trianglman / sqrl Goto Github PK

How come the configuration MSUT be loaded from a file?! It's quite inconvenient when I already have the configuration in an array and need to integrate it into my framework...

I know you can manually call all the setter methods but the the code is not completely DRY... Seems logical to have an intermediate method that accepts an array...

Shouldn`t there be a composer.json file in the examples folder?
I am thinking that composer.json would mention this library (and possibly others) as dependency.

I'm getting some notes together, but this is currently what I'm doing to get a URL up. I'm struggling a little to get the actual authentication to work, but anyway...

$config = new \Trianglman\Sqrl\SqrlConfiguration();
$config->setAuthenticationPath('/authenticate');
$config->setAnonAllowed(true);
$config->setDomain('sqrl.lan');
$config->setSecure(false);
$config->setNonceTable('sqrl_nonce');
$config->setNonceRelationshipTable('sqrl_nonce_relationship');
$config->setPubKeyTable('sqrl_pubkey');

$storage = new \Trianglman\Sqrl\SqrlStore($config);
$storage->setDatabaseConnection($db);
$generator = new \Trianglman\Sqrl\SqrlGenerate($config, $storage);

if ($_SERVER['REDIRECT_URL'] === '/login') {
    $link = $generator->getUrl();
    $file = basename(tempnam(__DIR__, ""));
    $image = $generator->render(__DIR__ . '/' . $file);
    $data_image = "data:image/png;base64," . base64_encode(file_get_contents(__DIR__ . '/' . $file));
    unlink(__DIR__ . '/' . $file);
    echo "<html><body><div><a href='$link'><img src='$data_image'></a></div><div><a href='/authenticate'>Click here to check login status</a></div></body></html>";
} elseif ($_SERVER['REDIRECT_URL'] === '/authenticate') {
    $validator = new \Trianglman\Sqrl\SqrlValidate($config, new \Trianglman\Sqrl\Ed25519NonceValidator(), $storage);
    $requestResponse = new \Trianglman\Sqrl\SqrlRequestHandler($config, $validator, $storage, $generator);
    $requestResponse->parseRequest($_GET, $_POST, $_SERVER);
    $requestResponse->sendResponse();
} elseif ($_SERVER['REDIRECT_URL'] === '/user' && isset($_SESSION['key'])) {
    error_log(json_encode(['server' => $_SERVER, 'get' => $_GET, 'post' => $_POST, 'session' => $_SESSION]));
} else {
    error_log(json_encode(['server' => $_SERVER, 'get' => $_GET, 'post' => $_POST, 'session' => $_SESSION]));
}

This is, obviously, a little more complex than your documents would suggest, but I am doing all my SQL in my own PDO instantiation.

Once the user uses their sqrl app to connect - I'm seeing that with a TCPDump and tailing my log files, but I can't see how to step from that to "accept the connection" (so the client app doesn't say "creating your account") nor can I validate that the nut is correct... any thoughts?

Hi,
The example code you have is broken in many places. How about I create a mini Slim3 based app that utilises your code to create a working example site?

That way you can concentrate on the core code. And I'll produce a fully documented web app using it. Thoughts?

Regards

Hey there,

What's the status on this package? Is this ready to go and up-to-date with the SQRL protocol? I know it must've been frustrating waiting for the past few years for Steve to really nail this down, but it seems to me like the end is truly in sight. I'm hoping to implement this for my site soon.

Steve says the following 2 pages are kept up-to-date for reference:
https://www.grc.com/sqrl/semantics.htm
https://www.grc.com/sqrl/protocol.htm

Thanks!

Hi, nice PHP port. For testing purposes, I wanted to generate a public key, but I'm not sure of how to generate it in a fashion that will be accepted by the server.

$pub = $Crypto->publickey("thang"); does not return the right formatting.

Thanks

I would suggest adding tags to this repository to improve visibility:

php sqrl security authentication-backend authentication sodium

where is this file? I searched everything, including using the find file command but that file is LITERALLY nowhere to find.

Still new to SQRL so I might be wrong. But from reading the code, this looks confusing.

    {
        $sql = "INSERT INTO sqrl_pubkey (public_key,vuk,suk) VALUES (?,?,?)";
        $stmt = $this->conn->prepare($sql);
        $stmt->execute(array($key,$suk,$vuk));
    }

In my work porting the python implementation of the ed25519 curve math into PHP, and especially in writing the unit tests for it, I have found that the one bottleneck of the code is the scalarmult function. I think this is mostly due to the depth of recursion that is required.

Here is my install way. But it not work. Please tell me how to install.
1.I install Composer-Setup.exe in Windows 7
2.Create composer.json
{
"require": {
"trianglman/sqrl": "dev-master"
}
}
in C:\ProgramData\ComposerSetup\bin
3.Run Composer and it create vendor
4.Copy C:\ProgramData\ComposerSetup\bin\vendor\trianglman\sqrl\examples\server to htdocs
5.Browse http://localhost/server/web/ but show nothing
And I found php54_errors.log in htdocs\server\web
It show
[09-Dec-2014 15:20:35 Asia/Taipei] PHP Warning: require_once(D:\TWAMPd\htdocs\server\web/../vendor/autoload.php): failed to open stream: No such file or directory in D:\TWAMPd\htdocs\server\web\index.php on line 27

[09-Dec-2014 15:20:35 Asia/Taipei] PHP Fatal error: require_once(): Failed opening required 'D:\TWAMPd\htdocs\server\web/../vendor/autoload.php' (include_path='.;D:\TWAMPd\ap\PEAR\pear;') in D:\TWAMPd\htdocs\server\web\index.php on line 27

Can I suggest since this is a new codebase to adopt PSR-1 and PSR-2 coding standards?

I've run 'composer update' and successfully have the vendor folder. I also have a working route/controller/view that simply shows "Hello, SQRL User!" ... however, when I try to include the vendor/autoload.php, I get this error:

Object of class Composer\Autoload\ClassLoader could not be converted to string

Do you have any idea what my issue might be? Here is the view (template):

@layout('layouts.default')
@section('content')

{{ require_once path('base').'vendor/autoload.php'; }}

{{ $generator = new \Trianglman\Sqrl\SqrlGenerate(); }}

Hello, SQRL User!

@endsection

Thanks in advance, and thank you for this sqrl implementation!

Installing libsodium requires shell access to server. This will severely limit projects that can use the library. A more interesting solution would be to implement ECC25519 in pure PHP.

Hello Sir,

I am trying to implement SQRL on Ubuntu Server, but when I try to open your example webpage nothing loads. Can you please let me know under which directory each file and directory should be located?

Thank you in advance!

Hi John,

Tim Nolte referred me to this project on Thu, 10 Oct 2013 and I see you followed-up with the link on Thu, 10 Oct 2013.

From my understanding via Google and a couple of Drupal.org threads regards licensing - MIT Licensed code is able to be included as a library and packaged up as GPL3 Licensed (GPL License being a requirement of any project hosted on Drupal.org) release.

This issue is just to confirm your reading of the above and ensure inclusion of your work as a library for the work I am doing is consistent with an intended re-use by others you anticipated in advance and give your blessing to.

Look forward to your advice.

Julian Smith,
Web Deli™