Example Code](#example-code)
1. [Compatibility Check](#compatibility-code)
1. [Registration Code](#registration-code)
1. [Authentication Code](#authentication-code)
7. [Frameworks](#frameworks)
1. [Laravel](#laravel-framework)
1. [Yii](#yii-framework)
1. [CodeIgniter](#codeigniter-framework)
8. [Licence](#licence)
9. [Credits](#credits)
## Installation
`composer require samyoul/u2f-php-server`
## Requirements
A few **things you need** to know before working with this:
1. [**_OpenSSL_**](#openssl) You need at least OpenSSL 1.0.0 or higher.
2. [**_Client-side Handling_**](#client-side) You need to be able to communicate with a some kind of device.
3. [**_A HTTPS URL_**](#https-and-ssl) This is very important, without HTTPS U2F simply will not work.
4. [**_A Datastore_**](#recommended-datastore-structure) You need some kind of datastore for all your U2F registered users (although if you have a system with user authentication I'm presuming you've got this one sorted).
### OpenSSL
This repository requires OpenSSL 1.0.0 or higher. For further details on installing OpenSSL please refer to the php manual http://php.net/manual/en/openssl.installation.php .
Also see [Compatibility Code](#compatibility-code), to check if you have the correct version of OpenSSL installed, and are unsure how else to check.
### Client-side (The magic JavaScript Bit of talking with a USB device)
My presumption is that if you are looking to add U2F authentication to a php system, then you'll probably are also looking for some client-side handling. You've got a U2F enabled USB device and you want to get the USB device speaking with the browser and then with your server running php.
1. Google already have this bit sorted : https://github.com/google/u2f-ref-code/blob/master/u2f-gae-demo/war/js/u2f-api.js
2. [Mastahyeti](https://github.com/mastahyeti) has created a repo dedicated to Google's JavaScript Client-side API : https://github.com/mastahyeti/u2f-api
### HTTPS and SSL
For U2F to work your website/service must use a HTTPS URL. Without a HTTPS URL your code won't work, so get one for your localhost, get one for your production. https://letsencrypt.org/
Basically encrypt everything.
## Terminology
**_HID_** : _Human Interface Device_, like A USB Device [like these things](https://www.google.co.uk/search?q=fido+usb+key&safe=off&tbm=isch)
## Recommended Datastore Structure
You don't need to follow this structure exactly, but you will need to associate your Registration data with a user. You'll also need to store the key handle, public key and the certificate, counter isn't 100% essential but it makes your application more secure.
|Name|Type|Description|
|---|---|---|
|id|integer primary key||
|user_id|integer||
|key_handle|varchar(255)||
|public_key|varchar(255)||
|certificate|text||
|counter|integer||
TODO the descriptions
## Process Workflow
### Registration Process Flow
1. User navigates to a 2nd factor authentication page in your application.
... TODO add the rest of the registration process flow ...
### Authentication Process Flow
1. User navigates to their login page as they usually would, submits username and password.
1. Server received POST request authentication data, normal username + password validation occurs
1. On successful authentication, the application checks 2nd factor authentication is required. We're going to presume it is, otherwise the user would just be logged in at this stage.
1. Application gets the user's registered signatures from the application datastore: `$registrations`.
1. Application gets its ID, usually the domain the application is accessible from: `$appId`
1. Application makes a `U2F::makeAuthentication($registrations, $appId)` call, the method returns an array of `SignRequest` objects: `$authenticationRequest`.
1. Application JSON encodes the array and passes the data to the view
1. When the browser loads the page the JavaScript fires the `u2f.sign(authenticationRequest, function(data){ // Callback logic })` function
1. The view will use JavaScript / Browser to poll the host machine's ports for a FIDO U2F device
1. Once the HID has been found the JavaScript / Browser will send the sign request with data.
1. The HID will prompt the user to authorise the sign request
1. On success the HID returns authentication data
1. The JavaScript receives the HID's returned data and passes it to the server
1. The application takes the returned data passes it to the `U2F::authenticate($authenticationRequest, $registrations, $authenticationResponse)` method
1. If the method returns a registration and doesn't throw an Exception, authentication is complete.
1. Set the user's session, inform the user of the success, and redirect them.
## Example Code
For a full working code example for this repository please see [the dedicated example repository](https://github.com/Samyoul/U2F-php-server-examples)
You can also install it with the following:
```bash
$ git clone https://github.com/Samyoul/U2F-php-server-examples.git
$ cd u2f-php-server-examples
$ composer install
```
1. [Compatibility Code](#compatibility-code)
2. [Registration Code](#registration-code)
1. [Step 1: Starting](#registration-step-1)
1. [Step 2: Talking to the HID](#registration-step-2)
1. [Step 3: Validation & Storage](#registration-step-3)
3. [Authentication Code]()
1. [Step 1: Starting]()
1. [Step 2: Talking to the HID]()
1. [Step 3: Validation]()
---
### Compatibility Code
You'll only ever need to use this method call once per installation and only in the context of debugging if the class is giving you unexpected errors. This method call will check your OpenSSL version and ensure it is at least 1.0.0 .
```php
<?php
require('vendor/autoload.php');
use Samyoul\U2F\U2FServer\U2FServer as U2F;
var_dump(U2F::checkOpenSSLVersion());
```
---
### Registration Code
#### Registration Step 1:
**Starting the registration process:**
We assume that user has successfully authenticated and wishes to register.
```php
<?php
require('vendor/autoload.php');
use Samyoul\U2F\U2FServer\U2FServer as U2F;
session_start();
// This can be anything, but usually easier if you choose your applications domain and top level domain.
$appId = "yourdomain.tld";
// Call the makeRegistration method, passing in the app ID
$registrationData = U2F::makeRegistration($appId);
// Store the request for later
$_
没有合适的资源?快使用搜索试试~ 我知道了~
温馨提示
【项目资源】: 包含前端、后端、移动开发、操作系统、人工智能、物联网、信息化管理、数据库、硬件开发、大数据、课程资源、音视频、网站开发等各种技术项目的源码。 包括STM32、ESP8266、PHP、QT、Linux、iOS、C++、Java、python、web、C#、EDA、proteus、RTOS等项目的源码。 【项目质量】: 所有源码都经过严格测试,可以直接运行。 功能在确认正常工作后才上传。 【适用人群】: 适用于希望学习不同技术领域的小白或进阶学习者。 可作为毕设项目、课程设计、大作业、工程实训或初期项目立项。 【附加价值】: 项目具有较高的学习借鉴价值,也可直接拿来修改复刻。 对于有一定基础或热衷于研究的人来说,可以在这些基础代码上进行修改和扩展,实现其他功能。 【沟通交流】: 有任何使用上的问题,欢迎随时与博主沟通,博主会及时解答。 鼓励下载和使用,并欢迎大家互相学习,共同进步。
资源推荐
资源详情
资源评论
收起资源包目录
基于PHP后台的在线点餐微信小程序.zip (2000个子文件)
6187b673.0 2KB
4042bcee.0 2KB
12d55845.0 1KB
2e5ac55d.0 1KB
RELEASE-DATE-4.8.5 29B
AUTHORS 848B
BUGS 95B
twig.c 35KB
ChangeLog 9KB
jquery-ui.css 36KB
jquery-ui.css 36KB
style.css 11KB
styles.css 10KB
basic.css 10KB
codemirror.css 8KB
style.tidy.css 8KB
pygments.css 4KB
classic.css 4KB
lint.css 3KB
printview.css 3KB
printview.css 3KB
style.mobile.css 2KB
style.mobile.tidy.css 1KB
print.css 1KB
show-hint.css 623B
ie6-style.css 212B
ie6-style.tidy.css 184B
google.css 142B
google.tidy.css 101B
default.css 28B
DCO 2KB
phpunit.xml.dist 667B
.editorconfig 274B
1.gif 90KB
ajax_clock_small.gif 2KB
ajax_clock_small.gif 2KB
close.gif 1KB
b_globe.gif 1KB
b_globe.gif 1KB
ajax-loader.gif 673B
overview_replacement.gif 79B
dot.gif 43B
cleardot.gif 43B
blank.gif 42B
blank.gif 42B
.gitkeep 0B
php_twig.h 1KB
highlight-query 666B
.htaccess 455B
.htaccess 217B
.htaccess 13B
.htaccess 0B
config.html 350KB
faq.html 198KB
genindex.html 146KB
setup.html 119KB
credits.html 45KB
glossary.html 33KB
import_export.html 27KB
charts.html 15KB
index.html 15KB
transformations.html 13KB
security.html 12KB
index.html 12KB
themes.html 11KB
intro.html 11KB
relations.html 10KB
bookmarks.html 10KB
privileges.html 10KB
two_factor.html 9KB
user.html 8KB
require.html 8KB
504.html 8KB
502.html 7KB
500.html 7KB
other.html 7KB
400.html 7KB
505.html 7KB
503.html 7KB
ApacheIndex.html 7KB
index.html 7KB
copyright.html 6KB
506.html 6KB
501.html 6KB
509.html 6KB
510.html 6KB
507.html 6KB
settings.html 6KB
vendors.html 6KB
404.html 6KB
403.html 6KB
tongji.html 5KB
developers.html 5KB
search.html 4KB
cp_edit.html 3KB
yuyue.html 3KB
cp_add.html 3KB
dd.html 2KB
index.html 2KB
zhuce.html 2KB
共 2000 条
- 1
- 2
- 3
- 4
- 5
- 6
- 20
资源评论
妄北y
- 粉丝: 1w+
- 资源: 1万+
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功