diff --git a/data/web/inc/lib/composer.lock b/data/web/inc/lib/composer.lock index 7585353751..7be7a7d43f 100644 --- a/data/web/inc/lib/composer.lock +++ b/data/web/inc/lib/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "139c1e5dec323144cd778ce80fd1847e", + "content-hash": "6c4a1dce9b5f22b95c5cd87ecf0eb333", "packages": [ { "name": "bshaffer/oauth2-server-php", @@ -541,56 +541,6 @@ ], "time": "2022-02-13T18:13:33+00:00" }, - { - "name": "paragonie/random_compat", - "version": "v9.99.100", - "source": { - "type": "git", - "url": "https://github.com/paragonie/random_compat.git", - "reference": "996434e5492cb4c3edcb9168db6fbb1359ef965a" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/paragonie/random_compat/zipball/996434e5492cb4c3edcb9168db6fbb1359ef965a", - "reference": "996434e5492cb4c3edcb9168db6fbb1359ef965a", - "shasum": "" - }, - "require": { - "php": ">= 7" - }, - "require-dev": { - "phpunit/phpunit": "4.*|5.*", - "vimeo/psalm": "^1" - }, - "suggest": { - "ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes." - }, - "type": "library", - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "authors": [ - { - "name": "Paragon Initiative Enterprises", - "email": "security@paragonie.com", - "homepage": "https://paragonie.com" - } - ], - "description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7", - "keywords": [ - "csprng", - "polyfill", - "pseudorandom", - "random" - ], - "support": { - "email": "info@paragonie.com", - "issues": "https://github.com/paragonie/random_compat/issues", - "source": "https://github.com/paragonie/random_compat" - }, - "time": "2020-10-15T08:29:30+00:00" - }, { "name": "php-mime-mail-parser/php-mime-mail-parser", "version": "7.0.0", @@ -1677,47 +1627,6 @@ } ], "time": "2022-09-28T08:42:51+00:00" - }, - { - "name": "yubico/u2flib-server", - "version": "1.0.2", - "source": { - "type": "git", - "url": "https://github.com/Yubico/php-u2flib-server.git", - "reference": "55d813acf68212ad2cadecde07551600d6971939" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/Yubico/php-u2flib-server/zipball/55d813acf68212ad2cadecde07551600d6971939", - "reference": "55d813acf68212ad2cadecde07551600d6971939", - "shasum": "" - }, - "require": { - "ext-openssl": "*", - "paragonie/random_compat": ">= 1", - "php": ">=5.6" - }, - "require-dev": { - "phpunit/phpunit": "~5.7", - "vimeo/psalm": "^0|^1|^2" - }, - "type": "library", - "autoload": { - "classmap": [ - "src/" - ] - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "BSD-2-Clause" - ], - "description": "Library for U2F implementation", - "homepage": "https://developers.yubico.com/php-u2flib-server", - "support": { - "issues": "https://github.com/Yubico/php-u2flib-server/issues", - "source": "https://github.com/Yubico/php-u2flib-server/tree/1.0.2" - }, - "time": "2018-09-07T08:16:44+00:00" } ], "packages-dev": [], diff --git a/data/web/inc/lib/vendor/composer/autoload_classmap.php b/data/web/inc/lib/vendor/composer/autoload_classmap.php index f3327f110c..a986241bdb 100644 --- a/data/web/inc/lib/vendor/composer/autoload_classmap.php +++ b/data/web/inc/lib/vendor/composer/autoload_classmap.php @@ -11,9 +11,4 @@ 'Stringable' => $vendorDir . '/symfony/polyfill-php80/Resources/stubs/Stringable.php', 'UnhandledMatchError' => $vendorDir . '/symfony/polyfill-php80/Resources/stubs/UnhandledMatchError.php', 'ValueError' => $vendorDir . '/symfony/polyfill-php80/Resources/stubs/ValueError.php', - 'u2flib_server\\Error' => $vendorDir . '/yubico/u2flib-server/src/u2flib_server/U2F.php', - 'u2flib_server\\RegisterRequest' => $vendorDir . '/yubico/u2flib-server/src/u2flib_server/U2F.php', - 'u2flib_server\\Registration' => $vendorDir . '/yubico/u2flib-server/src/u2flib_server/U2F.php', - 'u2flib_server\\SignRequest' => $vendorDir . '/yubico/u2flib-server/src/u2flib_server/U2F.php', - 'u2flib_server\\U2F' => $vendorDir . '/yubico/u2flib-server/src/u2flib_server/U2F.php', ); diff --git a/data/web/inc/lib/vendor/composer/autoload_static.php b/data/web/inc/lib/vendor/composer/autoload_static.php index 94606e8316..a819adf631 100644 --- a/data/web/inc/lib/vendor/composer/autoload_static.php +++ b/data/web/inc/lib/vendor/composer/autoload_static.php @@ -174,11 +174,6 @@ class ComposerStaticInit873464e4bd965a3168f133248b1b218b 'Stringable' => __DIR__ . '/..' . '/symfony/polyfill-php80/Resources/stubs/Stringable.php', 'UnhandledMatchError' => __DIR__ . '/..' . '/symfony/polyfill-php80/Resources/stubs/UnhandledMatchError.php', 'ValueError' => __DIR__ . '/..' . '/symfony/polyfill-php80/Resources/stubs/ValueError.php', - 'u2flib_server\\Error' => __DIR__ . '/..' . '/yubico/u2flib-server/src/u2flib_server/U2F.php', - 'u2flib_server\\RegisterRequest' => __DIR__ . '/..' . '/yubico/u2flib-server/src/u2flib_server/U2F.php', - 'u2flib_server\\Registration' => __DIR__ . '/..' . '/yubico/u2flib-server/src/u2flib_server/U2F.php', - 'u2flib_server\\SignRequest' => __DIR__ . '/..' . '/yubico/u2flib-server/src/u2flib_server/U2F.php', - 'u2flib_server\\U2F' => __DIR__ . '/..' . '/yubico/u2flib-server/src/u2flib_server/U2F.php', ); public static function getInitializer(ClassLoader $loader) diff --git a/data/web/inc/lib/vendor/composer/installed.json b/data/web/inc/lib/vendor/composer/installed.json index e21edcc683..d910fa544e 100644 --- a/data/web/inc/lib/vendor/composer/installed.json +++ b/data/web/inc/lib/vendor/composer/installed.json @@ -551,59 +551,6 @@ ], "install-path": "../nesbot/carbon" }, - { - "name": "paragonie/random_compat", - "version": "v9.99.100", - "version_normalized": "9.99.100.0", - "source": { - "type": "git", - "url": "https://github.com/paragonie/random_compat.git", - "reference": "996434e5492cb4c3edcb9168db6fbb1359ef965a" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/paragonie/random_compat/zipball/996434e5492cb4c3edcb9168db6fbb1359ef965a", - "reference": "996434e5492cb4c3edcb9168db6fbb1359ef965a", - "shasum": "" - }, - "require": { - "php": ">= 7" - }, - "require-dev": { - "phpunit/phpunit": "4.*|5.*", - "vimeo/psalm": "^1" - }, - "suggest": { - "ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes." - }, - "time": "2020-10-15T08:29:30+00:00", - "type": "library", - "installation-source": "dist", - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "authors": [ - { - "name": "Paragon Initiative Enterprises", - "email": "security@paragonie.com", - "homepage": "https://paragonie.com" - } - ], - "description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7", - "keywords": [ - "csprng", - "polyfill", - "pseudorandom", - "random" - ], - "support": { - "email": "info@paragonie.com", - "issues": "https://github.com/paragonie/random_compat/issues", - "source": "https://github.com/paragonie/random_compat" - }, - "install-path": "../paragonie/random_compat" - }, { "name": "php-mime-mail-parser/php-mime-mail-parser", "version": "7.0.0", @@ -1730,46 +1677,6 @@ } ], "install-path": "../twig/twig" - }, - { - "name": "yubico/u2flib-server", - "version": "1.0.2", - "version_normalized": "1.0.2.0", - "source": { - "type": "git", - "url": "https://github.com/Yubico/php-u2flib-server.git", - "reference": "55d813acf68212ad2cadecde07551600d6971939" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/Yubico/php-u2flib-server/zipball/55d813acf68212ad2cadecde07551600d6971939", - "reference": "55d813acf68212ad2cadecde07551600d6971939", - "shasum": "" - }, - "require": { - "ext-openssl": "*", - "paragonie/random_compat": ">= 1", - "php": ">=5.6" - }, - "require-dev": { - "phpunit/phpunit": "~5.7", - "vimeo/psalm": "^0|^1|^2" - }, - "time": "2018-09-07T08:16:44+00:00", - "type": "library", - "installation-source": "dist", - "autoload": { - "classmap": [ - "src/" - ] - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "BSD-2-Clause" - ], - "description": "Library for U2F implementation", - "homepage": "https://developers.yubico.com/php-u2flib-server", - "install-path": "../yubico/u2flib-server" } ], "dev": true, diff --git a/data/web/inc/lib/vendor/composer/installed.php b/data/web/inc/lib/vendor/composer/installed.php index c45f177e28..fa2ed8e5e4 100644 --- a/data/web/inc/lib/vendor/composer/installed.php +++ b/data/web/inc/lib/vendor/composer/installed.php @@ -3,7 +3,7 @@ 'name' => '__root__', 'pretty_version' => 'dev-master', 'version' => 'dev-master', - 'reference' => '8e0b1d8aee4af02311692cb031695cc2ac3850fd', + 'reference' => 'a7e309f1c89c5579653fae00ec9655bb5f992ec6', 'type' => 'library', 'install_path' => __DIR__ . '/../../', 'aliases' => array(), @@ -13,7 +13,7 @@ '__root__' => array( 'pretty_version' => 'dev-master', 'version' => 'dev-master', - 'reference' => '8e0b1d8aee4af02311692cb031695cc2ac3850fd', + 'reference' => 'a7e309f1c89c5579653fae00ec9655bb5f992ec6', 'type' => 'library', 'install_path' => __DIR__ . '/../../', 'aliases' => array(), @@ -103,15 +103,6 @@ 'aliases' => array(), 'dev_requirement' => false, ), - 'paragonie/random_compat' => array( - 'pretty_version' => 'v9.99.100', - 'version' => '9.99.100.0', - 'reference' => '996434e5492cb4c3edcb9168db6fbb1359ef965a', - 'type' => 'library', - 'install_path' => __DIR__ . '/../paragonie/random_compat', - 'aliases' => array(), - 'dev_requirement' => false, - ), 'php-mime-mail-parser/php-mime-mail-parser' => array( 'pretty_version' => '7.0.0', 'version' => '7.0.0.0', @@ -253,14 +244,5 @@ 'aliases' => array(), 'dev_requirement' => false, ), - 'yubico/u2flib-server' => array( - 'pretty_version' => '1.0.2', - 'version' => '1.0.2.0', - 'reference' => '55d813acf68212ad2cadecde07551600d6971939', - 'type' => 'library', - 'install_path' => __DIR__ . '/../yubico/u2flib-server', - 'aliases' => array(), - 'dev_requirement' => false, - ), ), ); diff --git a/data/web/inc/lib/vendor/paragonie/random_compat/LICENSE b/data/web/inc/lib/vendor/paragonie/random_compat/LICENSE deleted file mode 100644 index 45c7017dfb..0000000000 --- a/data/web/inc/lib/vendor/paragonie/random_compat/LICENSE +++ /dev/null @@ -1,22 +0,0 @@ -The MIT License (MIT) - -Copyright (c) 2015 Paragon Initiative Enterprises - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. - diff --git a/data/web/inc/lib/vendor/paragonie/random_compat/build-phar.sh b/data/web/inc/lib/vendor/paragonie/random_compat/build-phar.sh deleted file mode 100755 index b4a5ba31cc..0000000000 --- a/data/web/inc/lib/vendor/paragonie/random_compat/build-phar.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/env bash - -basedir=$( dirname $( readlink -f ${BASH_SOURCE[0]} ) ) - -php -dphar.readonly=0 "$basedir/other/build_phar.php" $* \ No newline at end of file diff --git a/data/web/inc/lib/vendor/paragonie/random_compat/composer.json b/data/web/inc/lib/vendor/paragonie/random_compat/composer.json deleted file mode 100644 index f2b9c4e510..0000000000 --- a/data/web/inc/lib/vendor/paragonie/random_compat/composer.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "name": "paragonie/random_compat", - "description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7", - "keywords": [ - "csprng", - "random", - "polyfill", - "pseudorandom" - ], - "license": "MIT", - "type": "library", - "authors": [ - { - "name": "Paragon Initiative Enterprises", - "email": "security@paragonie.com", - "homepage": "https://paragonie.com" - } - ], - "support": { - "issues": "https://github.com/paragonie/random_compat/issues", - "email": "info@paragonie.com", - "source": "https://github.com/paragonie/random_compat" - }, - "require": { - "php": ">= 7" - }, - "require-dev": { - "vimeo/psalm": "^1", - "phpunit/phpunit": "4.*|5.*" - }, - "suggest": { - "ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes." - } -} diff --git a/data/web/inc/lib/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey b/data/web/inc/lib/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey deleted file mode 100644 index eb50ebfcd6..0000000000 --- a/data/web/inc/lib/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN PUBLIC KEY----- -MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEEd+wCqJDrx5B4OldM0dQE0ZMX+lx1ZWm -pui0SUqD4G29L3NGsz9UhJ/0HjBdbnkhIK5xviT0X5vtjacF6ajgcCArbTB+ds+p -+h7Q084NuSuIpNb6YPfoUFgC/CL9kAoc ------END PUBLIC KEY----- diff --git a/data/web/inc/lib/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey.asc b/data/web/inc/lib/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey.asc deleted file mode 100644 index 6a1d7f3006..0000000000 --- a/data/web/inc/lib/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.22 (MingW32) - -iQEcBAABAgAGBQJWtW1hAAoJEGuXocKCZATaJf0H+wbZGgskK1dcRTsuVJl9IWip -QwGw/qIKI280SD6/ckoUMxKDCJiFuPR14zmqnS36k7N5UNPnpdTJTS8T11jttSpg -1LCmgpbEIpgaTah+cELDqFCav99fS+bEiAL5lWDAHBTE/XPjGVCqeehyPYref4IW -NDBIEsvnHPHPLsn6X5jq4+Yj5oUixgxaMPiR+bcO4Sh+RzOVB6i2D0upWfRXBFXA -NNnsg9/zjvoC7ZW73y9uSH+dPJTt/Vgfeiv52/v41XliyzbUyLalf02GNPY+9goV -JHG1ulEEBJOCiUD9cE1PUIJwHA/HqyhHIvV350YoEFiHl8iSwm7SiZu5kPjaq74= -=B6+8 ------END PGP SIGNATURE----- diff --git a/data/web/inc/lib/vendor/paragonie/random_compat/lib/random.php b/data/web/inc/lib/vendor/paragonie/random_compat/lib/random.php deleted file mode 100644 index c7731a56ff..0000000000 --- a/data/web/inc/lib/vendor/paragonie/random_compat/lib/random.php +++ /dev/null @@ -1,32 +0,0 @@ -buildFromDirectory(dirname(__DIR__).'/lib'); -rename( - dirname(__DIR__).'/lib/index.php', - dirname(__DIR__).'/lib/random.php' -); - -/** - * If we pass an (optional) path to a private key as a second argument, we will - * sign the Phar with OpenSSL. - * - * If you leave this out, it will produce an unsigned .phar! - */ -if ($argc > 1) { - if (!@is_readable($argv[1])) { - echo 'Could not read the private key file:', $argv[1], "\n"; - exit(255); - } - $pkeyFile = file_get_contents($argv[1]); - - $private = openssl_get_privatekey($pkeyFile); - if ($private !== false) { - $pkey = ''; - openssl_pkey_export($private, $pkey); - $phar->setSignatureAlgorithm(Phar::OPENSSL, $pkey); - - /** - * Save the corresponding public key to the file - */ - if (!@is_readable($dist.'/random_compat.phar.pubkey')) { - $details = openssl_pkey_get_details($private); - file_put_contents( - $dist.'/random_compat.phar.pubkey', - $details['key'] - ); - } - } else { - echo 'An error occurred reading the private key from OpenSSL.', "\n"; - exit(255); - } -} diff --git a/data/web/inc/lib/vendor/paragonie/random_compat/psalm-autoload.php b/data/web/inc/lib/vendor/paragonie/random_compat/psalm-autoload.php deleted file mode 100644 index d71d1b818c..0000000000 --- a/data/web/inc/lib/vendor/paragonie/random_compat/psalm-autoload.php +++ /dev/null @@ -1,9 +0,0 @@ - - - - - - - - - - - - - - - diff --git a/data/web/inc/lib/vendor/yubico/u2flib-server/.gitignore b/data/web/inc/lib/vendor/yubico/u2flib-server/.gitignore deleted file mode 100644 index 0d968f1a6e..0000000000 --- a/data/web/inc/lib/vendor/yubico/u2flib-server/.gitignore +++ /dev/null @@ -1,7 +0,0 @@ -composer.lock -vendor/ -.*.swp -php-u2flib-server-*.tar.gz -php-u2flib-server-*.tar.gz.sig -apidocs/ -build/ diff --git a/data/web/inc/lib/vendor/yubico/u2flib-server/.travis.yml b/data/web/inc/lib/vendor/yubico/u2flib-server/.travis.yml deleted file mode 100644 index beade3b007..0000000000 --- a/data/web/inc/lib/vendor/yubico/u2flib-server/.travis.yml +++ /dev/null @@ -1,23 +0,0 @@ -language: php -sudo: false -php: - - 7.0 - - 7.1 - - 7.2 - - hhvm -matrix: - include: - - php: 5.6 - env: COVERALLS=true - allow_failures: - - php: hhvm - -before_script: - - composer install - -script: - - ./vendor/bin/psalm - - ./vendor/phpunit/phpunit/phpunit -c phpunit.xml - -after_success: - - test -z $COVERALLS || (composer require satooshi/php-coveralls && vendor/bin/coveralls -v) diff --git a/data/web/inc/lib/vendor/yubico/u2flib-server/BLURB b/data/web/inc/lib/vendor/yubico/u2flib-server/BLURB deleted file mode 100644 index c57974215c..0000000000 --- a/data/web/inc/lib/vendor/yubico/u2flib-server/BLURB +++ /dev/null @@ -1,9 +0,0 @@ -Author: Yubico -Basename: php-u2flib-server -Homepage: https://developers.yubico.com/php-u2flib-server -License: BSD-2-Clause -Name: Native U2F library in PHP -Project: php-u2flib-server -Summary: Native U2F library in PHP -Yubico-Category: U2F projects -Travis: https://travis-ci.org/Yubico/php-u2flib-server diff --git a/data/web/inc/lib/vendor/yubico/u2flib-server/COPYING b/data/web/inc/lib/vendor/yubico/u2flib-server/COPYING deleted file mode 100644 index 427c91756d..0000000000 --- a/data/web/inc/lib/vendor/yubico/u2flib-server/COPYING +++ /dev/null @@ -1,26 +0,0 @@ -Copyright (c) 2014 Yubico AB -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - - * Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials provided - with the distribution. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/data/web/inc/lib/vendor/yubico/u2flib-server/NEWS b/data/web/inc/lib/vendor/yubico/u2flib-server/NEWS deleted file mode 100644 index 496175edf3..0000000000 --- a/data/web/inc/lib/vendor/yubico/u2flib-server/NEWS +++ /dev/null @@ -1,34 +0,0 @@ -php-u2flib-server NEWS -- History of user-visible changes. - -* Version 1.0.2 (released 2018-09-07) - ** Additional error checks. - ** Add user presence check. - ** Support single files for attestation root. - ** Type safety, CSPRNG, avoid chr(). - -* Version 1.0.1 (released 2017-05-09) - ** Move examples to phps so they don't execute by default - ** Use common challenge for multiple registrations - -* Version 1.0.0 (released 2016-02-19) - ** Give an early error on openssl < 1.0 - ** Support devices with initial counter 0 - ** Fixes to examples - ** Handle errorCode: 0 correctly - -* Version 0.1.0 (released 2015-03-03) - ** Use openssl for all crypto instead of third party extensions. - ** Properly check the request challenge on authenticate. - ** Switch from returning error codes to throwing exceptions. - ** Stop recommending composer for installation. - -* Version 0.0.2 (released 2014-10-24) - ** Refactor the API to return objects instead of encoded objects. - ** Add a second example that uses PDO to store registrations. - ** Add documentation to the API. - ** Check that randomness returned is good. - ** Drop the unneeded mcrypt extension. - ** More tests. - -* Version 0.0.1 (released 2014-10-16) - ** Initial release. diff --git a/data/web/inc/lib/vendor/yubico/u2flib-server/README b/data/web/inc/lib/vendor/yubico/u2flib-server/README deleted file mode 100644 index 0116a270c8..0000000000 --- a/data/web/inc/lib/vendor/yubico/u2flib-server/README +++ /dev/null @@ -1,34 +0,0 @@ -php-u2flib-server ------------------ - -image:https://travis-ci.org/Yubico/php-u2flib-server.svg?branch=master["Build Status", link="https://travis-ci.org/Yubico/php-u2flib-server"] -image:https://coveralls.io/repos/Yubico/php-u2flib-server/badge.svg?branch=master&service=github["Coverage", link="https://coveralls.io/github/Yubico/php-u2flib-server?branch=master"] -image:https://scrutinizer-ci.com/g/Yubico/php-u2flib-server/badges/quality-score.png?b=master["Scrutinizer Code Quality", link="https://scrutinizer-ci.com/g/Yubico/php-u2flib-server/?branch=master"] - -=== Introduction === - -Serverside U2F library for PHP. Provides functionality for registering -tokens and authentication with said tokens. - -To read more about U2F and how to use a U2F library, visit -link:http://developers.yubico.com/U2F[developers.yubico.com/U2F]. - -=== License === - -The project is licensed under a BSD license. See the file COPYING for -exact wording. For any copyright year range specified as YYYY-ZZZZ in -this package note that the range specifies every single year in that -closed interval. - -=== Dependencies === - -The only dependency is the openssl extension to PHP that has to be enabled. - -A composer.json is included in the distribution to make things simpler for -other project using composer. - -=== Tests === - -To run the test suite link:https://phpunit.de[PHPUnit] is required. To run it, type: - - $ phpunit diff --git a/data/web/inc/lib/vendor/yubico/u2flib-server/README.adoc b/data/web/inc/lib/vendor/yubico/u2flib-server/README.adoc deleted file mode 120000 index 100b93820a..0000000000 --- a/data/web/inc/lib/vendor/yubico/u2flib-server/README.adoc +++ /dev/null @@ -1 +0,0 @@ -README \ No newline at end of file diff --git a/data/web/inc/lib/vendor/yubico/u2flib-server/apigen.neon b/data/web/inc/lib/vendor/yubico/u2flib-server/apigen.neon deleted file mode 100644 index bbb7071b54..0000000000 --- a/data/web/inc/lib/vendor/yubico/u2flib-server/apigen.neon +++ /dev/null @@ -1,13 +0,0 @@ -destination: apidocs - -source: - - src/u2flib_server - -exclude: - - "*/tests/*" - -groups: none - -tree: false - -title: php-u2flib-server API diff --git a/data/web/inc/lib/vendor/yubico/u2flib-server/composer.json b/data/web/inc/lib/vendor/yubico/u2flib-server/composer.json deleted file mode 100644 index 3f2d9eab75..0000000000 --- a/data/web/inc/lib/vendor/yubico/u2flib-server/composer.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name":"yubico/u2flib-server", - "description":"Library for U2F implementation", - "homepage":"https://developers.yubico.com/php-u2flib-server", - "license":"BSD-2-Clause", - "require": { - "ext-openssl":"*", - "paragonie/random_compat": ">= 1", - "php": ">=5.6" - }, - "autoload": { - "classmap": ["src/"] - }, - "require-dev": { - "phpunit/phpunit": "~5.7", - "vimeo/psalm": "^0|^1|^2" - } -} diff --git a/data/web/inc/lib/vendor/yubico/u2flib-server/do-source-release.sh b/data/web/inc/lib/vendor/yubico/u2flib-server/do-source-release.sh deleted file mode 100755 index 7e50173644..0000000000 --- a/data/web/inc/lib/vendor/yubico/u2flib-server/do-source-release.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/sh - -set -e - -VERSION=$1 -PGP_KEYID=$2 - -if [ "x$PGP_KEYID" = "x" ]; then - echo "try with $0 VERSION PGP_KEYID" - echo "example: $0 0.0.1 B2168C0A" - exit -fi - -if ! head -3 NEWS | grep -q "Version $VERSION .released `date -I`"; then - echo "You need to update date/version in NEWS" - exit -fi - -if [ "x$YUBICO_GITHUB_REPO" = "x" ]; then - echo "you need to define YUBICO_GITHUB_REPO" - exit -fi - -releasename=php-u2flib-server-${VERSION} - -git push -git tag -u ${PGP_KEYID} -m $VERSION $VERSION -git push --tags -tmpdir=`mktemp -d /tmp/release.XXXXXX` -releasedir=${tmpdir}/${releasename} -mkdir -p $releasedir -git archive $VERSION --format=tar | tar -xC $releasedir -git2cl > $releasedir/ChangeLog -cd $releasedir -apigen generate -cd - -tar -cz --directory=$tmpdir --file=${releasename}.tar.gz $releasename -gpg --detach-sign --default-key $PGP_KEYID ${releasename}.tar.gz -$YUBICO_GITHUB_REPO/publish php-u2flib-server $VERSION ${releasename}.tar.gz* -rm -rf $tmpdir diff --git a/data/web/inc/lib/vendor/yubico/u2flib-server/examples/assets/u2f-api.js b/data/web/inc/lib/vendor/yubico/u2flib-server/examples/assets/u2f-api.js deleted file mode 100644 index 0f06f50d60..0000000000 --- a/data/web/inc/lib/vendor/yubico/u2flib-server/examples/assets/u2f-api.js +++ /dev/null @@ -1,651 +0,0 @@ -// Copyright 2014-2015 Google Inc. All rights reserved. -// -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file or at -// https://developers.google.com/open-source/licenses/bsd - -/** - * @fileoverview The U2F api. - */ - -'use strict'; - -/** Namespace for the U2F api. - * @type {Object} - */ -var u2f = u2f || {}; - -/** - * The U2F extension id - * @type {string} - * @const - */ -u2f.EXTENSION_ID = 'kmendfapggjehodndflmmgagdbamhnfd'; - -/** - * Message types for messsages to/from the extension - * @const - * @enum {string} - */ -u2f.MessageTypes = { - 'U2F_REGISTER_REQUEST': 'u2f_register_request', - 'U2F_SIGN_REQUEST': 'u2f_sign_request', - 'U2F_REGISTER_RESPONSE': 'u2f_register_response', - 'U2F_SIGN_RESPONSE': 'u2f_sign_response' -}; - -/** - * Response status codes - * @const - * @enum {number} - */ -u2f.ErrorCodes = { - 'OK': 0, - 'OTHER_ERROR': 1, - 'BAD_REQUEST': 2, - 'CONFIGURATION_UNSUPPORTED': 3, - 'DEVICE_INELIGIBLE': 4, - 'TIMEOUT': 5 -}; - -/** - * A message type for registration requests - * @typedef {{ - * type: u2f.MessageTypes, - * signRequests: Array, - * registerRequests: ?Array, - * timeoutSeconds: ?number, - * requestId: ?number - * }} - */ -u2f.Request; - -/** - * A message for registration responses - * @typedef {{ - * type: u2f.MessageTypes, - * responseData: (u2f.Error | u2f.RegisterResponse | u2f.SignResponse), - * requestId: ?number - * }} - */ -u2f.Response; - -/** - * An error object for responses - * @typedef {{ - * errorCode: u2f.ErrorCodes, - * errorMessage: ?string - * }} - */ -u2f.Error; - -/** - * Data object for a single sign request. - * @typedef {{ - * version: string, - * challenge: string, - * keyHandle: string, - * appId: string - * }} - */ -u2f.SignRequest; - -/** - * Data object for a sign response. - * @typedef {{ - * keyHandle: string, - * signatureData: string, - * clientData: string - * }} - */ -u2f.SignResponse; - -/** - * Data object for a registration request. - * @typedef {{ - * version: string, - * challenge: string, - * appId: string - * }} - */ -u2f.RegisterRequest; - -/** - * Data object for a registration response. - * @typedef {{ - * registrationData: string, - * clientData: string - * }} - */ -u2f.RegisterResponse; - - -// Low level MessagePort API support - -/** - * Sets up a MessagePort to the U2F extension using the - * available mechanisms. - * @param {function((MessagePort|u2f.WrappedChromeRuntimePort_))} callback - */ -u2f.getMessagePort = function(callback) { - if (typeof chrome != 'undefined' && chrome.runtime) { - // The actual message here does not matter, but we need to get a reply - // for the callback to run. Thus, send an empty signature request - // in order to get a failure response. - var msg = { - type: u2f.MessageTypes.U2F_SIGN_REQUEST, - signRequests: [] - }; - chrome.runtime.sendMessage(u2f.EXTENSION_ID, msg, function() { - if (!chrome.runtime.lastError) { - // We are on a whitelisted origin and can talk directly - // with the extension. - u2f.getChromeRuntimePort_(callback); - } else { - // chrome.runtime was available, but we couldn't message - // the extension directly, use iframe - u2f.getIframePort_(callback); - } - }); - } else if (u2f.isAndroidChrome_()) { - u2f.getAuthenticatorPort_(callback); - } else { - // chrome.runtime was not available at all, which is normal - // when this origin doesn't have access to any extensions. - u2f.getIframePort_(callback); - } -}; - -/** - * Detect chrome running on android based on the browser's useragent. - * @private - */ -u2f.isAndroidChrome_ = function() { - var userAgent = navigator.userAgent; - return userAgent.indexOf('Chrome') != -1 && - userAgent.indexOf('Android') != -1; -}; - -/** - * Connects directly to the extension via chrome.runtime.connect - * @param {function(u2f.WrappedChromeRuntimePort_)} callback - * @private - */ -u2f.getChromeRuntimePort_ = function(callback) { - var port = chrome.runtime.connect(u2f.EXTENSION_ID, - {'includeTlsChannelId': true}); - setTimeout(function() { - callback(new u2f.WrappedChromeRuntimePort_(port)); - }, 0); -}; - -/** - * Return a 'port' abstraction to the Authenticator app. - * @param {function(u2f.WrappedAuthenticatorPort_)} callback - * @private - */ -u2f.getAuthenticatorPort_ = function(callback) { - setTimeout(function() { - callback(new u2f.WrappedAuthenticatorPort_()); - }, 0); -}; - -/** - * A wrapper for chrome.runtime.Port that is compatible with MessagePort. - * @param {Port} port - * @constructor - * @private - */ -u2f.WrappedChromeRuntimePort_ = function(port) { - this.port_ = port; -}; - -/** - * Format a return a sign request. - * @param {Array} signRequests - * @param {number} timeoutSeconds - * @param {number} reqId - * @return {Object} - */ -u2f.WrappedChromeRuntimePort_.prototype.formatSignRequest_ = - function(signRequests, timeoutSeconds, reqId) { - return { - type: u2f.MessageTypes.U2F_SIGN_REQUEST, - signRequests: signRequests, - timeoutSeconds: timeoutSeconds, - requestId: reqId - }; - }; - -/** - * Format a return a register request. - * @param {Array} signRequests - * @param {Array} signRequests - * @param {number} timeoutSeconds - * @param {number} reqId - * @return {Object} - */ -u2f.WrappedChromeRuntimePort_.prototype.formatRegisterRequest_ = - function(signRequests, registerRequests, timeoutSeconds, reqId) { - return { - type: u2f.MessageTypes.U2F_REGISTER_REQUEST, - signRequests: signRequests, - registerRequests: registerRequests, - timeoutSeconds: timeoutSeconds, - requestId: reqId - }; - }; - -/** - * Posts a message on the underlying channel. - * @param {Object} message - */ -u2f.WrappedChromeRuntimePort_.prototype.postMessage = function(message) { - this.port_.postMessage(message); -}; - -/** - * Emulates the HTML 5 addEventListener interface. Works only for the - * onmessage event, which is hooked up to the chrome.runtime.Port.onMessage. - * @param {string} eventName - * @param {function({data: Object})} handler - */ -u2f.WrappedChromeRuntimePort_.prototype.addEventListener = - function(eventName, handler) { - var name = eventName.toLowerCase(); - if (name == 'message' || name == 'onmessage') { - this.port_.onMessage.addListener(function(message) { - // Emulate a minimal MessageEvent object - handler({'data': message}); - }); - } else { - console.error('WrappedChromeRuntimePort only supports onMessage'); - } - }; - -/** - * Wrap the Authenticator app with a MessagePort interface. - * @constructor - * @private - */ -u2f.WrappedAuthenticatorPort_ = function() { - this.requestId_ = -1; - this.requestObject_ = null; -} - -/** - * Launch the Authenticator intent. - * @param {Object} message - */ -u2f.WrappedAuthenticatorPort_.prototype.postMessage = function(message) { - var intentLocation = /** @type {string} */ (message); - document.location = intentLocation; -}; - -/** - * Emulates the HTML 5 addEventListener interface. - * @param {string} eventName - * @param {function({data: Object})} handler - */ -u2f.WrappedAuthenticatorPort_.prototype.addEventListener = - function(eventName, handler) { - var name = eventName.toLowerCase(); - if (name == 'message') { - var self = this; - /* Register a callback to that executes when - * chrome injects the response. */ - window.addEventListener( - 'message', self.onRequestUpdate_.bind(self, handler), false); - } else { - console.error('WrappedAuthenticatorPort only supports message'); - } - }; - -/** - * Callback invoked when a response is received from the Authenticator. - * @param function({data: Object}) callback - * @param {Object} message message Object - */ -u2f.WrappedAuthenticatorPort_.prototype.onRequestUpdate_ = - function(callback, message) { - var messageObject = JSON.parse(message.data); - var intentUrl = messageObject['intentURL']; - - var errorCode = messageObject['errorCode']; - var responseObject = null; - if (messageObject.hasOwnProperty('data')) { - responseObject = /** @type {Object} */ ( - JSON.parse(messageObject['data'])); - responseObject['requestId'] = this.requestId_; - } - - /* Sign responses from the authenticator do not conform to U2F, - * convert to U2F here. */ - responseObject = this.doResponseFixups_(responseObject); - callback({'data': responseObject}); - }; - -/** - * Fixup the response provided by the Authenticator to conform with - * the U2F spec. - * @param {Object} responseData - * @return {Object} the U2F compliant response object - */ -u2f.WrappedAuthenticatorPort_.prototype.doResponseFixups_ = - function(responseObject) { - if (responseObject.hasOwnProperty('responseData')) { - return responseObject; - } else if (this.requestObject_['type'] != u2f.MessageTypes.U2F_SIGN_REQUEST) { - // Only sign responses require fixups. If this is not a response - // to a sign request, then an internal error has occurred. - return { - 'type': u2f.MessageTypes.U2F_REGISTER_RESPONSE, - 'responseData': { - 'errorCode': u2f.ErrorCodes.OTHER_ERROR, - 'errorMessage': 'Internal error: invalid response from Authenticator' - } - }; - } - - /* Non-conformant sign response, do fixups. */ - var encodedChallengeObject = responseObject['challenge']; - if (typeof encodedChallengeObject !== 'undefined') { - var challengeObject = JSON.parse(atob(encodedChallengeObject)); - var serverChallenge = challengeObject['challenge']; - var challengesList = this.requestObject_['signData']; - var requestChallengeObject = null; - for (var i = 0; i < challengesList.length; i++) { - var challengeObject = challengesList[i]; - if (challengeObject['keyHandle'] == responseObject['keyHandle']) { - requestChallengeObject = challengeObject; - break; - } - } - } - var responseData = { - 'errorCode': responseObject['resultCode'], - 'keyHandle': responseObject['keyHandle'], - 'signatureData': responseObject['signature'], - 'clientData': encodedChallengeObject - }; - return { - 'type': u2f.MessageTypes.U2F_SIGN_RESPONSE, - 'responseData': responseData, - 'requestId': responseObject['requestId'] - } - }; - -/** - * Base URL for intents to Authenticator. - * @const - * @private - */ -u2f.WrappedAuthenticatorPort_.INTENT_URL_BASE_ = - 'intent:#Intent;action=com.google.android.apps.authenticator.AUTHENTICATE'; - -/** - * Format a return a sign request. - * @param {Array} signRequests - * @param {number} timeoutSeconds (ignored for now) - * @param {number} reqId - * @return {string} - */ -u2f.WrappedAuthenticatorPort_.prototype.formatSignRequest_ = - function(signRequests, timeoutSeconds, reqId) { - if (!signRequests || signRequests.length == 0) { - return null; - } - /* TODO(fixme): stash away requestId, as the authenticator app does - * not return it for sign responses. */ - this.requestId_ = reqId; - /* TODO(fixme): stash away the signRequests, to deal with the legacy - * response format returned by the Authenticator app. */ - this.requestObject_ = { - 'type': u2f.MessageTypes.U2F_SIGN_REQUEST, - 'signData': signRequests, - 'requestId': reqId, - 'timeout': timeoutSeconds - }; - - var appId = signRequests[0]['appId']; - var intentUrl = - u2f.WrappedAuthenticatorPort_.INTENT_URL_BASE_ + - ';S.appId=' + encodeURIComponent(appId) + - ';S.eventId=' + reqId + - ';S.challenges=' + - encodeURIComponent( - JSON.stringify(this.getBrowserDataList_(signRequests))) + ';end'; - return intentUrl; - }; - -/** - * Get the browser data objects from the challenge list - * @param {Array} challenges list of challenges - * @return {Array} list of browser data objects - * @private - */ -u2f.WrappedAuthenticatorPort_ - .prototype.getBrowserDataList_ = function(challenges) { - return challenges - .map(function(challenge) { - var browserData = { - 'typ': 'navigator.id.getAssertion', - 'challenge': challenge['challenge'] - }; - var challengeObject = { - 'challenge' : browserData, - 'keyHandle' : challenge['keyHandle'] - }; - return challengeObject; - }); -}; - -/** - * Format a return a register request. - * @param {Array} signRequests - * @param {Array} enrollChallenges - * @param {number} timeoutSeconds (ignored for now) - * @param {number} reqId - * @return {Object} - */ -u2f.WrappedAuthenticatorPort_.prototype.formatRegisterRequest_ = - function(signRequests, enrollChallenges, timeoutSeconds, reqId) { - if (!enrollChallenges || enrollChallenges.length == 0) { - return null; - } - // Assume the appId is the same for all enroll challenges. - var appId = enrollChallenges[0]['appId']; - var registerRequests = []; - for (var i = 0; i < enrollChallenges.length; i++) { - var registerRequest = { - 'challenge': enrollChallenges[i]['challenge'], - 'version': enrollChallenges[i]['version'] - }; - if (enrollChallenges[i]['appId'] != appId) { - // Only include the appId when it differs from the first appId. - registerRequest['appId'] = enrollChallenges[i]['appId']; - } - registerRequests.push(registerRequest); - } - var registeredKeys = []; - if (signRequests) { - for (i = 0; i < signRequests.length; i++) { - var key = { - 'keyHandle': signRequests[i]['keyHandle'], - 'version': signRequests[i]['version'] - }; - // Only include the appId when it differs from the appId that's - // being registered now. - if (signRequests[i]['appId'] != appId) { - key['appId'] = signRequests[i]['appId']; - } - registeredKeys.push(key); - } - } - var request = { - 'type': u2f.MessageTypes.U2F_REGISTER_REQUEST, - 'appId': appId, - 'registerRequests': registerRequests, - 'registeredKeys': registeredKeys, - 'requestId': reqId, - 'timeoutSeconds': timeoutSeconds - }; - var intentUrl = - u2f.WrappedAuthenticatorPort_.INTENT_URL_BASE_ + - ';S.request=' + encodeURIComponent(JSON.stringify(request)) + - ';end'; - /* TODO(fixme): stash away requestId, this is is not necessary for - * register requests, but here to keep parity with sign. - */ - this.requestId_ = reqId; - return intentUrl; - }; - - -/** - * Sets up an embedded trampoline iframe, sourced from the extension. - * @param {function(MessagePort)} callback - * @private - */ -u2f.getIframePort_ = function(callback) { - // Create the iframe - var iframeOrigin = 'chrome-extension://' + u2f.EXTENSION_ID; - var iframe = document.createElement('iframe'); - iframe.src = iframeOrigin + '/u2f-comms.html'; - iframe.setAttribute('style', 'display:none'); - document.body.appendChild(iframe); - - var channel = new MessageChannel(); - var ready = function(message) { - if (message.data == 'ready') { - channel.port1.removeEventListener('message', ready); - callback(channel.port1); - } else { - console.error('First event on iframe port was not "ready"'); - } - }; - channel.port1.addEventListener('message', ready); - channel.port1.start(); - - iframe.addEventListener('load', function() { - // Deliver the port to the iframe and initialize - iframe.contentWindow.postMessage('init', iframeOrigin, [channel.port2]); - }); -}; - - -// High-level JS API - -/** - * Default extension response timeout in seconds. - * @const - */ -u2f.EXTENSION_TIMEOUT_SEC = 30; - -/** - * A singleton instance for a MessagePort to the extension. - * @type {MessagePort|u2f.WrappedChromeRuntimePort_} - * @private - */ -u2f.port_ = null; - -/** - * Callbacks waiting for a port - * @type {Array} - * @private - */ -u2f.waitingForPort_ = []; - -/** - * A counter for requestIds. - * @type {number} - * @private - */ -u2f.reqCounter_ = 0; - -/** - * A map from requestIds to client callbacks - * @type {Object.} - * @private - */ -u2f.callbackMap_ = {}; - -/** - * Creates or retrieves the MessagePort singleton to use. - * @param {function((MessagePort|u2f.WrappedChromeRuntimePort_))} callback - * @private - */ -u2f.getPortSingleton_ = function(callback) { - if (u2f.port_) { - callback(u2f.port_); - } else { - if (u2f.waitingForPort_.length == 0) { - u2f.getMessagePort(function(port) { - u2f.port_ = port; - u2f.port_.addEventListener('message', - /** @type {function(Event)} */ (u2f.responseHandler_)); - - // Careful, here be async callbacks. Maybe. - while (u2f.waitingForPort_.length) - u2f.waitingForPort_.shift()(u2f.port_); - }); - } - u2f.waitingForPort_.push(callback); - } -}; - -/** - * Handles response messages from the extension. - * @param {MessageEvent.} message - * @private - */ -u2f.responseHandler_ = function(message) { - var response = message.data; - var reqId = response['requestId']; - if (!reqId || !u2f.callbackMap_[reqId]) { - console.error('Unknown or missing requestId in response.'); - return; - } - var cb = u2f.callbackMap_[reqId]; - delete u2f.callbackMap_[reqId]; - cb(response['responseData']); -}; - -/** - * Dispatches an array of sign requests to available U2F tokens. - * @param {Array} signRequests - * @param {function((u2f.Error|u2f.SignResponse))} callback - * @param {number=} opt_timeoutSeconds - */ -u2f.sign = function(signRequests, callback, opt_timeoutSeconds) { - u2f.getPortSingleton_(function(port) { - var reqId = ++u2f.reqCounter_; - u2f.callbackMap_[reqId] = callback; - var timeoutSeconds = (typeof opt_timeoutSeconds !== 'undefined' ? - opt_timeoutSeconds : u2f.EXTENSION_TIMEOUT_SEC); - var req = port.formatSignRequest_(signRequests, timeoutSeconds, reqId); - port.postMessage(req); - }); -}; - -/** - * Dispatches register requests to available U2F tokens. An array of sign - * requests identifies already registered tokens. - * @param {Array} registerRequests - * @param {Array} signRequests - * @param {function((u2f.Error|u2f.RegisterResponse))} callback - * @param {number=} opt_timeoutSeconds - */ -u2f.register = function(registerRequests, signRequests, - callback, opt_timeoutSeconds) { - u2f.getPortSingleton_(function(port) { - var reqId = ++u2f.reqCounter_; - u2f.callbackMap_[reqId] = callback; - var timeoutSeconds = (typeof opt_timeoutSeconds !== 'undefined' ? - opt_timeoutSeconds : u2f.EXTENSION_TIMEOUT_SEC); - var req = port.formatRegisterRequest_( - signRequests, registerRequests, timeoutSeconds, reqId); - port.postMessage(req); - }); -}; \ No newline at end of file diff --git a/data/web/inc/lib/vendor/yubico/u2flib-server/examples/cli/u2f-server.phps b/data/web/inc/lib/vendor/yubico/u2flib-server/examples/cli/u2f-server.phps deleted file mode 100755 index 8acb66a4da..0000000000 --- a/data/web/inc/lib/vendor/yubico/u2flib-server/examples/cli/u2f-server.phps +++ /dev/null @@ -1,83 +0,0 @@ -#!/usr/bin/php -getRegisterData(); -} elseif($mode === "authenticate") { - $challenge = $u2f->getAuthenticateData($regs); -} - -print json_encode($challenge[0]) . "\n"; -$response = fgets(STDIN); - -if($mode === "register") { - $result = $u2f->doRegister($challenge[0], json_decode($response)); -} elseif($mode === "authenticate") { - $result = $u2f->doAuthenticate($challenge, $regs, json_decode($response)); -} - -print json_encode($result) . "\n"; - -?> diff --git a/data/web/inc/lib/vendor/yubico/u2flib-server/examples/localstorage/index.phps b/data/web/inc/lib/vendor/yubico/u2flib-server/examples/localstorage/index.phps deleted file mode 100644 index d840dd36a1..0000000000 --- a/data/web/inc/lib/vendor/yubico/u2flib-server/examples/localstorage/index.phps +++ /dev/null @@ -1,186 +0,0 @@ - - - - PHP U2F Demo - - - - - - - -
- - - - - - -
- -

- 0 Authenticators currently registered. -

- - - - diff --git a/data/web/inc/lib/vendor/yubico/u2flib-server/examples/pdo/index.phps b/data/web/inc/lib/vendor/yubico/u2flib-server/examples/pdo/index.phps deleted file mode 100644 index c04d63e247..0000000000 --- a/data/web/inc/lib/vendor/yubico/u2flib-server/examples/pdo/index.phps +++ /dev/null @@ -1,204 +0,0 @@ -setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); -$pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_OBJ); - -$pdo->exec("create table if not exists users (id integer primary key, name varchar(255))"); -$pdo->exec("create table if not exists registrations (id integer primary key, user_id integer, keyHandle varchar(255), publicKey varchar(255), certificate text, counter integer)"); - -$scheme = isset($_SERVER['HTTPS']) ? "https://" : "http://"; -$u2f = new u2flib_server\U2F($scheme . $_SERVER['HTTP_HOST']); - -session_start(); - -function createAndGetUser($name) { - global $pdo; - $sel = $pdo->prepare("select * from users where name = ?"); - $sel->execute(array($name)); - $user = $sel->fetch(); - if(!$user) { - $ins = $pdo->prepare("insert into users (name) values(?)"); - $ins->execute(array($name)); - $sel->execute(array($name)); - $user = $sel->fetch(); - } - return $user; -} - -function getRegs($user_id) { - global $pdo; - $sel = $pdo->prepare("select * from registrations where user_id = ?"); - $sel->execute(array($user_id)); - return $sel->fetchAll(); -} - -function addReg($user_id, $reg) { - global $pdo; - $ins = $pdo->prepare("insert into registrations (user_id, keyHandle, publicKey, certificate, counter) values (?, ?, ?, ?, ?)"); - $ins->execute(array($user_id, $reg->keyHandle, $reg->publicKey, $reg->certificate, $reg->counter)); -} - -function updateReg($reg) { - global $pdo; - $upd = $pdo->prepare("update registrations set counter = ? where id = ?"); - $upd->execute(array($reg->counter, $reg->id)); -} - -?> - - - - PHP U2F example - - - - - - - -
- username:
- register:
- authenticate:
- - - -
- - - diff --git a/data/web/inc/lib/vendor/yubico/u2flib-server/phpunit.xml b/data/web/inc/lib/vendor/yubico/u2flib-server/phpunit.xml deleted file mode 100644 index fa6f08e836..0000000000 --- a/data/web/inc/lib/vendor/yubico/u2flib-server/phpunit.xml +++ /dev/null @@ -1,9 +0,0 @@ - - - tests - - - - - diff --git a/data/web/inc/lib/vendor/yubico/u2flib-server/psalm.xml b/data/web/inc/lib/vendor/yubico/u2flib-server/psalm.xml deleted file mode 100644 index 6b6234cfbd..0000000000 --- a/data/web/inc/lib/vendor/yubico/u2flib-server/psalm.xml +++ /dev/null @@ -1,48 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/data/web/inc/lib/vendor/yubico/u2flib-server/src/u2flib_server/U2F.php b/data/web/inc/lib/vendor/yubico/u2flib-server/src/u2flib_server/U2F.php deleted file mode 100644 index 8583fff2ea..0000000000 --- a/data/web/inc/lib/vendor/yubico/u2flib-server/src/u2flib_server/U2F.php +++ /dev/null @@ -1,563 +0,0 @@ -appId = $appId; - $this->attestDir = $attestDir; - } - - /** - * Called to get a registration request to send to a user. - * Returns an array of one registration request and a array of sign requests. - * - * @param array $registrations List of current registrations for this - * user, to prevent the user from registering the same authenticator several - * times. - * @return array An array of two elements, the first containing a - * RegisterRequest the second being an array of SignRequest - * @throws Error - */ - public function getRegisterData(array $registrations = array()) - { - $challenge = $this->createChallenge(); - $request = new RegisterRequest($challenge, $this->appId); - $signs = $this->getAuthenticateData($registrations); - return array($request, $signs); - } - - /** - * Called to verify and unpack a registration message. - * - * @param RegisterRequest $request this is a reply to - * @param object $response response from a user - * @param bool $includeCert set to true if the attestation certificate should be - * included in the returned Registration object - * @return Registration - * @throws Error - */ - public function doRegister($request, $response, $includeCert = true) - { - if( !is_object( $request ) ) { - throw new \InvalidArgumentException('$request of doRegister() method only accepts object.'); - } - - if( !is_object( $response ) ) { - throw new \InvalidArgumentException('$response of doRegister() method only accepts object.'); - } - - if( property_exists( $response, 'errorCode') && $response->errorCode !== 0 ) { - throw new Error('User-agent returned error. Error code: ' . $response->errorCode, ERR_BAD_UA_RETURNING ); - } - - if( !is_bool( $includeCert ) ) { - throw new \InvalidArgumentException('$include_cert of doRegister() method only accepts boolean.'); - } - - $rawReg = $this->base64u_decode($response->registrationData); - $regData = array_values(unpack('C*', $rawReg)); - $clientData = $this->base64u_decode($response->clientData); - $cli = json_decode($clientData); - - if($cli->challenge !== $request->challenge) { - throw new Error('Registration challenge does not match', ERR_UNMATCHED_CHALLENGE ); - } - - if(isset($cli->typ) && $cli->typ !== REQUEST_TYPE_REGISTER) { - throw new Error('ClientData type is invalid', ERR_BAD_TYPE); - } - - if(isset($cli->origin) && $cli->origin !== $request->appId) { - throw new Error('App ID does not match the origin', ERR_NO_MATCHING_ORIGIN); - } - - $registration = new Registration(); - $offs = 1; - $pubKey = substr($rawReg, $offs, PUBKEY_LEN); - $offs += PUBKEY_LEN; - // decode the pubKey to make sure it's good - $tmpKey = $this->pubkey_to_pem($pubKey); - if($tmpKey === null) { - throw new Error('Decoding of public key failed', ERR_PUBKEY_DECODE ); - } - $registration->publicKey = base64_encode($pubKey); - $khLen = $regData[$offs++]; - $kh = substr($rawReg, $offs, $khLen); - $offs += $khLen; - $registration->keyHandle = $this->base64u_encode($kh); - - // length of certificate is stored in byte 3 and 4 (excluding the first 4 bytes) - $certLen = 4; - $certLen += ($regData[$offs + 2] << 8); - $certLen += $regData[$offs + 3]; - - $rawCert = $this->fixSignatureUnusedBits(substr($rawReg, $offs, $certLen)); - $offs += $certLen; - $pemCert = "-----BEGIN CERTIFICATE-----\r\n"; - $pemCert .= chunk_split(base64_encode($rawCert), 64); - $pemCert .= "-----END CERTIFICATE-----"; - if($includeCert) { - $registration->certificate = base64_encode($rawCert); - } - if($this->attestDir) { - if(openssl_x509_checkpurpose($pemCert, -1, $this->get_certs()) !== true) { - throw new Error('Attestation certificate can not be validated', ERR_ATTESTATION_VERIFICATION ); - } - } - - if(!openssl_pkey_get_public($pemCert)) { - throw new Error('Decoding of public key failed', ERR_PUBKEY_DECODE ); - } - $signature = substr($rawReg, $offs); - - $dataToVerify = pack('C', 0); - $dataToVerify .= hash('sha256', $request->appId, true); - $dataToVerify .= hash('sha256', $clientData, true); - $dataToVerify .= $kh; - $dataToVerify .= $pubKey; - - if(openssl_verify($dataToVerify, $signature, $pemCert, 'sha256') === 1) { - return $registration; - } else { - throw new Error('Attestation signature does not match', ERR_ATTESTATION_SIGNATURE ); - } - } - - /** - * Called to get an authentication request. - * - * @param array $registrations An array of the registrations to create authentication requests for. - * @return array An array of SignRequest - * @throws Error - */ - public function getAuthenticateData(array $registrations) - { - $sigs = array(); - $challenge = $this->createChallenge(); - foreach ($registrations as $reg) { - if( !is_object( $reg ) ) { - throw new \InvalidArgumentException('$registrations of getAuthenticateData() method only accepts array of object.'); - } - /** @var Registration $reg */ - - $sig = new SignRequest(); - $sig->appId = $this->appId; - $sig->keyHandle = $reg->keyHandle; - $sig->challenge = $challenge; - $sigs[] = $sig; - } - return $sigs; - } - - /** - * Called to verify an authentication response - * - * @param array $requests An array of outstanding authentication requests - * @param array $registrations An array of current registrations - * @param object $response A response from the authenticator - * @return Registration - * @throws Error - * - * The Registration object returned on success contains an updated counter - * that should be saved for future authentications. - * If the Error returned is ERR_COUNTER_TOO_LOW this is an indication of - * token cloning or similar and appropriate action should be taken. - */ - public function doAuthenticate(array $requests, array $registrations, $response) - { - if( !is_object( $response ) ) { - throw new \InvalidArgumentException('$response of doAuthenticate() method only accepts object.'); - } - - if( property_exists( $response, 'errorCode') && $response->errorCode !== 0 ) { - throw new Error('User-agent returned error. Error code: ' . $response->errorCode, ERR_BAD_UA_RETURNING ); - } - - /** @var object|null $req */ - $req = null; - - /** @var object|null $reg */ - $reg = null; - - $clientData = $this->base64u_decode($response->clientData); - $decodedClient = json_decode($clientData); - - if(isset($decodedClient->typ) && $decodedClient->typ !== REQUEST_TYPE_AUTHENTICATE) { - throw new Error('ClientData type is invalid', ERR_BAD_TYPE); - } - - foreach ($requests as $req) { - if( !is_object( $req ) ) { - throw new \InvalidArgumentException('$requests of doAuthenticate() method only accepts array of object.'); - } - - if($req->keyHandle === $response->keyHandle && $req->challenge === $decodedClient->challenge) { - break; - } - - $req = null; - } - if($req === null) { - throw new Error('No matching request found', ERR_NO_MATCHING_REQUEST ); - } - if(isset($decodedClient->origin) && $decodedClient->origin !== $req->appId) { - throw new Error('App ID does not match the origin', ERR_NO_MATCHING_ORIGIN); - } - foreach ($registrations as $reg) { - if( !is_object( $reg ) ) { - throw new \InvalidArgumentException('$registrations of doAuthenticate() method only accepts array of object.'); - } - - if($reg->keyHandle === $response->keyHandle) { - break; - } - $reg = null; - } - if($reg === null) { - throw new Error('No matching registration found', ERR_NO_MATCHING_REGISTRATION ); - } - $pemKey = $this->pubkey_to_pem($this->base64u_decode($reg->publicKey)); - if($pemKey === null) { - throw new Error('Decoding of public key failed', ERR_PUBKEY_DECODE ); - } - - $signData = $this->base64u_decode($response->signatureData); - $dataToVerify = hash('sha256', $req->appId, true); - $dataToVerify .= substr($signData, 0, 5); - $dataToVerify .= hash('sha256', $clientData, true); - $signature = substr($signData, 5); - - if(openssl_verify($dataToVerify, $signature, $pemKey, 'sha256') === 1) { - $upb = unpack("Cupb", substr($signData, 0, 1)); - if($upb['upb'] !== 1) { - throw new Error('User presence byte value is invalid', ERR_BAD_USER_PRESENCE ); - } - $ctr = unpack("Nctr", substr($signData, 1, 4)); - $counter = $ctr['ctr']; - /* TODO: wrap-around should be handled somehow.. */ - if($counter > $reg->counter) { - $reg->counter = $counter; - return self::castObjectToRegistration($reg); - } else { - throw new Error('Counter too low.', ERR_COUNTER_TOO_LOW ); - } - } else { - throw new Error('Authentication failed', ERR_AUTHENTICATION_FAILURE ); - } - } - - /** - * @param object $object - * @return Registration - */ - protected static function castObjectToRegistration($object) - { - $reg = new Registration(); - if (property_exists($object, 'publicKey')) { - $reg->publicKey = $object->publicKey; - } - if (property_exists($object, 'certificate')) { - $reg->certificate = $object->certificate; - } - if (property_exists($object, 'counter')) { - $reg->counter = $object->counter; - } - if (property_exists($object, 'keyHandle')) { - $reg->keyHandle = $object->keyHandle; - } - return $reg; - } - - /** - * @return array - */ - private function get_certs() - { - $files = array(); - $dir = $this->attestDir; - if($dir !== null && is_dir($dir) && $handle = opendir($dir)) { - while(false !== ($entry = readdir($handle))) { - if(is_file("$dir/$entry")) { - $files[] = "$dir/$entry"; - } - } - closedir($handle); - } elseif (is_file("$dir")) { - $files[] = "$dir"; - } - return $files; - } - - /** - * @param string $data - * @return string - */ - private function base64u_encode($data) - { - return trim(strtr(base64_encode($data), '+/', '-_'), '='); - } - - /** - * @param string $data - * @return string - */ - private function base64u_decode($data) - { - return base64_decode(strtr($data, '-_', '+/')); - } - - /** - * @param string $key - * @return null|string - */ - private function pubkey_to_pem($key) - { - if(strlen($key) !== PUBKEY_LEN || $key[0] !== "\x04") { - return null; - } - - /* - * Convert the public key to binary DER format first - * Using the ECC SubjectPublicKeyInfo OIDs from RFC 5480 - * - * SEQUENCE(2 elem) 30 59 - * SEQUENCE(2 elem) 30 13 - * OID1.2.840.10045.2.1 (id-ecPublicKey) 06 07 2a 86 48 ce 3d 02 01 - * OID1.2.840.10045.3.1.7 (secp256r1) 06 08 2a 86 48 ce 3d 03 01 07 - * BIT STRING(520 bit) 03 42 ..key.. - */ - $der = "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01"; - $der .= "\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42"; - $der .= "\0".$key; - - $pem = "-----BEGIN PUBLIC KEY-----\r\n"; - $pem .= chunk_split(base64_encode($der), 64); - $pem .= "-----END PUBLIC KEY-----"; - - return $pem; - } - - /** - * @return string - * @throws Error - */ - private function createChallenge() - { - $challenge = random_bytes(32); - $challenge = $this->base64u_encode( $challenge ); - - return $challenge; - } - - /** - * Fixes a certificate where the signature contains unused bits. - * - * @param string $cert - * @return mixed - */ - private function fixSignatureUnusedBits($cert) - { - if(in_array(hash('sha256', $cert), $this->FIXCERTS, true)) { - $cert[strlen($cert) - 257] = "\0"; - } - return $cert; - } -} - -/** - * Class for building a registration request - * - * @package u2flib_server - */ -class RegisterRequest -{ - /** @var string Protocol version */ - public $version = U2F_VERSION; - - /** @var string Registration challenge */ - public $challenge; - - /** @var string Application id */ - public $appId; - - /** - * @param string $challenge - * @param string $appId - * @internal - */ - public function __construct($challenge, $appId) - { - $this->challenge = $challenge; - $this->appId = $appId; - } -} - -/** - * Class for building up an authentication request - * - * @package u2flib_server - */ -class SignRequest -{ - /** @var string Protocol version */ - public $version = U2F_VERSION; - - /** @var string Authentication challenge */ - public $challenge = ''; - - /** @var string Key handle of a registered authenticator */ - public $keyHandle = ''; - - /** @var string Application id */ - public $appId = ''; -} - -/** - * Class returned for successful registrations - * - * @package u2flib_server - */ -class Registration -{ - /** @var string The key handle of the registered authenticator */ - public $keyHandle = ''; - - /** @var string The public key of the registered authenticator */ - public $publicKey = ''; - - /** @var string The attestation certificate of the registered authenticator */ - public $certificate = ''; - - /** @var int The counter associated with this registration */ - public $counter = -1; -} - -/** - * Error class, returned on errors - * - * @package u2flib_server - */ -class Error extends \Exception -{ - /** - * Override constructor and make message and code mandatory - * @param string $message - * @param int $code - * @param \Exception|null $previous - */ - public function __construct($message, $code, \Exception $previous = null) { - parent::__construct($message, $code, $previous); - } -}