Download the PHP package destruidorpt/laravel-sqrl-auth without Composer

On this page you can find all versions of the php package destruidorpt/laravel-sqrl-auth. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of destruidorpt/laravel-sqrl-auth

Informations about the package laravel-sqrl-auth

Laravel SQRL Authentication

Issues Stars License

Introduction

SQRL(Secure, Quick, Reliable Login) is a draft open standard for anonymous and secure user identification and authentication to websites and web applications, designed to eliminate username and password authentication to remote websites. Users need only to provide one password to unlock their signing keys, which are stored locally on their device and never disclosed to any website. The password is verified locally on the device that stores the signing keys.

Laravel is a free, open-source PHP web framework, created by Taylor Otwell and intended for the development of web applications following the model–view–controller (MVC) architectural pattern and based on Symfony. One of the features of Laravel is a modular packaging system with a dedicated dependency manager.

The following project consists of a laravel module designed to integrate SQRL authentication system to any laravel project.

SQRL versions supported

List of SQRL versions supported in this package and the features that were developed.

We recommend reading these documents:

SQRL version 1

Requirements

Installation

You can check the installation process here to Installation and Demo Video.

First, install laravel , and make sure that the database connection settings are correct.

Then run this command to create the necessary tables:

Add the following lines to this file .env.

Verify that the csrf token is not being verified in the route configured in SQRL_ROUTE_TO_SQRL_AUTH (file .env), can be disabled in app/Http/Middleware/VerifyCsrfToken.php with the variable $except by adding the information in SQRL_ROUTE_TO_SQRL_AUTH. (If it's not disabled, the SQRL Client will not be able to communicate with the SQRL Server).

The next step is to copy the routes below to routes/api.php and past the route in the SQRL_ROUTE_TO_SQRL_AUTH (file .env) in this case, below the route the value will be SQRL_ROUTE_TO_SQRL_AUTH=/api/sqrl.

Currently Laravel has a limitation for API calls per user, if your Laravel project locks API calls, consider tinkering with the following file:

And edit in $middlewareGroups the value throttle:60,1 of api, if you don t want to laravel lock the API calls comment throttle:60,1.

Important notice when developing the project, SQRL is only ready to work with https, which means you must have the certificates working.

Configure Log System

This configuration is optional, but strongly recommended for debug purposes in case of any problems. If you want to register or log the information between SQRL server and the SQRL client, this is good for debug purposes, follow the steps below.

Put the code below in the file config\logging.php on the array channels, this will separate the log file per day.

Details to get the project working with full functionality

Here we will talk about how to apply all the available features gradually, in case you do not understand, you always have the Example Instalation chapter and there you can install the example and see how it was implemented while being able to see the SQRL working.

It will be divided into following parts:

SQRL Authentication

This is the functionality to authenticate users to the site. First step, create a nonce for the authenticate user and send it to your login view, like the code below:

More details in Function to Generate Authenticated Nonce.

Second step, check if you have the code below in routes/api.php, this will be the route to communicate to the SQRL Server and to check if the nonce is authenticated.

More details in API Function to Check If is Ready the Nonce.

Third step, put the code exemple below anywhere in your login page , this will be the link and the QR Code for the user to use with the SQRL Client.

More details about QR Code Generator.

Fourth step, copy the script to your html page, this will verify if the next page is ready by the nonce value, it will check every 500 milliseconds (Recommend changing the value).

Fifth step, is to put this code:

on the function was pointed in the variable SQRL_URL_LOGIN(file .env), you can see the function name and controller name in the routes/web.php. You can see the exemples below. SQRL_URL_LOGIN(file .env):

routes/web.php:

Done, now it will be ready for use and testing.

SQRL Question

This is a feature for questioning users by the SQRL application. First step, create a nonce to question user and send it to your login view, like the code below:

More details in Function to Generate Question Nonce.

Second step, check if you have the code below in routes/api.php, this will be the route to communicate to the SQRL Server and to check if the nonce is authenticated.

More details in API Function to Check If is Ready the Nonce.

Third step, put the code exemple below anywhere in your page, this will be the link and the QR Code for the user to use with the SQRL Client.

More Details about QR Code Generator.

Fourth step, copy the script to your html page, this will verify if the next page is ready by the nonce value, it will check every 500 milliseconds (Recommend changing the value).

Fifth step, is to register the user choice on your personal controller, because when the user selects the option it will be redirected to that URL, in that url you save the user choice. The next url depends on the choice and depends on the url you submited on the function of the first step.

Done, noe it will be ready for use and testing.

IP Address Verification

This is the functionality that verifies that the IP Address of the first nonce request is the same as the next requests around that nonce, in some cases this check is not done, for exemple the SQRL Client Mobile, as this is another device that does not have the same IP Address it was saved in request to create nonce. No implementation is required but it is good to know that you have this feature already inserted in the project, so when creating nonces always use the functions of the package, you can check the IP Address in Sqrl_nonce->ip_address. More details in Sqrl_nonce.

SQRL Disabled

This feature is for the SQRL Client to disable SQRL authentication or to disable SQRL Client keys. No implementation is required but it is good to know that you have this feature already inserted in the project, to check if a pubkey is disabled you can check Sqrl_pubkey->disabled, '0' means not disable and '1' is disable. More details in Sqrl_pubkey.

SQRL Only Allowed

Optional Functionality

This feature is for the user to block username and password login feature, this feature is enabled by SQRL Client application.

In order to know if the user as SQRL only allowed, you can perform this function:

More details in Function to Check If User Can Auth By Normal Login. For example you can add this code before allowing user authentication, check if it is allowed:

SQRL Hardlock

Optional Functionality

This feature is so that the user can lock the password recovery feature, this feature is enabled by SQRL Client application.

In order to know if user as SQRL hardlock, you can perform this function:

More details in Function to Check If User Can Use Recover Password. For example you can add this code before allowing the user to recover his password, check if it is allowed:

Example Instalation

First you need to have followed the Install topic before continuing with this topic.

Make sure to follow these steps so that you can install this example. To start run the following command.

The next step is to copy the routes below to routes/api.php.

Finally to finish the installation, you just have to copy the following routes to routes/web.php.

Classes And Data

Here is all the information saved in the database and the classes used.

The list of classes:

Sqrl_nonce (DestruidorPT\LaravelSQRLAuth\App\Sqrl_nonce)

The Class Sqrl_nonce contains all the information needed to create a point to start a communicacion between SQRL Server and SQRL Client. Below you can find all the data:

Field Name Type Value Observation
id bigint(20) ID
nonce varchar(255) Nonce Can be used to communicate between SQRL Client and SQRL Server
type enum Possible values is 'auth' and 'question'
ip_address varchar(45) IP Address of the request made when this nonce was created
url longtext URL to redirect when nonce was verified successful
can longtext URL to redirect when user cancel authentication or the question
verified tinyint(4) Values possible is '0' or '1', '0' not verified and '1' verified
orig_nonce varchar(255) Is the same value of field 'nonce' when was created
question longtext All the informacion to create question on the SQRL Client
btn_answer tinyint(4) Response of user on the question, values possible is '0' to “OK” button, '1' to the first button and '2' to the secound button
sqrl_pubkey_id bigint(20) Is the Sqrl_pubkey id
created_at timestamp Date when was created
updated_at timestamp Last modified date

Sqrl_pubkey (DestruidorPT\LaravelSQRLAuth\App\Sqrl_pubkey)

The Class Sqrl_pubkey contains all the information needed to know what SQRL Client is related to the user, in other words it's where all the information about the SQRL Client keys and the user related exists. Once again you can find the data below:

Name Type Value Observation
id bigint(20) ID
user_id bigint(20) Is the User ID
public_key varchar(255) This is the user's SQRL ID which uniquely identifies them to the site, is called IDK in SQRL Documentation
vuk varchar(255) Is the Server Unlock Key in SQRL Documentation
suk varchar(255) Is the Verify Unlock Key in SQRL Documentation
disabled tinyint(4) Values possible is '0' or '1', '0' Enable Sqrl_pubkey and '1' Disable Sqrl_pubkey
sqrl_only_allowed tinyint(4) Values possible is '0' or '1', '0' SQRL Only Autheticacion disable and '1' SQRL Only Autheticacion enable
hardlock tinyint(4) Values possible is '0' or '1', '0' hardlock disable and '1' hardlock enable
created_at timestamp Date when was created
updated_at timestamp Last modified date

Functions Availables

List of all available features for the implementation of all available SQRL features.

SQRLController (DestruidorPT\LaravelSQRLAuth\App\Http\Controllers\SQRL\SQRLController)

Only use this controller on your own server.

Function to Generate Authenticated Nonce

To generate the Authenticated Nonce, you need to call the function below.

This function will return this array:

Function to Generate Question Nonce

To generate the Question Nonce, you need to call the function below.

This function need these values:

This function will return this array:

Function to Check If User Can Auth By Normal Login

To check if an user can login normally, you need to call the function below.

This function need this value:

This function will return this boolean:

Function to Check If User Can Use Recover Password

To check if the user can recover his password, you need to call the function below.

This function need these values:

This function will return this boolean:

Function to Check If User Can Auth By SQRL

To check if the user can make am SQRL Authentication, you need to call the function below.

This function need this value:

This function will return this boolean:

Function to Check If the Nonce is Ready

This function is necessary for when the user uses SQRL Client Mobile or some SQRL Client that cannot redirect to the user browser, when that happens the user browser needs to check from time to time the nonce, and when the nonce is valid and is of type authentication you need to call the function Get User By Original Nonce If Can Be Authenticated. The function name is below.

This function need this value:

This function will return null if the nonce is null or empty, if nonce is valid it will return this array:

Function to Get User By Original Nonce If Can Be Authenticated

This function is to get the user if the nonce is valid. The function name is below.

This function need this value:

This function will return one of these values:

SQRLControllerAPI (DestruidorPT\LaravelSQRLAuth\App\Http\Controllers\SQRL\SQRLControllerAPI)

This controller is able to integrate other sites with your SQRL Server and for the SQRL client to communicate.

API Function to SQRL

This function is the most important and it's required to use, without this function the SQRL Server will not work, to make the configuration you need to create a route API and put the route in the file .env in the variable SQRL_ROUTE_TO_SQRL_AUTH. Then all communication from SQRL Client will go to this API Function, to see what happens check the log, you can see more information in Configure Log System.

This function will return this array:

API Function to Check If the Nonce is Ready

This function is necessary for when the user uses SQRL Client Mobile or some SQRL Client the cannot redirect the user browser, when that happens the user browser need to check from time to time the nonce, and when the nonce is valid and is a nonce of type authetication you need to call function Get User By Original Nonce If Can Be Authenticated. The function name is below.

This function need this value:

This function will return 404 if the $_GET["nut"] is null or empty, if the nonce is valid it will return this array:

Installation and Demo Video

Click here to go to the video on YouTube

Click here to go to the video on YouTube

Contacts

All versions of laravel-sqrl-auth with dependencies

PHP Build Version
Package Version
Requires php Version >=7.2
laravel/framework Version >=6.0
simplesoftwareio/simple-qrcode Version >=2.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package destruidorpt/laravel-sqrl-auth contains the following files

Loading the files please wait ....