X-Git-Url: https://git-public.kairo.at/?a=blobdiff_plain;f=app%2Fauthutils.php-class;h=81ae2a7fdc9fb47df2b16d53e3d93bc75997d064;hb=3326e113e700d112457eb248735889699df6ee32;hp=d901669320cf86d946e673ee0b7ed43e03ca011a;hpb=3f24953f10063243a61eb2f9ddcb3e8888f96147;p=authserver.git diff --git a/app/authutils.php-class b/app/authutils.php-class index d901669..81ae2a7 100755 --- a/app/authutils.php-class +++ b/app/authutils.php-class @@ -119,14 +119,14 @@ class AuthUtils { if (!is_array($this->settings)) { throw new ErrorException('Authentication system settings not found', 0); } // Sanitize settings. - $this->settings['piwik_enabled'] = (@$this->settings['piwik_enabled']) ? true : false; - $this->settings['piwik_site_id'] = intval(@$this->settings['piwik_site_id']); - $this->settings['piwik_url'] = strlen(@$this->settings['piwik_url']) ? $this->settings['piwik_url'] : '/piwik/'; - $this->settings['piwik_tracker_path'] = strlen(@$this->settings['piwik_tracker_path']) ? $this->settings['piwik_tracker_path'] : '../vendor/piwik/piwik-php-tracker/'; - $this->settings['skin'] = (@$this->settings['skin'] && is_dir('skin/'.$this->settings['skin'])) ? $this->settings['skin'] : 'default'; - $this->settings['operator_name'] = (@$this->settings['operator_name']) ? $this->settings['operator_name'] : 'AuthServer'; - $this->settings['operator_contact_url'] = (@$this->settings['operator_contact_url']) ? $this->settings['operator_contact_url'] : 'https://github.com/KaiRo_at/authserver/'; - $this->settings['info_from_email'] = (@$this->settings['info_from_email']) ? $this->settings['info_from_email'] : 'noreply@example.com'; + $this->settings['piwik_enabled'] = $this->settings['piwik_enabled'] ?? false; + $this->settings['piwik_site_id'] = intval($this->settings['piwik_site_id'] ?? 0); + $this->settings['piwik_url'] = strlen($this->settings['piwik_url'] ?? '') ? $this->settings['piwik_url'] : '/matomo/'; + $this->settings['piwik_tracker_path'] = strlen($this->settings['piwik_tracker_path'] ?? '') ? $this->settings['piwik_tracker_path'] : '../vendor/matomo/matomo-php-tracker/'; + $this->settings['skin'] = (($this->settings['skin'] ?? false) && is_dir('skin/'.$this->settings['skin'])) ? $this->settings['skin'] : 'default'; + $this->settings['operator_name'] = $this->settings['operator_name'] ?? 'Example'; + $this->settings['operator_contact_url'] = $this->settings['operator_contact_url'] ?? 'https://github.com/KaiRo_at/authserver/'; + $this->settings['info_from_email'] = $this->settings['info_from_email'] ?? 'noreply@example.com'; // Initialize database. $config = new \Doctrine\DBAL\Configuration(); @@ -141,7 +141,7 @@ class AuthUtils { $this->db->executeQuery('SET time_zone = "+00:00";'); // Make sure the DB runs on UTC for this connection. // Update DB schema if needed (if the utils PHP file has been changed since we last checked the DB, we trigger the update functionality). try { - $last_log = $this->db->fetchColumn('SELECT time_logged FROM fs_log WHERE code = \'db_checked\' ORDER BY id DESC LIMIT 1', array(1), 0); + $last_log = $this->db->fetchColumn('SELECT time_logged FROM auth_log WHERE code = \'db_checked\' ORDER BY id DESC LIMIT 1', array(1), 0); $utils_mtime = filemtime(__FILE__); } catch (Exception $e) { @@ -210,7 +210,7 @@ class AuthUtils { function initSession() { $session = null; - if (strlen(@$_COOKIE['sessionkey'])) { + if (strlen($_COOKIE['sessionkey'] ?? '')) { // Fetch the session - or at least try to. $result = $this->db->prepare('SELECT * FROM `auth_sessions` WHERE `sesskey` = :sesskey AND `time_expire` > :expire;'); $result->execute(array(':sesskey' => $_COOKIE['sessionkey'], ':expire' => gmdate('Y-m-d H:i:s'))); @@ -296,7 +296,7 @@ class AuthUtils { function doRedirectIfSet($session) { $success = false; // If the session has a redirect set, make sure it's performed. - if (strlen(@$session['saved_redirect'])) { + if (strlen($session['saved_redirect'] ?? '')) { // Remove redirect. $result = $this->db->prepare('UPDATE `auth_sessions` SET `saved_redirect` = :redir WHERE `id` = :sessid;'); if (!$result->execute(array(':redir' => '', ':sessid' => $session['id']))) { @@ -313,7 +313,7 @@ class AuthUtils { function resetRedirect($session) { $success = false; // If the session has a redirect set, remove it. - if (strlen(@$session['saved_redirect'])) { + if (strlen($session['saved_redirect'] ?? '')) { $result = $this->db->prepare('UPDATE `auth_sessions` SET `saved_redirect` = :redir WHERE `id` = :sessid;'); if (!$result->execute(array(':redir' => '', ':sessid' => $session['id']))) { $this->log('redir_save_failure', 'session: '.$session['id'].', redirect: (empty)'); @@ -372,9 +372,9 @@ class AuthUtils { $time = time(); $rest = is_null($offset)?($time % $valid_seconds):intval($offset); // T0, will be sent as part of code to make it valid for the full duration. $counter = floor(($time - $rest) / $valid_seconds); - $hmac = mhash(MHASH_SHA1, $counter, $session['id'].$session['sesskey']); - $offset = hexdec(substr(bin2hex(substr($hmac, -1)), -1)); // Get the last 4 bits as a number. - $totp = hexdec(bin2hex(substr($hmac, $offset, 4))) & 0x7FFFFFFF; // Take 4 bytes at the offset, discard highest bit. + $hmac_hex = hash_hmac('sha1', $counter, $session['id'].$session['sesskey']); + $offset = hexdec(substr($hmac_hex, -1)); // Get the last 4 bits as a number. + $totp = hexdec(substr($hmac_hex, $offset, 8)) & 0x7FFFFFFF; // Take 4 bytes (8 hex chars) at the offset, discard highest bit. $totp_value = sprintf('%0'.$code_digits.'d', substr($totp, -$code_digits)); return $rest.'.'.$totp_value; } @@ -444,12 +444,17 @@ class AuthUtils { function negotiateLocale($supportedLanguages) { $nlocale = $supportedLanguages[0]; $headers = getAllHeaders(); - $accLcomp = explode(',', @$headers['Accept-Language']); + $accLcomp = explode(',', ($headers['Accept-Language'] ?? '')); $accLang = array(); foreach ($accLcomp as $lcomp) { if (strlen($lcomp)) { $ldef = explode(';', $lcomp); - $accLang[$ldef[0]] = (float)((strpos(@$ldef[1],'q=')===0)?substr($ldef[1],2):1); + if (count($ldef) > 1 && strpos($ldef[1], 'q=') === 0) { + $accLang[$ldef[0]] = substr($ldef[1], 2); + } + else { + $accLang[$ldef[0]] = 1; + } } } if (count($accLang)) { @@ -503,6 +508,12 @@ class AuthUtils { // Add the "Refresh Token" grant type (required to get longer-living resource access by generating new access tokens) $server->addGrantType(new OAuth2\GrantType\RefreshToken($oauth2_storage, array('always_issue_new_refresh_token' => true))); + // Add 'token' response type (mirroring what getDefaultResponseTypes is doing). + $server->addResponseType(new OAuth2\ResponseType\AccessToken($oauth2_storage, $oauth2_storage, $oauth2_config)); + + // Add 'code' response type (mirroring what getDefaultResponseTypes is doing). + $server->addResponseType(new OAuth2\ResponseType\AuthorizationCode($oauth2_storage)); + return $server; } @@ -563,7 +574,7 @@ class AuthUtils { $ulist = $form->appendElement('ul'); $ulist->setAttribute('class', 'flat login'); $litem = $ulist->appendElement('li'); - $inptxt = $litem->appendInputEmail('email', 30, 20, 'login_email', (intval(@$user['id'])?$user['email']:'')); + $inptxt = $litem->appendInputEmail('email', 30, 20, 'login_email', (intval($user['id'] ?? 0) ? $user['email'] : '')); $inptxt->setAttribute('autocomplete', 'email'); $inptxt->setAttribute('required', ''); $inptxt->setAttribute('placeholder', _('Email')); @@ -610,7 +621,7 @@ class AuthUtils { $table->addColumn('logged_in', 'boolean', array('notnull' => true, 'default' => false)); $table->addColumn('time_created', 'datetime', array('notnull' => true, 'default' => 'CURRENT_TIMESTAMP')); $table->addColumn('time_expire', 'datetime', array('notnull' => true, 'default' => 'CURRENT_TIMESTAMP')); - $table->addColumn('saved_redirect', 'string', array('length' => 255, 'notnull' => true, 'default' => '')); + $table->addColumn('saved_redirect', 'string', array('length' => 2000, 'notnull' => true, 'default' => '')); $table->setPrimaryKey(array('id'), 'id'); $table->addIndex(array('sesskey'), 'sesskey'); $table->addIndex(array('time_expire'), 'time_expire');