X-Git-Url: https://git-public.kairo.at/?a=blobdiff_plain;ds=sidebyside;f=app%2Fauthutils.php-class;h=17eb8da2a16e95639fb144978aaa5650f2ee22c2;hb=HEAD;hp=447a744857846cb93ccaa73e338a2ed9e3d58a67;hpb=651356998ad790ee2c059419f2b21568ae3e644d;p=authserver.git

diff --git a/app/authutils.php-class b/app/authutils.php-class
index 447a744..0bd4eb8 100755
--- a/app/authutils.php-class
+++ b/app/authutils.php-class
@@ -372,9 +372,9 @@ class AuthUtils {
     $time = time();
     $rest = is_null($offset)?($time % $valid_seconds):intval($offset); // T0, will be sent as part of code to make it valid for the full duration.
     $counter = floor(($time - $rest) / $valid_seconds);
-    $hmac = mhash(MHASH_SHA1, $counter, $session['id'].$session['sesskey']);
-    $offset = hexdec(substr(bin2hex(substr($hmac, -1)), -1)); // Get the last 4 bits as a number.
-    $totp = hexdec(bin2hex(substr($hmac, $offset, 4))) & 0x7FFFFFFF; // Take 4 bytes at the offset, discard highest bit.
+    $hmac_hex = hash_hmac('sha1', $counter, $session['id'].$session['sesskey']);
+    $offset = hexdec(substr($hmac_hex, -1)); // Get the last 4 bits as a number.
+    $totp = hexdec(substr($hmac_hex, $offset, 8)) & 0x7FFFFFFF; // Take 4 bytes (8 hex chars) at the offset, discard highest bit.
     $totp_value = sprintf('%0'.$code_digits.'d', substr($totp, -$code_digits));
     return $rest.'.'.$totp_value;
   }
@@ -633,6 +633,8 @@ class AuthUtils {
     $table->addColumn('status', 'string', array('length' => 20, 'notnull' => true, 'default' => 'unverified'));
     $table->addColumn('verify_hash', 'string', array('length' => 150, 'notnull' => false, 'default' => null));
     $table->addColumn('group_id', 'integer', array('unsigned' => true, 'notnull' => true, 'default' => 0));
+    $table->addColumn('hcheck_question', 'string', array('length' => 100, 'notnull' => false, 'default' => null));
+    $table->addColumn('hcheck_solution', 'string', array('length' => 20, 'notnull' => false, 'default' => null));
     $table->setPrimaryKey(array('id'), 'id');
     $table->addUniqueIndex(array('email'), 'email');
 
@@ -651,45 +653,52 @@ class AuthUtils {
     $table->addColumn('client_secret', 'string', array('length' => 80, 'notnull' => false));
     $table->addColumn('redirect_uri', 'string', array('length' => 2000, 'notnull' => true));
     $table->addColumn('grant_types', 'string', array('length' => 80, 'notnull' => false));
-    $table->addColumn('scope', 'string', array('length' => 100, 'notnull' => false));
+    $table->addColumn('scope', 'string', array('length' => 4000, 'notnull' => false));
     $table->addColumn('user_id', 'string', array('length' => 80, 'notnull' => false));
     $table->setPrimaryKey(array('client_id'), 'clients_client_id_pk');
 
     $table = $schema->createTable('oauth_access_tokens');
     $table->addColumn('access_token', 'string', array('length' => 40, 'notnull' => true));
     $table->addColumn('client_id', 'string', array('length' => 80, 'notnull' => true));
-    $table->addColumn('user_id', 'string', array('length' => 255, 'notnull' => false));
+    $table->addColumn('user_id', 'string', array('length' => 80, 'notnull' => false));
     $table->addColumn('expires', 'datetime', array('notnull' => true));
-    $table->addColumn('scope', 'string', array('length' => 2000, 'notnull' => false));
+    $table->addColumn('scope', 'string', array('length' => 4000, 'notnull' => false));
     $table->setPrimaryKey(array('access_token'), 'access_token_pk');
 
     $table = $schema->createTable('oauth_authorization_codes');
     $table->addColumn('authorization_code', 'string', array('length' => 40, 'notnull' => true));
     $table->addColumn('client_id', 'string', array('length' => 80, 'notnull' => true));
-    $table->addColumn('user_id', 'string', array('length' => 255, 'notnull' => false));
+    $table->addColumn('user_id', 'string', array('length' => 80, 'notnull' => false));
     $table->addColumn('redirect_uri', 'string', array('length' => 2000, 'notnull' => false));
     $table->addColumn('expires', 'datetime', array('notnull' => true));
-    $table->addColumn('scope', 'string', array('length' => 2000, 'notnull' => false));
+    $table->addColumn('scope', 'string', array('length' => 4000, 'notnull' => false));
+    $table->addColumn('id_token', 'string', array('length' => 1000, 'notnull' => false));
+    $table->addColumn('code_challenge', 'string', array('length' => 1000, 'notnull' => false));
+    $table->addColumn('code_challenge_method', 'string', array('length' => 20, 'notnull' => false));
     $table->setPrimaryKey(array('authorization_code'), 'auth_code_pk');
 
     $table = $schema->createTable('oauth_refresh_tokens');
     $table->addColumn('refresh_token', 'string', array('length' => 40, 'notnull' => true));
     $table->addColumn('client_id', 'string', array('length' => 80, 'notnull' => true));
-    $table->addColumn('user_id', 'string', array('length' => 255, 'notnull' => false));
+    $table->addColumn('user_id', 'string', array('length' => 80, 'notnull' => false));
     $table->addColumn('expires', 'datetime', array('notnull' => true));
-    $table->addColumn('scope', 'string', array('length' => 2000, 'notnull' => false));
+    $table->addColumn('scope', 'string', array('length' => 4000, 'notnull' => false));
     $table->setPrimaryKey(array('refresh_token'), 'refresh_token_pk');
 
     $table = $schema->createTable('oauth_users');
-    $table->addColumn('username', 'string', array('length' => 255, 'notnull' => true));
-    $table->addColumn('password', 'string', array('length' => 2000, 'notnull' => false));
-    $table->addColumn('first_name', 'string', array('length' => 255, 'notnull' => false));
-    $table->addColumn('last_name', 'string', array('length' => 255, 'notnull' => false));
+    $table->addColumn('username', 'string', array('length' => 80, 'notnull' => true));
+    $table->addColumn('password', 'string', array('length' => 80, 'notnull' => false));
+    $table->addColumn('first_name', 'string', array('length' => 80, 'notnull' => false));
+    $table->addColumn('last_name', 'string', array('length' => 80, 'notnull' => false));
+    $table->addColumn('email', 'string', array('length' => 80, 'notnull' => false));
+    $table->addColumn('email_verified', 'boolean', array('notnull' => true, 'default' => false));
+    $table->addColumn('scope', 'string', array('length' => 4000, 'notnull' => false));
     $table->setPrimaryKey(array('username'), 'username_pk');
 
     $table = $schema->createTable('oauth_scopes');
-    $table->addColumn('scope', 'text', array('notnull' => false));
+    $table->addColumn('scope', 'string', array('length' => 80, 'notnull' => false));
     $table->addColumn('is_default', 'boolean', array('notnull' => false));
+    $table->setPrimaryKey(array('scope'), 'scope_pk');
 
     $table = $schema->createTable('oauth_jwt');
     $table->addColumn('client_id', 'string', array('length' => 80, 'notnull' => true));