FORGEBOX Enterprise 🚀 - Take your ColdFusion (CFML) Development to Modern Times! Learn More...

cbYubikey

cbYubikey

YubiKey Web Services API Client

Implements the YubiCo OTP Validation Protocol as outlined at https://developers.yubico.com/yubikey-val/Validation_Protocol_V2.0.html

Sends a One Time Password (OTP) via HTTP get to the YubiCo API server and returns a struct based on the response. For OTP see https://developers.yubico.com/OTP/OTPs_Explained.html

A Coldbox module or stand alone cfc of a client orginially written by Robert Dudley. See as well http://yubikey.riaforge.org/

For an introduction check the presenation Rob held on CFCamp 2018 https://www.slideshare.net/robcwdudley/secure-all-teh-things-add-2-factor-authentication-to-your-own-projects

Installation

This ColdBox Module can be installed using CommandBox:

box install cbYubikey

Use as a Coldfusion component

To do a quick test call from your browser: http://yourServer/cbYubikey/views/home/index.cfm

yubicoObj = createObject("Component","cbYubiKey.models.yubicoAuthClient").init();
	
// verify the OTP = One Time Password generated by YubiKey
// returns a response object
yr = yubicoObj.verify(form.yubiKeyOTP);

if( yr.isValid() ) {
	// match with public id attached to your user
	var matchWith = yr.getPublicId();
   // do something
} else {
	writeDump( yr.getStatusMessage() );
}

ColdBox Module

To do a quick test call from your browser: http://yourServer/cbYubikey

/**
* A normal ColdBox Event Handler
*/
component{
	property name="yubiclient" inject="[email protected]";
	
	function index(event,rc,prc){
			
		// verify the OTP = One Time Password generated by YubiKey
		// returns a response object
		var yr = yubiclient.verify(rc.yubiKeyOTP);
		
		if( yr.isValid() ) {
			// match with public id attached to your user
			var matchWith = yr.getPublicId();		
		// do something
		} else {
			writeDump( yr.getStatusMessage() );
		}
	}
}

Versions

  • 0.4.0
  • fix: before comparing response and request clear YubicoResponse object
  • 0.3.0
    • added getPublicId() to YubicoResponse object, returns 12 char public id if validation before was successful
  • 0.2.0
    • renamed to authenticate() to verify()
    • verify() returns now an YubicoResponse object
    • updated to Validation Protocol Version 2.0
    • nonce is now required (will be auto generated)
  • 0.1.0
    • super quick rewrite as a coldbox module of a client orginially written by Robert Dudley

Here are all the versions for this package. Please note that you can leverage CommandBox package versioning to install any package you like. Please refer to our managing package version guide for more information.

Version Created Last Update Published By Stable Download
0.4.0 Nov 10 2018 02:24 AM Nov 10 2018 02:24 AM Akitogo Team (Akitogo)
0.3.0 Nov 10 2018 01:31 AM Nov 10 2018 01:31 AM Akitogo Team (Akitogo)
0.2.0 Nov 09 2018 04:20 PM Nov 09 2018 04:20 PM Akitogo Team (Akitogo)
0.1.0 Nov 08 2018 05:43 PM Nov 08 2018 05:43 PM Akitogo Team (Akitogo)

 

No collaborators yet.
 
  • Nov 08 2018 05:43 PM
  • Nov 10 2018 02:24 AM
  • 319
  • 0
  • 0