Merge pull request #2 from catalyst/master

Added a bit more documentation and minor code improvement

README.md

@@ -30,7 +30,7 @@ Placed in either config.php's authproc or in the appropriate metadata entity:
 10 => array(
 	'class' => 'simpletotp:2fa',
 	'secret_attr' => 'ga_secret', //default
-	'enforce_2fa' => 'false', //default
+	'enforce_2fa' => false, //default
 	'not_configured_url' => NULL,  //default
 ),
 ```
@@ -46,6 +46,28 @@ Placed in config.php authproc as one of the last functions to be processed:
 ),
 ```
 
+Example of how it can work with example-userpass module. Below config goes in authsource.php
+This module is enabled by default but if it is not make sure you create a file called enable
+inside modules/exampleauth directory.
+
+```php
+	'example-userpass' => array(
+		'exampleauth:UserPass',
+		'student:studentpass' => array(
+			'uid' => array('test'),
+			'ga_secret' => array('4HX4WBKVIJWDUV5I'),
+			'eduPersonAffiliation' => array('member', 'student'),
+		),
+	),
+```
+
+After logging in with username: student password: studentpass, you will be challenged for TOTP.
+4HX4WBKVIJWDUV5I is a secret key that can be generate by visiting /simplesaml/module.php/simpletotp/generate_token.php
+
+A random one will be generated everytime. You can also use the QR code to register your IdP with apps such as FreeOTP
+or Google Authenticator etc.
+
+
 **NOTE**: for TOTP to work you **MUST** ensure that the clock on your server is in sync.  If it is not, a matching token will never be generated and authentication will fail.
 
 Installation

lib/Auth/Process/2fa.php

@@ -1,9 +1,9 @@
 <?php
 /**
  * SimpleTOTP Authentication Processing filter
- * 
- * SimpleTOTP is a SimpleSAMLphp auth processing filter that enables the use 
- *  of the Time-Based One-Time Password Algorithm (TOTP) as a second-factor 
+ *
+ * SimpleTOTP is a SimpleSAMLphp auth processing filter that enables the use
+ *  of the Time-Based One-Time Password Algorithm (TOTP) as a second-factor
  *  authentication mechanism on either an Identity Provider or Service Provider
  *  (...or both!).
  *
@@ -40,8 +40,8 @@ class sspmod_simpletotp_Auth_Process_2fa extends SimpleSAML_Auth_ProcessingFilte
     private $enforce_2fa = false;
 
     /**
-     * External URL to redirect user to if $enforce_2fa is true and they do not 
-     *  have a TOTP attribute set.  If this attribute is NULL, the user will 
+     * External URL to redirect user to if $enforce_2fa is true and they do not
+     *  have a TOTP attribute set.  If this attribute is NULL, the user will
      *  be redirect to the internal error page.
      */
     private $not_configured_url = NULL;
@@ -72,7 +72,7 @@ public function __construct($config, $reserved) {
  secret_attr must be a string');
             }
         }
-        
+
         if (array_key_exists('not_configured_url', $config)) {
             $this->not_configured_url = $config['not_configured_url'];
             if (!is_string($config['not_configured_url'])) {
@@ -97,7 +97,8 @@ public function process(&$state) {
 
         $attributes =& $state['Attributes'];
 
-        if (array_key_exists($this->secret_attr, $attributes)) {
+        // check for secret_attr coming from user store and make sure it is not empty
+        if (array_key_exists($this->secret_attr, $attributes) && !empty($attributes[$this->secret_attr])) {
             $this->secret_val = $attributes[$this->secret_attr][0];
         }