From 33a5815b7cc9ed162826abb894c3b5f95b944294 Mon Sep 17 00:00:00 2001 From: Samyoul Date: Tue, 13 Dec 2016 16:28:05 +0000 Subject: [PATCH] Re-Namespaced the repo --- README.md | 40 ++++++++++++++++++---------------- composer.json | 2 +- src/Registration.php | 2 +- src/RegistrationRequest.php | 4 ++-- src/SignRequest.php | 4 ++-- src/U2FException.php | 2 +- src/{U2F.php => U2FServer.php} | 10 ++++----- 7 files changed, 33 insertions(+), 31 deletions(-) rename src/{U2F.php => U2FServer.php} (95%) diff --git a/README.md b/README.md index 6658651..613b1fb 100644 --- a/README.md +++ b/README.md @@ -84,25 +84,27 @@ TODO the descriptions ### Registration Process Flow 1. User navigates to a 2nd factor authentication page in your application. + ... TODO add the rest of the registration process flow ... ### Authentication Process Flow 1. User navigates to their login page as they usually would, submits username and password. -2. Server received POST request authentication data, normal username + password validation occurs -3. On successful authentication, the application checks 2nd factor authentication is required. We're going to presume it is, otherwise the user would just be logged in at this stage. -4. Application gets the user's registered signatures from the application datastore: `$registrations`. -5. Application makes a `$U2F->makeAuthentication($registrations)` call, the method returns an array of `SignRequest` objects: `$signRequest`. -6. Application JSON encodes the array and passes the data to the view -7. When the browser loads the page the JavaScript fires the `u2f.sign(sign_requests, function(data){ // Callback logic })` function -8. The view will use JavaScript / Browser to poll the host machine's ports for a FIDO U2F device -9. Once the HID has been found the JavaScript / Browser will send the sign request with data. -10. The HID will prompt the user to authorise the sign request -11. On success the HID returns authentication data -12. The JavaScript receives the HID's returned data and passes it to the server -13. The application takes the returned data passes it to the `$U2F->authenticate($signRequest, $registrations, $incomingData)` method -14. If the method returns a registration and doesn't throw an Exception, authentication is complete. -15. Set the user's session, inform the user of the success, and redirect them. +1. Server received POST request authentication data, normal username + password validation occurs +1. On successful authentication, the application checks 2nd factor authentication is required. We're going to presume it is, otherwise the user would just be logged in at this stage. +1. Application gets the user's registered signatures from the application datastore: `$registrations`. +1. Application gets its ID, usually the domain the application is accessible from: `$appId` +1. Application makes a `U2F::makeAuthentication($registrations, $appId)` call, the method returns an array of `SignRequest` objects: `$authenticationRequest`. +1. Application JSON encodes the array and passes the data to the view +1. When the browser loads the page the JavaScript fires the `u2f.sign(authenticationRequest, function(data){ // Callback logic })` function +1. The view will use JavaScript / Browser to poll the host machine's ports for a FIDO U2F device +1. Once the HID has been found the JavaScript / Browser will send the sign request with data. +1. The HID will prompt the user to authorise the sign request +1. On success the HID returns authentication data +1. The JavaScript receives the HID's returned data and passes it to the server +1. The application takes the returned data passes it to the `U2F::authenticate($authenticationRequest, $registrations, $authenticationResponse)` method +1. If the method returns a registration and doesn't throw an Exception, authentication is complete. +1. Set the user's session, inform the user of the success, and redirect them. ## Example Code @@ -137,7 +139,7 @@ You'll only ever need to use this method call once per installation and only in