diff options
author | Christoph Wurst <christoph@winzerhof-wurst.at> | 2016-08-26 13:49:28 +0300 |
---|---|---|
committer | Christoph Wurst <christoph@winzerhof-wurst.at> | 2016-08-26 13:49:28 +0300 |
commit | 77ae70eac90e31a611d0d0a7c584f0e6464da6d0 (patch) | |
tree | 9e3d66b431ce419f17ec2fc64983bb6179e687fc /lib | |
parent | b7e46a5952770f378f7b497026abaf9d815da139 (diff) |
fail gracefully if U2F verification errors occur
Diffstat (limited to 'lib')
-rw-r--r-- | lib/Provider/U2FProvider.php | 4 | ||||
-rw-r--r-- | lib/Service/U2FManager.php | 13 |
2 files changed, 13 insertions, 4 deletions
diff --git a/lib/Provider/U2FProvider.php b/lib/Provider/U2FProvider.php index 0acc7f3..9022b0d 100644 --- a/lib/Provider/U2FProvider.php +++ b/lib/Provider/U2FProvider.php @@ -83,9 +83,7 @@ class U2FProvider implements IProvider { * @param string $challenge */ public function verifyChallenge(IUser $user, $challenge) { - $x = $challenge; - $this->manager->finishAuthenticate($challenge); - return true; + return $this->manager->finishAuthenticate($challenge); } /** diff --git a/lib/Service/U2FManager.php b/lib/Service/U2FManager.php index 4acbb7d..bce7c27 100644 --- a/lib/Service/U2FManager.php +++ b/lib/Service/U2FManager.php @@ -14,10 +14,12 @@ namespace OCA\TwoFactor_U2F\Service; require_once(__DIR__ . '/../../vendor/yubico/u2flib-server/src/u2flib_server/U2F.php'); +use InvalidArgumentException; use OC; use OCP\ILogger; use OCP\ISession; use OCP\IUser; +use u2flib_server\Error; use u2flib_server\U2F; class U2FManager { @@ -98,8 +100,17 @@ class U2FManager { $u2f = $this->getU2f(); $authReq = json_decode($this->session->get('twofactor_u2f_authReq')); - $reg = $u2f->doAuthenticate($authReq, $this->getRegs(), json_decode($challenge)); + try { + $reg = $u2f->doAuthenticate($authReq, $this->getRegs(), json_decode($challenge)); + } catch (InvalidArgumentException $ex) { + $this->logger->warning('U2F auth failed: ' . $ex->getMessage()); + return false; + } catch (Error $ex) { + $this->logger->warning('U2F auth failed: ' . $ex->getMessage()); + return false; + } $this->setReg($reg); + return true; } } |