Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php declare(strict_types=1); /** * Passbolt ~ Open source password manager for teams ..
Decoded Output download
<?php
declare(strict_types=1);
/**
* Passbolt ~ Open source password manager for teams
* Copyright (c) Passbolt SA (https://www.passbolt.com)
*
* Licensed under GNU Affero General Public License version 3 of the or any later version.
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) Passbolt SA (https://www.passbolt.com)
* @license https://opensource.org/licenses/AGPL-3.0 AGPL License
* @link https://www.passbolt.com Passbolt(tm)
* @since 2.5.0
*/
namespace Passbolt\MultiFactorAuthentication\Form\Yubikey;
use App\Utility\UserAccessControl;
use Cake\Datasource\Exception\RecordNotFoundException;
use Cake\Form\Schema;
use Cake\Http\Exception\InternalErrorException;
use Cake\Validation\Validation;
use Cake\Validation\Validator;
use Passbolt\MultiFactorAuthentication\Form\MfaForm;
use Passbolt\MultiFactorAuthentication\Utility\MfaSettings;
use Yubikey\Validate;
class YubikeyVerifyForm extends MfaForm
{
/**
* @var \Passbolt\MultiFactorAuthentication\Utility\MfaSettings
*/
protected $settings;
/**
* VerifyForm constructor.
*
* @param \App\Utility\UserAccessControl $uac access control
* @param \Passbolt\MultiFactorAuthentication\Utility\MfaSettings $settings settings
*/
public function __construct(UserAccessControl $uac, MfaSettings $settings)
{
parent::__construct($uac);
$this->settings = $settings;
}
/**
* Build form schema
*
* @param \Cake\Form\Schema $schema schema
* @return \Cake\Form\Schema
*/
protected function _buildSchema(Schema $schema): Schema
{
return $schema
->addField('hotp', ['type' => 'string']);
}
/**
* Build form validation
*
* @param \Cake\Validation\Validator $validator validator
* @return \Cake\Validation\Validator
*/
public function validationDefault(Validator $validator): Validator
{
$validator
->requirePresence('hotp', __('An OTP is required.'))
->notEmptyString('hotp', __('The OTP should not be empty.'))
->add('hotp', ['isValidModhex' => [
'rule' => [$this, 'isValidModhex'],
'last' => true,
'message' => __('This OTP is not valid.'),
]])
->add('hotp', ['isSameYubikeyId' => [
'rule' => [$this, 'isSameYubikeyId'],
'last' => true,
'message' => __('This yubikey is not associated with this user.'),
]])
->add('hotp', ['isValidHotp' => [
'rule' => [$this, 'isValidHotp'],
'message' => __('This OTP is not valid.'),
]]);
return $validator;
}
/**
* Check if string match modehex format
*
* @param string $value value
* @return bool
*/
public function isValidModHex(string $value)
{
return Validation::custom($value, '/^[cbdefghijklnrtuv]{44}$/');
}
/**
* Check if Yubikey Id match what is in account settings
*
* @param string $value value
* @return bool
*/
public function isSameYubikeyId(string $value)
{
$yubikeyId = substr($value, 0, 12);
try {
$yubikeyIdInSettings = $this->settings->getAccountSettings()->getYubikeyId();
} catch (RecordNotFoundException $exception) {
return false;
}
return $yubikeyId === $yubikeyIdInSettings;
}
/**
* Custom validation rule to validate yubikey otp using Yubicloud
*
* @param string $value hotp
* @return bool
*/
public function isValidHotp(string $value): bool
{
try {
$secretKey = $this->settings->getOrganizationSettings()->getYubikeyOTPSecretKey();
$clientId = $this->settings->getOrganizationSettings()->getYubikeyOTPClientId();
} catch (RecordNotFoundException $exception) {
throw new InternalErrorException($exception->getMessage(), 500, $exception);
}
return $this->checkYubikey($value, $secretKey, $clientId);
}
/**
* Vendor validation.
* Mock this method in integration test.
*
* @param string $otp OTP
* @param string $secretKey Secret Key
* @param string $clientId Client ID
* @return bool
*/
public function checkYubikey(string $otp, string $secretKey, string $clientId): bool
{
$request = new Validate($secretKey, $clientId);
$response = $request->check($otp);
return $response->success();
}
}
?>
Did this file decode correctly?
Original Code
<?php
declare(strict_types=1);
/**
* Passbolt ~ Open source password manager for teams
* Copyright (c) Passbolt SA (https://www.passbolt.com)
*
* Licensed under GNU Affero General Public License version 3 of the or any later version.
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) Passbolt SA (https://www.passbolt.com)
* @license https://opensource.org/licenses/AGPL-3.0 AGPL License
* @link https://www.passbolt.com Passbolt(tm)
* @since 2.5.0
*/
namespace Passbolt\MultiFactorAuthentication\Form\Yubikey;
use App\Utility\UserAccessControl;
use Cake\Datasource\Exception\RecordNotFoundException;
use Cake\Form\Schema;
use Cake\Http\Exception\InternalErrorException;
use Cake\Validation\Validation;
use Cake\Validation\Validator;
use Passbolt\MultiFactorAuthentication\Form\MfaForm;
use Passbolt\MultiFactorAuthentication\Utility\MfaSettings;
use Yubikey\Validate;
class YubikeyVerifyForm extends MfaForm
{
/**
* @var \Passbolt\MultiFactorAuthentication\Utility\MfaSettings
*/
protected $settings;
/**
* VerifyForm constructor.
*
* @param \App\Utility\UserAccessControl $uac access control
* @param \Passbolt\MultiFactorAuthentication\Utility\MfaSettings $settings settings
*/
public function __construct(UserAccessControl $uac, MfaSettings $settings)
{
parent::__construct($uac);
$this->settings = $settings;
}
/**
* Build form schema
*
* @param \Cake\Form\Schema $schema schema
* @return \Cake\Form\Schema
*/
protected function _buildSchema(Schema $schema): Schema
{
return $schema
->addField('hotp', ['type' => 'string']);
}
/**
* Build form validation
*
* @param \Cake\Validation\Validator $validator validator
* @return \Cake\Validation\Validator
*/
public function validationDefault(Validator $validator): Validator
{
$validator
->requirePresence('hotp', __('An OTP is required.'))
->notEmptyString('hotp', __('The OTP should not be empty.'))
->add('hotp', ['isValidModhex' => [
'rule' => [$this, 'isValidModhex'],
'last' => true,
'message' => __('This OTP is not valid.'),
]])
->add('hotp', ['isSameYubikeyId' => [
'rule' => [$this, 'isSameYubikeyId'],
'last' => true,
'message' => __('This yubikey is not associated with this user.'),
]])
->add('hotp', ['isValidHotp' => [
'rule' => [$this, 'isValidHotp'],
'message' => __('This OTP is not valid.'),
]]);
return $validator;
}
/**
* Check if string match modehex format
*
* @param string $value value
* @return bool
*/
public function isValidModHex(string $value)
{
return Validation::custom($value, '/^[cbdefghijklnrtuv]{44}$/');
}
/**
* Check if Yubikey Id match what is in account settings
*
* @param string $value value
* @return bool
*/
public function isSameYubikeyId(string $value)
{
$yubikeyId = substr($value, 0, 12);
try {
$yubikeyIdInSettings = $this->settings->getAccountSettings()->getYubikeyId();
} catch (RecordNotFoundException $exception) {
return false;
}
return $yubikeyId === $yubikeyIdInSettings;
}
/**
* Custom validation rule to validate yubikey otp using Yubicloud
*
* @param string $value hotp
* @return bool
*/
public function isValidHotp(string $value): bool
{
try {
$secretKey = $this->settings->getOrganizationSettings()->getYubikeyOTPSecretKey();
$clientId = $this->settings->getOrganizationSettings()->getYubikeyOTPClientId();
} catch (RecordNotFoundException $exception) {
throw new InternalErrorException($exception->getMessage(), 500, $exception);
}
return $this->checkYubikey($value, $secretKey, $clientId);
}
/**
* Vendor validation.
* Mock this method in integration test.
*
* @param string $otp OTP
* @param string $secretKey Secret Key
* @param string $clientId Client ID
* @return bool
*/
public function checkYubikey(string $otp, string $secretKey, string $clientId): bool
{
$request = new Validate($secretKey, $clientId);
$response = $request->check($otp);
return $response->success();
}
}
Function Calls
None |
Stats
MD5 | e625968a52c8f4c290f963bce3a28472 |
Eval Count | 0 |
Decode Time | 71 ms |