-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsqrl.validation.inc
61 lines (53 loc) · 1.09 KB
/
sqrl.validation.inc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
<?php
/**
* @file
* TBD.
*/
/**
* Callback from sqrl_menu to start a validation of a SQRL request from a
* SQRL client for the given operation $op.
*
* @see sqrl_supported_operations()
*
* @param string $op
*/
function sqrl_validation($op) {
/*
* Validate, that this is a legitimate request:
* - Are all required parameters provided and properly formatted?
* - Is the NUK valid?
* - Is the given $op supported?
*/
// TODO: implement the first two tests.
if (!in_array($op, sqrl_supported_operations())) {
header('http_code: 404', TRUE, 404);
echo "Bad boy";
exit;
}
/*
* Determine the session that relates to the given NUK.
*/
// TODO
/*
* Determine the user account according to the given public key.
*/
// TODO
/*
* Validate the signature.
*/
// TODO
/*
* Invalidate other user sessions if required.
*/
// TODO
/*
* Start user session and send a signal to the waiting browser.
*/
// TODO
/*
* Send feedback to the request and exit.
*/
header('http_code: 200', TRUE, 200);
echo "SQRL: OK";
exit;
}