3 * FIDO U2F Support Module
6 * @link http://www.open-emr.org
7 * @author Rod Roark <rod@sunsetsystems.com>
8 * @copyright Copyright (c) 2018 Rod Roark <rod@sunsetsystems.com>
9 * @license https://github.com/openemr/openemr/blob/master/LICENSE CNU General Public License 3
12 require_once('../globals.php');
14 use OpenEMR\Core\Header
;
16 // https is required, and with a proxy the server might not see it.
17 $scheme = "https://"; // isset($_SERVER['HTTPS']) ? "https://" : "http://";
18 $appId = $scheme . $_SERVER['HTTP_HOST'];
19 $u2f = new u2flib_server\
U2F($appId);
21 $userid = $_SESSION['authId'];
22 $action = $_REQUEST['action'];
26 <?php Header
::setupHeader(); ?
>
27 <title
><?php
echo xlt('U2F Registration'); ?
></title
>
28 <script src
="<?php echo $GLOBALS['webroot'] ?>/library/js/u2f-api.js"></script
>
31 function doregister() {
32 var f
= document
.forms
[0];
33 if (f
.form_name
.value
.trim() == '') {
34 alert('<?php echo xls("Please enter a name for this key."); ?>');
37 var request
= JSON
.parse(f
.form_request
.value
);
39 '<?php echo addslashes($appId); ?>',
43 if(data
.errorCode
&& data
.errorCode
!= 0) {
44 alert('<?php echo xls("Registration failed with error"); ?> ' + data
.errorCode
);
47 f
.form_registration
.value
= JSON
.stringify(data
);
48 f
.action
.value
= 'reg2';
57 window
.location
.href
= 'mfa_registrations.php';
62 <body
class="body_top">
63 <form method
='post' action
='mfa_u2f.php' onsubmit
='return top.restoreSession()'>
64 <input type
="hidden" name
="csrf_token_form" value
="<?php echo attr(collectCsrfToken()); ?>" />
68 ///////////////////////////////////////////////////////////////////////
70 if ($action == 'reg1') {
71 list ($request, $signs) = $u2f->getRegisterData();
73 <div
class="container">
75 <div
class="col-xs-12">
76 <div
class="page-header">
77 <h3
><?php
echo xlt('Register U2F Key'); ?
></h3
>
82 <div
class="col-xs-12">
84 <?php
echo xlt('This will register a new U2F USB key.'); ?
>
85 <?php
echo xlt('Type a name for your key, insert it into a USB port and click the Register button below.'); ?
>
86 <?php
echo xlt('Then press the flashing button on your key within 1 minute to complete registration.'); ?
>
89 <?php
echo xlt('Please give this key a name'); ?
>:
90 <input type
='text' name
='form_name' value
='' size
='16' /> 
;</td
>
91 <td
><input type
='button' value
='<?php echo xla('Register
'); ?>' onclick
='doregister()' />
92 <input type
='button' value
='<?php echo xla('Cancel
'); ?>' onclick
='docancel()' />
93 <input type
='hidden' name
='form_request' value
='<?php echo attr(json_encode($request)); ?>' />
94 <input type
='hidden' name
='form_signs' value
='<?php echo attr(json_encode($signs)); ?>' />
95 <input type
='hidden' name
='form_registration' value
='' />
99 <?php
echo xlt('A secure (HTTPS) web connection is required for U2F. Firefox and Chrome are known to work.'); ?
>
102 <?php
echo xlt('For U2F support on Linux see'); ?
>:
103 <a href
='https://www.key-id.com/enable-fido-u2f-linux/' target
='_blank'>
104 https
://www.key-id.com/enable-fido-u2f-linux/</a>
107 <?php
echo xlt('For Firefox see'); ?
>:
108 <a href
='https://www.trishtech.com/2018/07/enable-fido-u2f-security-key-yubikey-in-mozilla-firefox/' target
='_blank'>
109 https
://www.trishtech.com/2018/07/enable-fido-u2f-security-key-yubikey-in-mozilla-firefox/</a>
115 } else if ($action == 'reg2') {
116 if (!verifyCsrfToken($_POST["csrf_token_form"])) {
120 $data = $u2f->doRegister(json_decode($_POST['form_request']), json_decode($_POST['form_registration']));
121 } catch (u2flib_server\Error
$e) {
122 die(xlt('Registration error') . ': ' . text($e->getMessage()));
126 "SELECT COUNT(*) AS count FROM login_mfa_registrations WHERE " .
127 "`user_id` = ? AND `name` = ?",
128 array($userid, $_POST['form_name'])
130 if (empty($row['count'])) {
132 "INSERT INTO login_mfa_registrations " .
133 "(`user_id`, `method`, `name`, `var1`, `var2`) VALUES " .
134 "(?, 'U2F', ?, ?, ?)",
135 array($userid, $_POST['form_name'], json_encode($data), '')
138 echo " alert('" . xls('This key name is already in use by you. Try again.') . "');\n";
140 echo " window.location.href = 'mfa_registrations.php';\n";
144 ///////////////////////////////////////////////////////////////////////
148 <input type
='hidden' name
='action' value
='' />