Skip to content
Package for Authentication between Laravel and SQRL
PHP HTML
Branch: master
Clone or download

Latest commit

Fetching latest commit…
Cannot retrieve the latest commit at this time.

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
exemple
src v1.0.0 Jan 12, 2020
vendor
LICENSE
README.md
composer.json

README.md

Laravel SQRL Authentication

Issues Stars License

Introduction

SQRL(Secure, Quick, Reliable Login) is a draft open standard for anonymous and secure user identification and authentication to websites and web applications, designed to eliminate username and password authentication to remote websites. Users need only to provide one password to unlock their signing keys, which are stored locally on their device and never disclosed to any website. The password is verified locally on the device that stores the signing keys.

Laravel is a free, open-source PHP web framework, created by Taylor Otwell and intended for the development of web applications following the model–view–controller (MVC) architectural pattern and based on Symfony. One of the features of Laravel is a modular packaging system with a dedicated dependency manager.

The following project consists of a laravel module designed to integrate SQRL authentication system to any laravel project.

SQRL versions supported

List of SQRL versions supported in this package and the features that were developed.

We recommend reading these documents:

SQRL version 1

Requirements

  • PHP >= 7.2.0
  • Laravel >= 6.0.0

Installation

You can check the installation process here to Installation and Demo Video.

First, install laravel , and make sure that the database connection settings are correct.

composer require destruidorpt/laravel-sqrl-auth

Then run this command to create the necessary tables:

php artisan migrate

Add the following lines to this file .env.

APP_URL=https://sqrl.test               # This one already exists in the .env file is the URL of your aplicacion 

SQRL_KEY_DOMAIN=sqrl.test               # URL to yours SQRL Server without http:// and https://
SQRL_ROUTE_TO_SQRL_AUTH=/api/sqrl       # Route to SQRL Server API, it must be pointed to the controller `SQRLControllerAPI` in the function `sqrl()`
SQRL_URL_LOGIN=https://sqrl.test/login  # URL to your login page
SQRL_NONCE_MAX_AGE_MINUTES=5            # Max age in minutes of the valid nonce
SQRL_NONCE_SALT=RANDOM                  # Generate a random salt value to calculate the nonce

Verify that the csrf token is not being verified in the route configured in SQRL_ROUTE_TO_SQRL_AUTH (file .env), can be disabled in app/Http/Middleware/VerifyCsrfToken.php with the variable $except by adding the information in SQRL_ROUTE_TO_SQRL_AUTH. (If it's not disabled, the SQRL Client will not be able to communicate with the SQRL Server).

The next step is to copy the routes below to routes/api.php and past the route in the SQRL_ROUTE_TO_SQRL_AUTH (file .env) in this case, below the route the value will be SQRL_ROUTE_TO_SQRL_AUTH=/api/sqrl.

Route::group(['namespace'=>'\DestruidorPT\LaravelSQRLAuth\App\Http\Controllers'], function() {
    Route::post('/sqrl', 'SQRL\SQRLControllerAPI@sqrl');                # Route of API SQRL
});

Currently Laravel has a limitation for API calls per user, if your Laravel project locks API calls, consider tinkering with the following file:

App\Http\Kernel.php

And edit in $middlewareGroups the value throttle:60,1 of api, if you don t want to laravel lock the API calls comment throttle:60,1.

protected $middlewareGroups = [
        'api' => [
            'throttle:60,1', #edit this value 
            'bindings',
        ],
    ];

Important notice when developing the project, SQRL is only ready to work with https, which means you must have the certificates working.

Configure Log System

This configuration is optional, but strongly recommended for debug purposes in case of any problems. If you want to register or log the information between SQRL server and the SQRL client, this is good for debug purposes, follow the steps below.

Put the code below in the file config\logging.php on the array channels, this will separate the log file per day.

'LaravelSQRLAuth' => [
    'driver' => 'daily',
    'path' => storage_path('logs/LaravelSQRLAuth/' . date('Y/m/') . 'sqrl.log'), // add dynamic folder structure
    'level' => 'debug',
    'days' => 31, // set the maximum number of days in a month
]

Details to get the project working with full functionality

Here we will talk about how to apply all the available features gradually, in case you do not understand, you always have the Example Instalation chapter and there you can install the example and see how it was implemented while being able to see the SQRL working.

It will be divided into following parts:

SQRL Authentication

This is the functionality to authenticate users to the site. First step, create a nonce for the authenticate user and send it to your login view, like the code below:

return view('LaravelSQRLAuthExemples.login', SQRLController::getNewAuthNonce());

More details in Function to Generate Authenticated Nonce.

Second step, check if you have the code below in routes/api.php, this will be the route to communicate to the SQRL Server and to check if the nonce is authenticated.

Route::group(['namespace'=>'\DestruidorPT\LaravelSQRLAuth\App\Http\Controllers'], function() {
    Route::get('/sqrl', 'SQRL\SQRLControllerAPI@checkIfisReady');       # Route to check if the nonce is verified
    Route::post('/sqrl', 'SQRL\SQRLControllerAPI@sqrl');                # Route of API SQRL
});

More details in API Function to SQRL and in API Function to Check If is Ready the Nonce.

Third step, put the code exemple below anywhere in your login page , this will be the link and the QR Code for the user to use with the SQRL Client.

<a class="mx-auto" id="sqrl" href="{{$url_login_sqrl}}" onclick="sqrlLinkClick(this);return true;" encoded-sqrl-url="{{$encoded_url_login_sqrl}}" tabindex="-1">
    <img src="https://upload.wikimedia.org/wikipedia/commons/thumb/1/17/SQRL_icon_vector_outline.svg/1200px-SQRL_icon_vector_outline.svg.png" style="margin-left:30px;margin-top:30px" class="card-img sqrl-logo" border="0" alt=" SQRL Code - Click to authenticate your SQRL identity ">
    <p style="margin-left:30px;margin-top:20px"> {!! QrCode::size(100)->generate($url_login_sqrl); !!} </p>
</a>

More details about QR Code Generator.

Fourth step, copy the script to your html page, this will verify if the next page is ready by the nonce value, it will check every 500 milliseconds (Recommend changing the value).

<script>
    var syncQuery = window.XMLHttpRequest ? new window.XMLHttpRequest() : new ActiveXObject('MSXML2.XMLHTTP.3.0');
    var url = '{{$check_state_on}}';	// the location of the SQRL server
    var newSync, lastSync, encodedSqrlUrl = false, sqrlScheme = true;
    var gifProbe = new Image(); 					// create an instance of a memory-based probe image
    var localhostRoot = 'http://localhost:25519/';	// the SQRL client listener

    gifProbe.onload = function() {  // define our load-success function
        sqrlScheme = false;			// prevent retriggering of the SQRL QR code.
        document.location.href = localhostRoot + encodedSqrlUrl;
    };
    gifProbe.onerror = function() { // define our load-failure function
        setTimeout( function(){ gifProbe.src = localhostRoot + Date.now() + '.gif';	}, 250 );
    }
    function pollForNextPage() {
        if (document.hidden) {					// before probing for any page change, we check to 
            setTimeout(pollForNextPage, 5000);	// see whether the page is visible. If the user is 
            return;								// not viewing the page, check again in 5 seconds.
        }
        syncQuery.open( 'GET', url);	// the page is visible, so let's check for any update
        syncQuery.onreadystatechange = function() {
            if ( syncQuery.readyState === 4 ) {
                if ( syncQuery.status === 200 ) {
                    console.log(syncQuery.response);
                    var response = JSON.parse(syncQuery.response);
                    if(response.isReady == true) {
                        document.location.href = response.nextPage;
                    } else {
                        if(response.msg === "Time out, reload nonce!" || response.msg === "IP Doesnt Match!" || response.msg === "SQRL is disable for this user!") {
                            console.log(response.msg);
                            var div = document.getElementById("ErroMessage");
                            div.innerHTML = response.msg+" Reload The Page and try again! If you want to Authenticate by SQRL";
                            div.removeAttribute("hidden"); 
                        } else {
                            setTimeout(pollForNextPage, 500); // next check in 500 milliseconds 
                        }
                    }
                } else {
                    setTimeout(pollForNextPage, 500); // next check in 500 milliseconds 
                }
            }	
        };
        syncQuery.send(); // initiate the query to the 'sync.txt' object.
    };
    function sqrlLinkClick(e) {
        encodedSqrlUrl = e.getAttribute('encoded-sqrl-url');
        // if we have an encoded URL to jump to, initiate our GIF probing before jumping
        if ( encodedSqrlUrl ) { gifProbe.onerror(); };	// trigger the initial image probe query
    }
    pollForNextPage();
</script>

Fifth step, is to put this code:

if(isset($_GET["nut"]) && !empty($_GET["nut"])) { // Check if the nut exist or if it's past on URL https://site.test?nut=<nonce value>
    $object = SQRLController::getUserByOriginalNonceIfCanBeAuthenticated($_GET["nut"]); //Get the user by the original nonce
    if(isset($object)) { //Will be null if the nonce expired or is invalid
        if($object instanceof Sqrl_pubkey) { // This only happen when no SQRL Client is associated to the user, then Sqrl_pubkey from SQRL CLient is returned
            //new user
            return view('LaravelSQRLAuthExemples.newsqrl');//View for the user to create account or associate to one already created
        } else if($object > 0) { //This happen when SQRL Client is associated to a user, so the value is number and is the id of the user
            Auth::loginUsingId($object); //This is for authenticate the user with that id
        }
    }
}

on the function was pointed in the variable SQRL_URL_LOGIN(file .env), you can see the function name and controller name in the routes/web.php. You can see the exemples below. SQRL_URL_LOGIN(file .env):

SQRL_URL_LOGIN=https://sqrl.test/login  # URL to your login page

routes/web.php:

Route::get('/login', 'LaravelSQRLAuthExemples\ExempleController@getAuthPage')->name('login');

Done, now it will be ready for use and testing.

SQRL Question

This is a feature for questioning users by the SQRL application. First step, create a nonce to question user and send it to your login view, like the code below:

$data = SQRLController::getNewQuestionNonce("https://sqrl.test/okbutton", "https://sqrl.test/cancelbutton", "Do you confirm 5$ tranfering?", "I accept", https://sqrl.test/iacceptbutton", "Cancel", https://sqrl.test/cancelbutton");
return view('LaravelSQRLAuthExemples.transfer', $data);

More details in Function to Generate Question Nonce.

Second step, check if you have the code below in routes/api.php, this will be the route to communicate to the SQRL Server and to check if the nonce is authenticated.

Route::group(['namespace'=>'\DestruidorPT\LaravelSQRLAuth\App\Http\Controllers'], function() {
    Route::get('/sqrl', 'SQRL\SQRLControllerAPI@checkIfisReady');       # Route to check if the nonce is verified
    Route::post('/sqrl', 'SQRL\SQRLControllerAPI@sqrl');                # Route of API SQRL
});

More details in API Function to SQRL and in API Function to Check If is Ready the Nonce.

Third step, put the code exemple below anywhere in your page, this will be the link and the QR Code for the user to use with the SQRL Client.

<a class="mx-auto" id="sqrl" href="{{$url_question_sqrl}}" onclick="sqrlLinkClick(this);return true;" encoded-sqrl-url="{{$encoded_url_question_sqrl}}" tabindex="-1">
    <img src="https://upload.wikimedia.org/wikipedia/commons/thumb/1/17/SQRL_icon_vector_outline.svg/1200px-SQRL_icon_vector_outline.svg.png" style="margin-left:30px;margin-top:30px" class="card-img sqrl-logo" border="0" alt=" SQRL Code - Click to authenticate your SQRL identity ">
    <p style="margin-left:30px;margin-top:20px"> {!! QrCode::size(100)->generate($url_question_sqrl); !!} </p>
</a>

More Details about QR Code Generator.

Fourth step, copy the script to your html page, this will verify if the next page is ready by the nonce value, it will check every 500 milliseconds (Recommend changing the value).

<script>
    var syncQuery = window.XMLHttpRequest ? new window.XMLHttpRequest() : new ActiveXObject('MSXML2.XMLHTTP.3.0');
    var url = '{{$check_state_on}}';	// the location of the SQRL server
    var newSync, lastSync, encodedSqrlUrl = false, sqrlScheme = true;
    var gifProbe = new Image(); 					// create an instance of a memory-based probe image
    var localhostRoot = 'http://localhost:25519/';	// the SQRL client listener

    gifProbe.onload = function() {  // define our load-success function
        sqrlScheme = false;			// prevent retriggering of the SQRL QR code.
        document.location.href = localhostRoot + encodedSqrlUrl;
    };
    gifProbe.onerror = function() { // define our load-failure function
        setTimeout( function(){ gifProbe.src = localhostRoot + Date.now() + '.gif';	}, 250 );
    }
    function pollForNextPage() {
        if (document.hidden) {					// before probing for any page change, we check to 
            setTimeout(pollForNextPage, 500);	// see whether the page is visible. If the user is 
            return;								// not viewing the page, check again in 5 seconds.
        }
        syncQuery.open( 'GET', url);	// the page is visible, so let's check for any update
        syncQuery.onreadystatechange = function() {
            if ( syncQuery.readyState === 4 ) {
                if ( syncQuery.status === 200 ) {
                    console.log(syncQuery.response);
                    var response = JSON.parse(syncQuery.response);
                    if(response.isReady == true) {
                        if(response.btn) {
                            var div = document.getElementById("ErroMessage");
                            div.innerHTML = "Button "+response.btn+": "+response.msg;
                            if(response.nextPage) {
                                var a = document.createElement('a');
                                var linkText = document.createTextNode("Click here to go to button reference.");
                                a.appendChild(linkText);
                                a.title = "Button href";
                                a.href = response.nextPage;
                                div.appendChild(a);
                            }
                            div.removeAttribute("hidden"); 
                        }
                    } else {
                        if(response.msg === "Time out, reload nonce!" || response.msg === "IP Doesnt Match!" || response.msg === "SQRL is disable for this user!") {
                            console.log(response.msg);
                            var div = document.getElementById("ErroMessage");
                            div.innerHTML = response.msg+" Reload The Page and try again! If you want to Authenticate by SQRL";
                            div.removeAttribute("hidden"); 
                        } else {
                            setTimeout(pollForNextPage, 500);
                        }
                    }
                } else {
                    setTimeout(pollForNextPage, 500);
                }
            }	
        };
        syncQuery.send(); // initiate the query to the 'sync.txt' object.
    };
    function sqrlLinkClick(e) {
        encodedSqrlUrl = e.getAttribute('encoded-sqrl-url');
        // if we have an encoded URL to jump to, initiate our GIF probing before jumping
        if ( encodedSqrlUrl ) { gifProbe.onerror(); };	// trigger the initial image probe query
    }
    pollForNextPage();
</script>

Fifth step, is to register the user choice on your personal controller, because when the user selects the option it will be redirected to that URL, in that url you save the user choice. The next url depends on the choice and depends on the url you submited on the function of the first step.

Done, noe it will be ready for use and testing.

IP Address Verification

This is the functionality that verifies that the IP Address of the first nonce request is the same as the next requests around that nonce, in some cases this check is not done, for exemple the SQRL Client Mobile, as this is another device that does not have the same IP Address it was saved in request to create nonce. No implementation is required but it is good to know that you have this feature already inserted in the project, so when creating nonces always use the functions of the package, you can check the IP Address in Sqrl_nonce->ip_address. More details in Sqrl_nonce.

SQRL Disabled

This feature is for the SQRL Client to disable SQRL authentication or to disable SQRL Client keys. No implementation is required but it is good to know that you have this feature already inserted in the project, to check if a pubkey is disabled you can check Sqrl_pubkey->disabled, '0' means not disable and '1' is disable. More details in Sqrl_pubkey.

SQRL Only Allowed

Optional Functionality

This feature is for the user to block username and password login feature, this feature is enabled by SQRL Client application.

In order to know if the user as SQRL only allowed, you can perform this function:

SQRLController::checkIfUserCanAuthByNormalLogin($user_id);

More details in Function to Check If User Can Auth By Normal Login. For example you can add this code before allowing user authentication, check if it is allowed:

if(isset($user)){ //Check if the user exists
    if(!SQRLController::checkIfUserCanAuthByNormalLogin($user->id)) { //Check if the user can not be authentication by normal login authentication
        return redirect()->intended('login')->withErrors(['SQRL Only Allowed!!!']);//If returned false then the user only can authenticate by SQRL
    }
}

SQRL Hardlock

Optional Functionality

This feature is so that the user can lock the password recovery feature, this feature is enabled by SQRL Client application.

In order to know if user as SQRL hardlock, you can perform this function:

SQRLController::checkIfUserCanUseRecoverPassword($user_id);

More details in Function to Check If User Can Use Recover Password. For example you can add this code before allowing the user to recover his password, check if it is allowed:

if(isset($user)){ //Check if the user exists
    if(!SQRLController::checkIfUserCanUseRecoverPassword($user->id)) { //Check if the user can not recovery the password
        return redirect()->intended('resetpw')->withErrors(['SQRL not Allowed recovery account!!!']); //This means that the account as hardlocked by SQRL Client that not Allowed recovery password by email or personal questions
    }
}

Example Instalation

First you need to have followed the Install topic before continuing with this topic.

Make sure to follow these steps so that you can install this example. To start run the following command.

php artisan vendor:publish --provider="DestruidorPT\LaravelSQRLAuth\LaravelSQRLAuthServiceProvider"

The next step is to copy the routes below to routes/api.php.

Route::group(['namespace'=>'\DestruidorPT\LaravelSQRLAuth\App\Http\Controllers'], function() {
    Route::get('/sqrl', 'SQRL\SQRLControllerAPI@checkIfisReady');       # Route to check if the nonce is verified
    Route::post('/sqrl', 'SQRL\SQRLControllerAPI@sqrl');                # Route of API SQRL
});

Finally to finish the installation, you just have to copy the following routes to routes/web.php.

Route::get('/', function () {
    return redirect('login');
});

Route::get('/login', 'LaravelSQRLAuthExemples\ExempleController@getAuthPage')->name('login');
Route::post('/login', 'LaravelSQRLAuthExemples\ExempleController@login');
Route::post('/logout', 'LaravelSQRLAuthExemples\ExempleController@logout')->name('logout');

Route::get('/dashboard', 'LaravelSQRLAuthExemples\ExempleController@getDashboardPage')->name('dashboard');

Route::post('/transfer', 'LaravelSQRLAuthExemples\ExempleController@getTransferConfirmation');

Route::get('/resetpw', 'LaravelSQRLAuthExemples\ExempleController@getResetPWPage')->name('resetpw');
Route::post('/resetpw', 'LaravelSQRLAuthExemples\ExempleController@resetPW');

Route::post('/newlogin', 'LaravelSQRLAuthExemples\ExempleController@newlogin');
Route::post('/newaccount', 'LaravelSQRLAuthExemples\ExempleController@newAcc');

Classes And Data

Here is all the information saved in the database and the classes used.

The list of classes:

Sqrl_nonce (DestruidorPT\LaravelSQRLAuth\App\Sqrl_nonce)

The Class Sqrl_nonce contains all the information needed to create a point to start a communicacion between SQRL Server and SQRL Client. Below you can find all the data:

Field Name Type Value Observation
id bigint(20) ID
nonce varchar(255) Nonce Can be used to communicate between SQRL Client and SQRL Server
type enum Possible values is 'auth' and 'question'
ip_address varchar(45) IP Address of the request made when this nonce was created
url longtext URL to redirect when nonce was verified successful
can longtext URL to redirect when user cancel authentication or the question
verified tinyint(4) Values possible is '0' or '1', '0' not verified and '1' verified
orig_nonce varchar(255) Is the same value of field 'nonce' when was created
question longtext All the informacion to create question on the SQRL Client
btn_answer tinyint(4) Response of user on the question, values possible is '0' to “OK” button, '1' to the first button and '2' to the secound button
sqrl_pubkey_id bigint(20) Is the Sqrl_pubkey id
created_at timestamp Date when was created
updated_at timestamp Last modified date

Sqrl_pubkey (DestruidorPT\LaravelSQRLAuth\App\Sqrl_pubkey)

The Class Sqrl_pubkey contains all the information needed to know what SQRL Client is related to the user, in other words it's where all the information about the SQRL Client keys and the user related exists. Once again you can find the data below:

Name Type Value Observation
id bigint(20) ID
user_id bigint(20) Is the User ID
public_key varchar(255) This is the user's SQRL ID which uniquely identifies them to the site, is called IDK in SQRL Documentation
vuk varchar(255) Is the Server Unlock Key in SQRL Documentation
suk varchar(255) Is the Verify Unlock Key in SQRL Documentation
disabled tinyint(4) Values possible is '0' or '1', '0' Enable Sqrl_pubkey and '1' Disable Sqrl_pubkey
sqrl_only_allowed tinyint(4) Values possible is '0' or '1', '0' SQRL Only Autheticacion disable and '1' SQRL Only Autheticacion enable
hardlock tinyint(4) Values possible is '0' or '1', '0' hardlock disable and '1' hardlock enable
created_at timestamp Date when was created
updated_at timestamp Last modified date

Functions Availables

List of all available features for the implementation of all available SQRL features.

SQRLController (DestruidorPT\LaravelSQRLAuth\App\Http\Controllers\SQRL\SQRLController)

Only use this controller on your own server.

Function to Generate Authenticated Nonce

To generate the Authenticated Nonce, you need to call the function below.

SQRLController::getNewAuthNonce();

This function will return this array:

[
    'nonce',                  <-- Nonce value,
    'check_state_on',         <-- Route to check if nonce was verified
    'url_login_sqrl',         <-- Url for sqrl client to receive
    'encoded_url_login_sqrl', <-- Endoded Base 64 URL(url for sqrl client to receive)
]

Function to Generate Question Nonce

To generate the Question Nonce, you need to call the function below.

SQRLController::getNewQuestionNonce($url, $can, $question, $btn1 = null, $url1 = null, $btn2 = null, $url2 = null);

This function need these values:

(
    $url,       <-- Url to Rederect user if he press ok
    $can,       <-- Url to Rederect user if he press cancel
    $question,  <-- String the question you want
    $btn1,      <-- Name of the first button opcion for user (is opcional, only requered if url1 is not null)
    $url1,      <-- Url to Rederect user if he press btn1 (is opcional)
    $btn2,      <-- Name of the secound button opcion for user (is opcional, only requered if url2 is not null)
    $url2       <-- Url to Rederect user if he press btn2 (is opcional)
)

This function will return this array:

[
    'nonce',                     <-- Nonce value
    'check_state_on',            <-- Route to check if nonce was verified
    'url_question_sqrl',         <-- Url for sqrl client to receive
    'encoded_url_question_sqrl', <-- Endoded Base 64 URL(url for sqrl client to receive)
]

Function to Check If User Can Auth By Normal Login

To check if an user can login normally, you need to call the function below.

SQRLController::checkIfUserCanAuthByNormalLogin($user_id);

This function need this value:

(
    $user_id <-- The user id you want to check, if this is null or not number > 0 function will return false
)

This function will return this boolean:

    true    <-- Can do a normal login (username and password)
    false   <-- SQRL Authentication Only Allowed

Function to Check If User Can Use Recover Password

To check if the user can recover his password, you need to call the function below.

SQRLController::checkIfUserCanUseRecoverPassword($user_id);

This function need these values:

(
    $user_id <-- The user id you want to check, if this is null or not number > 0 function will return false
)

This function will return this boolean:

    true    <-- Can do a normal login (username and password)
    false   <-- SQRL Authentication Only Allowed

Function to Check If User Can Auth By SQRL

To check if the user can make am SQRL Authentication, you need to call the function below.

SQRLController::checkIfUserCanAuthBySQRL($user_id);

This function need this value:

(
    $user_id <-- The user id you want to check, if this is null or not number > 0 function will return false
)

This function will return this boolean:

    true    <-- Can do a normal login (username and password)
    false   <-- SQRL Authentication Only Allowed

Function to Check If the Nonce is Ready

This function is necessary for when the user uses SQRL Client Mobile or some SQRL Client that cannot redirect to the user browser, when that happens the user browser needs to check from time to time the nonce, and when the nonce is valid and is of type authentication you need to call the function Get User By Original Nonce If Can Be Authenticated. The function name is below.

SQRLController::checkIfisReady($nut);

This function need this value:

(
    $nut       <-- Is the nonce you want to validate
)

This function will return null if the nonce is null or empty, if nonce is valid it will return this array:

[
    'isReady',  <-- False mean that nonce was not valid or verified
    'msg',      <-- This is msg of error and successful, and can be one of this one:
                    'Time out, reload nonce!' -- When this happen, you need to create new nonce because this exceed is valid time;
                    'IP Doesnt Match!' -- This happen when IP Adress of the nonce was created for, is not equal to the IP Address of the request made;
                    'Not Ready!' -- This happen when nonce is valid but still no SQRL Client checked the nonce;
                    'SQRL is disable for this user!' -- This happen when user was SQRL disable;
                    'Can be authenticated!' -- Successful authenticated message;
                    'The button selected is '.<--Here is number of button selected-->.'!' -- Successful question answer message;
                    'Button is invalid!' -- Successful question answer message but invalid button was received;
    'nextPage', <-- Url to Next Page (Only appear for Authenticated Nonces, when 'isReady' is true and when 'msg' is 'Can be authenticated!')
    'btn'      <-- the selected button question (Only appear for Question Nonces, when 'isReady' is true and when 'msg' is 'The button selected is <?>!' or 'Button is invalid!')
                   The text value of the btn parameter will be the character ‘0’ to “OK” button, ‘1’ to the first button or ‘2’ to the secound button.
] 

Function to Get User By Original Nonce If Can Be Authenticated

This function is to get the user if the nonce is valid. The function name is below.

SQRLController::getUserByOriginalNonceIfCanBeAuthenticated($orig_nonce);

This function need this value:

(
    $orig_nonce <-- The nonce value given on from function getNewAuthNonce()
)

This function will return one of these values:

    null                <-- If nonce is no longer valid or doesn't exist
    Class Sqrl_pubkey   <-- Return the Class Sqrl_pubkey this happen when no user is associated to the Sqrl_pubkey, means is maybe a new user or he need to   associate is user account to this Sqrl_pubkey
    Int user_id         <-- Return the user id when Sqrl_pubkey was found associated to a user

SQRLControllerAPI (DestruidorPT\LaravelSQRLAuth\App\Http\Controllers\SQRL\SQRLControllerAPI)

This controller is able to integrate other sites with your SQRL Server and for the SQRL client to communicate.

API Function to SQRL

This function is the most important and it's required to use, without this function the SQRL Server will not work, to make the configuration you need to create a route API and put the route in the file .env in the variable SQRL_ROUTE_TO_SQRL_AUTH. Then all communication from SQRL Client will go to this API Function, to see what happens check the log, you can see more information in Configure Log System.

SQRLController::sqrl();

This function will return this array:

[
    'nonce',                  <-- Nonce value,
    'check_state_on',         <-- Route to check if nonce was verified
    'url_login_sqrl',         <-- Url for sqrl client to receive
    'encoded_url_login_sqrl', <-- Endoded Base 64 URL(url for sqrl client to receive)
]

API Function to Check If the Nonce is Ready

This function is necessary for when the user uses SQRL Client Mobile or some SQRL Client the cannot redirect the user browser, when that happens the user browser need to check from time to time the nonce, and when the nonce is valid and is a nonce of type authetication you need to call function Get User By Original Nonce If Can Be Authenticated. The function name is below.

SQRLController::checkIfisReady();

This function need this value:

(
    $nut       <-- Is the nonce you want to validate, you pass this value by adding to url `?nut=<nonce_value>`
)

This function will return 404 if the $_GET["nut"] is null or empty, if the nonce is valid it will return this array:

[
    'isReady',  <-- False mean that nonce was not valid or verified
    'msg',      <-- This is msg of error and successful, and can be one of this one:
                    'Time out, reload nonce!' -- When this happen, you need to create new nonce because this exceed is valid time;
                    'IP Doesnt Match!' -- This happen when IP Adress of the nonce was created for, is not equal to the IP Address of the request made;
                    'Not Ready!' -- This happen when nonce is valid but still no SQRL Client checked the nonce;
                    'SQRL is disable for this user!' -- This happen when user was SQRL disable;
                    'Can be authenticated!' -- Successful authenticated message;
                    'The button selected is '.<--Here is name and the number of button selected-->.'!' -- Successful question answer message;
                    'Button is invalid!' -- Successful question answer message but invalid button was received;
    'nextPage', <-- Url to Next Page, appears when authentication was successfull and the url to the button was selected if was configurade
    'btn'      <-- the selected button question (Only appear for Question Nonces, when 'isReady' is true and when 'msg' is 'The button selected is <?>!' or 'Button is invalid!')  
] 

Installation and Demo Video

Click here to go to the video on YouTube

Click here to go to the video on YouTube

Contacts

You can’t perform that action at this time.