3 * FIDO U2F Support Module
6 * @link http://www.open-emr.org
7 * @author Rod Roark <rod@sunsetsystems.com>
8 * @author Brady Miller <brady.g.miller@gmail.com>
9 * @copyright Copyright (c) 2018 Rod Roark <rod@sunsetsystems.com>
10 * @copyright Copyright (c) 2018 Brady Miller <brady.g.miller@gmail.com>
11 * @license https://github.com/openemr/openemr/blob/master/LICENSE CNU General Public License 3
15 require_once('../globals.php');
16 require_once("$srcdir/options.inc.php");
18 use OpenEMR\Core\Header
;
19 use OpenEMR\OeUI\OemrUI
;
21 // https is required, and with a proxy the server might not see it.
22 $scheme = "https://"; // isset($_SERVER['HTTPS']) ? "https://" : "http://";
23 $appId = $scheme . $_SERVER['HTTP_HOST'];
24 $u2f = new u2flib_server\
U2F($appId);
26 $userid = $_SESSION['authId'];
27 $action = $_REQUEST['action'];
28 $user_name = getUserIDInfo($userid);
29 $user_full_name = $user_name['fname'] . " " . $user_name['lname'];
33 <?php Header
::setupHeader(); ?
>
34 <title
><?php
echo xlt('U2F Registration'); ?
></title
>
35 <script src
="<?php echo $GLOBALS['webroot'] ?>/library/js/u2f-api.js"></script
>
38 function doregister() {
39 var f
= document
.forms
[0];
40 if (f
.form_name
.value
.trim() == '') {
41 alert(<?php
echo xlj("Please enter a name for this key."); ?
>);
44 var request
= JSON
.parse(f
.form_request
.value
);
46 <?php
echo js_escape($appId); ?
>,
50 if(data
.errorCode
&& data
.errorCode
!= 0) {
51 alert(<?php
echo xlj("Registration failed with error"); ?
> +
' ' + data
.errorCode
);
54 f
.form_registration
.value
= JSON
.stringify(data
);
55 f
.action
.value
= 'reg2';
64 window
.location
.href
= 'mfa_registrations.php';
69 $arrOeUiSettings = array(
70 'heading_title' => xl('Register Universal 2nd Factor Key') . " - " . xl('U2F'),
71 'include_patient_name' => false,
72 'expandable' => false,
73 'expandable_files' => array(),//all file names need suffix _xpd
74 'action' => "",//conceal, reveal, search, reset, link or back
76 'action_href' => "",//only for actions - reset, link or back
77 'show_help_icon' => false,
78 'help_file_name' => ""
80 $oemr_ui = new OemrUI($arrOeUiSettings);
83 <body
class="body_top">
84 <div id
="container_div" class="<?php echo $oemr_ui->oeContainer();?>">
86 <div
class="col-sm-12">
87 <div
class="page-header">
88 <?php
echo $oemr_ui->pageHeading() . "\r\n"; ?
>
92 <form method
='post' action
='mfa_u2f.php' onsubmit
='return top.restoreSession()'>
93 <input type
="hidden" name
="csrf_token_form" value
="<?php echo attr(collectCsrfToken()); ?>" />
97 ///////////////////////////////////////////////////////////////////////
99 if ($action == 'reg1') {
100 list ($request, $signs) = $u2f->getRegisterData();
103 <div
class="col-sm-12">
105 <legend
><?php
echo xlt('Register U2F Key for') . " " . $user_full_name; ?
></legend
>
106 <div
class='col-sm-12'>
107 <p
><?php
echo xlt("Instructions");?
>:
109 <li
><?php
echo xlt('This will register a new U2F USB key'); ?
></li
>
110 <li
><?php
echo xlt('Type a name for your key, insert it into a USB port and click the Register button below'); ?
></li
>
111 <li
><?php
echo xlt('Then press the flashing button on your key within 1 minute to complete registration'); ?
></li
>
115 <div
class="form-group">
116 <label
for="form_name" class="col-sm-2 col-form-label"><?php
echo xlt('Please give this key a name'); ?
></label
>
117 <div
class="col-sm-4">
118 <input type
='text' class='form-control' name
='form_name' id
='form_name'>
119 <input type
='hidden' name
='form_request' value
='<?php echo attr(json_encode($request)); ?>'>
120 <input type
='hidden' name
='form_signs' value
='<?php echo attr(json_encode($signs)); ?>'>
121 <input type
='hidden' name
='form_registration' value
=''>
125 <div
class='col-sm-12'>
127 <li
><?php
echo xlt('A secure (HTTPS) web connection is required for U2F'); ?
></li
>
128 <li
><?php
echo xlt('Chrome browser version 41 and above, Mozilla Firefox browser version 64 and above, Microsoft Edge browser version 19 and above, Safari browser version 13 and above, Opera browser version 40 and Opera browser version 42 and above support FIDO U2F API'); ?
></li
>
129 <li
><?php
echo xlt('Internet Explorer browser version 6 to Internet Explorer browser version 11 does not support FIDO U2F API'); ?
></li
>
131 <li
><?php
echo xlt('For U2F support on Linux click'); ?
>: <a href
='https://www.key-id.com/enable-fido-u2f-linux/' rel
="noopener" target
='_blank'><?php
echo text('Enable FIDO U2F Linux'); ?
></a
></li
>
132 <li
><?php
echo xlt('For Firefox click'); ?
>: <a href
='https://www.trishtech.com/2018/07/enable-fido-u2f-security-key-yubikey-in-mozilla-firefox/' rel
="noopener" target
='_blank'><?php
echo text('Enable FIDO U2F Key in Firefox'); ?
></a
></li
>
136 <div
class="form-group clearfix">
137 <div
class="col-sm-12 text-left position-override">
138 <button type
="button" class="btn btn-default btn-save" value
='<?php echo xla('Register
'); ?>' onclick
='doregister()'><?php
echo xlt('Register'); ?
></button
>
139 <button type
="button" class="btn btn-link btn-cancel btn-separate-left" value
="<?php echo xla('Cancel'); ?>" onclick
="docancel()" ><?php
echo xlt('Cancel'); ?
></button
>
145 } elseif ($action == 'reg2') {
146 if (!verifyCsrfToken($_POST["csrf_token_form"])) {
150 $data = $u2f->doRegister(json_decode($_POST['form_request']), json_decode($_POST['form_registration']));
151 } catch (u2flib_server\Error
$e) {
152 die(xlt('Registration error') . ': ' . text($e->getMessage()));
156 "SELECT COUNT(*) AS count FROM login_mfa_registrations WHERE " .
157 "`user_id` = ? AND `name` = ?",
158 array($userid, $_POST['form_name'])
160 if (empty($row['count'])) {
162 "INSERT INTO login_mfa_registrations " .
163 "(`user_id`, `method`, `name`, `var1`, `var2`) VALUES " .
164 "(?, 'U2F', ?, ?, ?)",
165 array($userid, $_POST['form_name'], json_encode($data), '')
168 echo " alert(" . xlj('This key name is already in use by you. Try again.') . ");\n";
170 echo " window.location.href = 'mfa_registrations.php';\n";
174 ///////////////////////////////////////////////////////////////////////
178 <input type
='hidden' name
='action' value
='' />
180 </div
><!--end of container div
-->
181 <?php
$oemr_ui->oeBelowContainerDiv();?
>