implement U2F challenge verification

appinfo/info.xml

@@ -8,6 +8,11 @@
 	<version>0.0.1</version>
 	<namespace>TwoFactor_U2F</namespace>
 	<category>tools</category>
+	
+	<two-factor-providers>
+		<provider>OCA\TwoFactor_U2F\Provider\U2FProvider</provider>
+	</two-factor-providers>
+	
 	<dependencies>
 		<owncloud min-version="9.0" />
 	</dependencies>

js/challenge.js

@@ -0,0 +1,21 @@
+/* global OCA, u2f */
+
+(function (OCA, u2f) {
+	'use strict';
+
+	OCA.TwoFactor_U2F = OCA.TwoFactor_U2F || {};
+
+	$(function () {
+		var req = JSON.parse($('#u2f-auth').val());
+		console.log("sign: ", req);
+		u2f.sign(req, function (data) {
+			var $form = $('#u2f-form');
+			var $auth = $('#challenge');
+			console.log($form);
+			console.log($auth);
+			console.log("Authenticate callback", data);
+			$auth.val(JSON.stringify(data));
+			$form.submit();
+		});
+	});
+})(OCA || {}, u2f);

lib/Provider/U2FProvider.php

@@ -0,0 +1,101 @@
+<?php
+
+/**
+ * Nextcloud - U2F 2FA
+ *
+ * This file is licensed under the Affero General Public License version 3 or
+ * later. See the COPYING file.
+ *
+ * @author Christoph Wurst <christoph@winzerhof-wurst.at>
+ * @copyright Christoph Wurst 2016
+ */
+
+namespace OCA\TwoFactor_U2F\Provider;
+
+use OCA\TwoFactor_U2F\Service\U2FManager;
+use OCP\Authentication\TwoFactorAuth\IProvider;
+use OCP\IL10N;
+use OCP\IUser;
+use OCP\Template;
+
+class U2FProvider implements IProvider {
+
+	/** @var IL10N */
+	private $l10n;
+
+	/** @var U2FManager */
+	private $manager;
+
+	/**
+	 * @param IL10N $l10n
+	 * @param U2FManager $manager
+	 */
+	public function __construct(IL10N $l10n, U2FManager $manager) {
+		$this->l10n = $l10n;
+		$this->manager = $manager;
+	}
+
+	/**
+	 * Get unique identifier of this 2FA provider
+	 *
+	 * @return string
+	 */
+	public function getId() {
+		return 'u2f';
+	}
+
+	/**
+	 * Get the display name for selecting the 2FA provider
+	 *
+	 * @return string
+	 */
+	public function getDisplayName() {
+		return 'U2F Device';
+	}
+
+	/**
+	 * Get the description for selecting the 2FA provider
+	 *
+	 * @return string
+	 */
+	public function getDescription() {
+		return $this->l10n->t('Authenticate with an U2F device');
+	}
+
+	/**
+	 * Get the template for rending the 2FA provider view
+	 *
+	 * @param IUser $user
+	 * @return Template
+	 */
+	public function getTemplate(IUser $user) {
+		$reqs = $this->manager->startAuthenticate();
+
+		$tmpl = new Template('twofactor_u2f', 'challenge');
+		$tmpl->assign('reqs', $reqs);
+		return $tmpl;
+	}
+
+	/**
+	 * Verify the given challenge
+	 *
+	 * @param IUser $user
+	 * @param string $challenge
+	 */
+	public function verifyChallenge(IUser $user, $challenge) {
+		$x = $challenge;
+		$this->manager->finishAuthenticate($challenge);
+		return true;
+	}
+
+	/**
+	 * Decides whether 2FA is enabled for the given user
+	 *
+	 * @param IUser $user
+	 * @return boolean
+	 */
+	public function isTwoFactorAuthEnabledForUser(IUser $user) {
+		return $this->manager->isEnabled($user);
+	}
+
+}

lib/Service/U2FManager.php

@@ -89,11 +89,17 @@ class U2FManager {
 
 	public function startAuthenticate() {
 		$u2f = $this->getU2f();
-		$u2f->getAuthenticateData($registrations);
+		$reqs = $u2f->getAuthenticateData($this->getRegs());
+		$this->session->set('twofactor_u2f_authReq', json_encode($reqs));
+		return $reqs;
 	}
 
-	public function finishAuthenticate() {
-		
+	public function finishAuthenticate($challenge) {
+		$u2f = $this->getU2f();
+
+		$authReq = json_decode($this->session->get('twofactor_u2f_authReq'));
+		$reg = $u2f->doAuthenticate($authReq, $this->getRegs(), json_decode($challenge));
+		$this->setReg($reg);
 	}
 
 }

templates/challenge.php

@@ -0,0 +1,12 @@
+<?php
+
+script('twofactor_u2f', 'vendor/u2f-api');
+script('twofactor_u2f', 'challenge');
+
+?>
+
+<input id="u2f-auth" type="hidden" value="<?php p(json_encode($_['reqs'])); ?>">
+
+<form method="POST" id="u2f-form">
+    <input id="challenge" type="hidden" name="challenge">
+</form>