Skip to content

Commit

Permalink
JWT, Binary, Hexa and Validator bugs fixing
Browse files Browse the repository at this point in the history
  • Loading branch information
Steeven Andrian committed Mar 2, 2020
1 parent 3ec9264 commit 7ef5629
Show file tree
Hide file tree
Showing 5 changed files with 137 additions and 131 deletions.
3 changes: 2 additions & 1 deletion src/Authentication/JsonWebToken.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -191,8 +191,9 @@ public function decode($token, $key = null)

return false;
}

// Check if this token has expired.
if (isset($payload->exp) && ($timestamp - $this->leeway) >= $payload->exp) {
if (isset($payload->exp) && ($timestamp - $this->leeway) >= strtotime($payload->exp)) {
$this->errors[] = 'Expired token';

return false;
Expand Down
139 changes: 18 additions & 121 deletions src/Authentication/User.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
// ------------------------------------------------------------------------

use O2System\Cache\Item;
use O2System\Spl\DataStructures\SplArrayObject;
use O2System\Spl\Traits\Collectors\ConfigCollectorTrait;
use Psr\Cache\CacheItemPoolInterface;

Expand All @@ -35,13 +36,13 @@ class User
public function __construct()
{
$this->setConfig([
'password' => [
'password' => [
'algorithm' => PASSWORD_DEFAULT,
'options' => [],
'options' => [],
],
'msisdnRegex' => '/^\+[1-9]{1}[0-9]{3,14}$/',
'maxAttempts' => 5,
'sso' => [
'sso' => [
'enable' => false,
'server' => base_url(),
],
Expand Down Expand Up @@ -95,8 +96,8 @@ public function passwordRehash($password)
{
if (password_needs_rehash(
$password,
$this->config[ 'password' ][ 'algorithm' ],
$this->config[ 'password' ][ 'options' ]
$this->config['password']['algorithm'],
$this->config['password']['options']
)) {
return $this->passwordHash($password);
}
Expand All @@ -117,8 +118,8 @@ public function passwordHash($password)
{
return password_hash(
$password,
$this->config[ 'password' ][ 'algorithm' ],
$this->config[ 'password' ][ 'options' ]
$this->config['password']['algorithm'],
$this->config['password']['options']
);
}

Expand All @@ -144,7 +145,7 @@ public function passwordVerify($password, $hash)
*/
public function attempt()
{
$_SESSION[ 'userAttempts' ] = $this->getAttempts() + 1;
$_SESSION['userAttempts'] = $this->getAttempts() + 1;
}

// ------------------------------------------------------------------------
Expand All @@ -157,64 +158,15 @@ public function attempt()
public function getAttempts()
{
$currentAttempts = 0;
if (isset($_SESSION[ 'userAttempts' ])) {
$currentAttempts = (int)$_SESSION[ 'userAttempts' ];
if (isset($_SESSION['userAttempts'])) {
$currentAttempts = (int)$_SESSION['userAttempts'];
}

return (int)$currentAttempts;
}

// ------------------------------------------------------------------------

/**
* User::login
*
* @param array $account
*/
public function login(array $account)
{
$_SESSION[ 'account' ] = $account;
unset($_SESSION[ 'userAttempts' ]);
}

// ------------------------------------------------------------------------

/**
* User::signOn
*
* @param array $account
*
* @throws \Exception
*/
public function signOn(array $account)
{
$cacheItemPool = $this->getCacheItemPool();
$virtualUserId = md5(json_encode($account) . mt_srand() . time());
$cacheItemPool->save(new Item('sso-' . $virtualUserId, $account, false));

set_cookie('ssid', $virtualUserId);
}

// ------------------------------------------------------------------------

/**
* User::getCacheItemPool
*
* @return CacheItemPoolInterface
*/
protected function getCacheItemPool()
{
$cacheItemPool = cache()->getObject('default');

if (cache()->exists('sso')) {
$cacheItemPool = cache()->getObject('sso');
}

return $cacheItemPool;
}

// ------------------------------------------------------------------------

/**
* User::loggedIn
*
Expand All @@ -223,11 +175,7 @@ protected function getCacheItemPool()
*/
public function loggedIn()
{
if (isset($_SESSION[ 'account' ])) {
return true;
} elseif($this->tokenOn()) {
return true;
} elseif ($this->signedOn()) {
if (isset($_SESSION['account'])) {
return true;
}

Expand All @@ -237,46 +185,13 @@ public function loggedIn()
// ------------------------------------------------------------------------

/**
* User::tokenOn
*/
public function tokenOn()
{
if(false !== ($token = input()->bearerToken())) {
$_SESSION['account'] = (new JsonWebToken())->decode($token);

globals()->store('account', $_SESSION['account']);

return true;
}

return false;
}

// ------------------------------------------------------------------------

/**
* User::signedOn
* AccessControl::login
*
* @return bool
* @throws \Psr\Cache\InvalidArgumentException
* @param array $account
*/
public function signedOn()
public function login(array $account)
{
if ($virtualUserId = input()->cookie('ssid')) {
$cacheItemPool = $this->getCacheItemPool();

if($cacheItemPool->hasItem('sso-' . $virtualUserId)) {

$item = $cacheItemPool->getItem('sso-' . input()->cookie('ssid'));
$_SESSION['account'] = $item->get();

globals()->store('account', $_SESSION['account']);

return true;
}
}

return false;
$_SESSION['account'] = $account;
}

// ------------------------------------------------------------------------
Expand All @@ -286,26 +201,8 @@ public function signedOn()
*/
public function logout()
{
$this->signOff();

if (isset($_SESSION[ 'account' ])) {
unset($_SESSION[ 'account' ]);
}
}

// ------------------------------------------------------------------------

/**
* User::signOff
*
* @throws \Psr\Cache\InvalidArgumentException
*/
public function signOff()
{
if ($virtualUserId = input()->cookie('ssid')) {
$cacheItemPool = $this->getCacheItemPool();
$cacheItemPool->deleteItem('sso-' . $virtualUserId);
delete_cookie('ssid');
if (isset($_SESSION['account'])) {
unset($_SESSION['account']);
}
}
}
1 change: 1 addition & 0 deletions src/Encryptions/Binary.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ class Binary
* @var array
*/
private static $charactersMap = [];

/**
* Binary::$crypt
*
Expand Down
106 changes: 106 additions & 0 deletions src/Encryptions/Hexadecimal.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
<?php
/**
* This file is part of the O2System Framework package.
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @author Steeve Andrian Salim
* @copyright Copyright (c) Steeve Andrian Salim
*/

// ------------------------------------------------------------------------

namespace O2System\Security\Encryptions;

// ------------------------------------------------------------------------

/**
* Class Hexadecimal
* @package O2System\Security\Encryptions
*/
class Hexadecimal
{
/**
* Binary::$crypt
*
* Crypt instance.
*
* @var Crypt
*/
private $crypt;

// ------------------------------------------------------------------------

/**
* Binary::__construct
*/
public function __construct()
{
$this->crypt = new Crypt();
}

// ------------------------------------------------------------------------

/**
* Hexadecimal::encrypt
*
* Encrypt string into numbers.
*
* @param string $string String to be encrypted.
*
* @return string
*/
public function encrypt($string)
{
$dec = [];
$hex = str_split($this->crypt->encrypt($string), 4);

foreach ($hex as $char) {
$dec[] = str_pad(hexdec($char), 5, '0', STR_PAD_LEFT);
}

return implode('', $dec);
}

// ------------------------------------------------------------------------

/**
* Hexadecimal::decrypt
*
* Decrypt numbers.
*
* @param string $string String to be decrypted.
*
* @return string
*/
public function decrypt($string)
{
$hex = [];
$dec = str_split($string, 5);

foreach ($dec as $char) {
$hex[] = str_pad(dechex($char), 4, '0', STR_PAD_LEFT);
}

return implode('', $hex);
}

// ------------------------------------------------------------------------

/**
* Hexadecimal::setKey
*
* Sets numeric encryption protection key.
*
* @param string $key Custom encryption key.
*
* @return static
*/
public function setKey($key)
{
$this->crypt->setKey($key);

return $this;
}
}
19 changes: 10 additions & 9 deletions src/Form/Validator.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -360,12 +360,14 @@ protected function processRules(string $field, string $label = null, $value, $ru

if ( ! $callable && preg_match('/(.*?)\[(.*)\]/', $rule, $match)) {
$rule = $match[ 1 ];
$params = $match[ 2 ];
if (is_array($match[ 2 ])) {
$params = array_merge([$value], $match[ 2 ]);
} else {
$params = [$value, $match[ 2 ]];
}
}

if ($params) {
$params = array_merge([$value], $params);
} else {
if (empty($params)) {
$params = [$value];
}

Expand All @@ -384,8 +386,7 @@ protected function processRules(string $field, string $label = null, $value, $ru
$error = $this->customErrors[ $field ][ $rule ];
}

$this->errors[ $field ] = is_null($error) ? $this->getErrorMessage($rule, $field, $label,
$params) : $error;
$this->errors[ $field ] = is_null($error) ? $this->getErrorMessage($rule, $field, $label, $value) : $error;

return false;
}
Expand Down Expand Up @@ -443,11 +444,11 @@ public function getError(string $field = null): string
* @param string $rule
* @param string $field
* @param string|null $label
* @param string $param
* @param string $value
*
* @return string
*/
protected function getErrorMessage(string $rule, string $field, string $label = null, string $param = null): string
protected function getErrorMessage(string $rule, string $field, string $label = null, string $value = null): string
{
// Check if custom message has been defined by user
if (isset($this->customErrors[ $field ][ $rule ])) {
Expand All @@ -460,7 +461,7 @@ protected function getErrorMessage(string $rule, string $field, string $label =
}

$message = str_replace('{field}', $label ?? $field, $message);
$message = str_replace('{param}', $this->rules[ $param ][ 'label' ] ?? $param, $message);
$message = str_replace('{value}', $value ?? null, $message);

return $message;
}
Expand Down

0 comments on commit 7ef5629

Please sign in to comment.