create an API to retrieve emails and set new clients, add very rudimentary client...

[authserver.git] / authutils.php-class

diff --git a/authutils.php-class b/authutils.php-class
index 4d5680a5264b4402bd80ffce5e9bcd37aa6b352a..dc06a7f7547ab17cabfce789fe2c1624de47b477 100755 (executable)
--- a/authutils.php-class
+++ b/authutils.php-class
@@ -18,6 +18,9 @@ class AuthUtils {
   // public $running_on_localhost
   //   A boolean telling if the system is running on localhost (where https is not required).
   //
+  // public $client_reg_email_whitelist
+  //   An array of emails that are whitelisted for registering clients.
+  //
   // private $pwd_cost
   //   The cost parameter for use with PHP password_hash function.
   //
@@ -46,6 +49,9 @@ class AuthUtils {
   // function createVerificationCode()
   //   Return a random acount/email verification code.
   //
+  // function createClientSecret()
+  //   Return a random client secret.
+  //
   // function createTimeCode($session, [$offset], [$validity_minutes])
   //   Return a time-based code based on the key and ID of the given session.
   //     An offset can be given to create a specific code for verification, otherwise and offset will be generated.
@@ -82,6 +88,7 @@ class AuthUtils {
 
   public $db = null;
   public $running_on_localhost = false;
+  public $client_reg_email_whitelist = array('kairo@kairo.at', 'com@kairo.at');
   private $pwd_cost = 10;
   private $pwd_nonces = array();
 
@@ -166,6 +173,10 @@ class AuthUtils {
     return bin2hex(openssl_random_pseudo_bytes(512 / 8)); // Get 512 bits of randomness (128 byte hex string).
   }
 
+  function createClientSecret() {
+    return bin2hex(openssl_random_pseudo_bytes(160 / 8)); // Get 160 bits of randomness (40 byte hex string).
+  }
+
   function createTimeCode($session, $offset = null, $validity_minutes = 10) {
     // Matches TOTP algorithms, see https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm
     $valid_seconds = intval($validity_minutes) * 60;