X-Git-Url: https://git-public.kairo.at/?p=authserver.git;a=blobdiff_plain;f=app%2Fauthutils.php-class;h=17eb8da2a16e95639fb144978aaa5650f2ee22c2;hp=e76098c5a273d992297d0da07d42639d733e9d3a;hb=HEAD;hpb=8f7b10823e51dd606db15c845d8d92044dbec58e
diff --git a/app/authutils.php-class b/app/authutils.php-class
index e76098c..17eb8da 100755
--- a/app/authutils.php-class
+++ b/app/authutils.php-class
@@ -119,10 +119,14 @@ class AuthUtils {
if (!is_array($this->settings)) { throw new ErrorException('Authentication system settings not found', 0); }
// Sanitize settings.
- $this->settings['piwik_enabled'] = (@$this->settings['piwik_enabled']) ? true : false;
- $this->settings['piwik_site_id'] = intval(@$this->settings['piwik_site_id']);
- $this->settings['piwik_url'] = strlen(@$this->settings['piwik_url']) ? $this->settings['piwik_url'] : '/piwik/';
- $this->settings['piwik_tracker_path'] = strlen(@$this->settings['piwik_tracker_path']) ? $this->settings['piwik_tracker_path'] : '../vendor/piwik/piwik-php-tracker/';
+ $this->settings['piwik_enabled'] = $this->settings['piwik_enabled'] ?? false;
+ $this->settings['piwik_site_id'] = intval($this->settings['piwik_site_id'] ?? 0);
+ $this->settings['piwik_url'] = strlen($this->settings['piwik_url'] ?? '') ? $this->settings['piwik_url'] : '/matomo/';
+ $this->settings['piwik_tracker_path'] = strlen($this->settings['piwik_tracker_path'] ?? '') ? $this->settings['piwik_tracker_path'] : '../vendor/matomo/matomo-php-tracker/';
+ $this->settings['skin'] = (($this->settings['skin'] ?? false) && is_dir('skin/'.$this->settings['skin'])) ? $this->settings['skin'] : 'default';
+ $this->settings['operator_name'] = $this->settings['operator_name'] ?? 'Example';
+ $this->settings['operator_contact_url'] = $this->settings['operator_contact_url'] ?? 'https://github.com/KaiRo_at/authserver/';
+ $this->settings['info_from_email'] = $this->settings['info_from_email'] ?? 'noreply@example.com';
// Initialize database.
$config = new \Doctrine\DBAL\Configuration();
@@ -137,7 +141,7 @@ class AuthUtils {
$this->db->executeQuery('SET time_zone = "+00:00";'); // Make sure the DB runs on UTC for this connection.
// Update DB schema if needed (if the utils PHP file has been changed since we last checked the DB, we trigger the update functionality).
try {
- $last_log = $this->db->fetchColumn('SELECT time_logged FROM fs_log WHERE code = \'db_checked\' ORDER BY id DESC LIMIT 1', array(1), 0);
+ $last_log = $this->db->fetchColumn('SELECT time_logged FROM auth_log WHERE code = \'db_checked\' ORDER BY id DESC LIMIT 1', array(1), 0);
$utils_mtime = filemtime(__FILE__);
}
catch (Exception $e) {
@@ -206,7 +210,7 @@ class AuthUtils {
function initSession() {
$session = null;
- if (strlen(@$_COOKIE['sessionkey'])) {
+ if (strlen($_COOKIE['sessionkey'] ?? '')) {
// Fetch the session - or at least try to.
$result = $this->db->prepare('SELECT * FROM `auth_sessions` WHERE `sesskey` = :sesskey AND `time_expire` > :expire;');
$result->execute(array(':sesskey' => $_COOKIE['sessionkey'], ':expire' => gmdate('Y-m-d H:i:s')));
@@ -252,14 +256,16 @@ class AuthUtils {
}
else {
$utils->log('create_session_failure', 'at login, prev session: '.$session['id'].', new user: '.$userid);
- $errors[] = _('The session system is not working.').' '._('Please contact KaiRo.at and tell the team about this.');
+ $errors[] = _('The session system is not working.').' '
+ .sprintf(_('Please contact %s and tell the team about this.'), $this->settings['operator_contact_url'], $this->settings['operator_name']);
}
}
else {
$result = $this->db->prepare('UPDATE `auth_sessions` SET `sesskey` = :sesskey, `user` = :userid, `logged_in` = TRUE, `time_expire` = :expire WHERE `id` = :sessid;');
if (!$result->execute(array(':sesskey' => $sesskey, ':userid' => $userid, ':expire' => gmdate('Y-m-d H:i:s', strtotime('+1 day')), ':sessid' => $session['id']))) {
$utils->log('login_failure', 'session: '.$session['id'].', user: '.$userid);
- $errors[] = _('Login failed unexpectedly.').' '._('Please contact KaiRo.at and tell the team about this.');
+ $errors[] = _('Login failed unexpectedly.').' '
+ .sprintf(_('Please contact %s and tell the team about this.'), $this->settings['operator_contact_url'], $this->settings['operator_name']);
}
else {
// After update, actually fetch the session row from the DB so we have all values.
@@ -290,7 +296,7 @@ class AuthUtils {
function doRedirectIfSet($session) {
$success = false;
// If the session has a redirect set, make sure it's performed.
- if (strlen(@$session['saved_redirect'])) {
+ if (strlen($session['saved_redirect'] ?? '')) {
// Remove redirect.
$result = $this->db->prepare('UPDATE `auth_sessions` SET `saved_redirect` = :redir WHERE `id` = :sessid;');
if (!$result->execute(array(':redir' => '', ':sessid' => $session['id']))) {
@@ -307,7 +313,7 @@ class AuthUtils {
function resetRedirect($session) {
$success = false;
// If the session has a redirect set, remove it.
- if (strlen(@$session['saved_redirect'])) {
+ if (strlen($session['saved_redirect'] ?? '')) {
$result = $this->db->prepare('UPDATE `auth_sessions` SET `saved_redirect` = :redir WHERE `id` = :sessid;');
if (!$result->execute(array(':redir' => '', ':sessid' => $session['id']))) {
$this->log('redir_save_failure', 'session: '.$session['id'].', redirect: (empty)');
@@ -366,9 +372,9 @@ class AuthUtils {
$time = time();
$rest = is_null($offset)?($time % $valid_seconds):intval($offset); // T0, will be sent as part of code to make it valid for the full duration.
$counter = floor(($time - $rest) / $valid_seconds);
- $hmac = mhash(MHASH_SHA1, $counter, $session['id'].$session['sesskey']);
- $offset = hexdec(substr(bin2hex(substr($hmac, -1)), -1)); // Get the last 4 bits as a number.
- $totp = hexdec(bin2hex(substr($hmac, $offset, 4))) & 0x7FFFFFFF; // Take 4 bytes at the offset, discard highest bit.
+ $hmac_hex = hash_hmac('sha1', $counter, $session['id'].$session['sesskey']);
+ $offset = hexdec(substr($hmac_hex, -1)); // Get the last 4 bits as a number.
+ $totp = hexdec(substr($hmac_hex, $offset, 8)) & 0x7FFFFFFF; // Take 4 bytes (8 hex chars) at the offset, discard highest bit.
$totp_value = sprintf('%0'.$code_digits.'d', substr($totp, -$code_digits));
return $rest.'.'.$totp_value;
}
@@ -438,12 +444,17 @@ class AuthUtils {
function negotiateLocale($supportedLanguages) {
$nlocale = $supportedLanguages[0];
$headers = getAllHeaders();
- $accLcomp = explode(',', @$headers['Accept-Language']);
+ $accLcomp = explode(',', ($headers['Accept-Language'] ?? ''));
$accLang = array();
foreach ($accLcomp as $lcomp) {
if (strlen($lcomp)) {
$ldef = explode(';', $lcomp);
- $accLang[$ldef[0]] = (float)((strpos(@$ldef[1],'q=')===0)?substr($ldef[1],2):1);
+ if (count($ldef) > 1 && strpos($ldef[1], 'q=') === 0) {
+ $accLang[$ldef[0]] = substr($ldef[1], 2);
+ }
+ else {
+ $accLang[$ldef[0]] = 1;
+ }
}
}
if (count($accLang)) {
@@ -497,6 +508,12 @@ class AuthUtils {
// Add the "Refresh Token" grant type (required to get longer-living resource access by generating new access tokens)
$server->addGrantType(new OAuth2\GrantType\RefreshToken($oauth2_storage, array('always_issue_new_refresh_token' => true)));
+ // Add 'token' response type (mirroring what getDefaultResponseTypes is doing).
+ $server->addResponseType(new OAuth2\ResponseType\AccessToken($oauth2_storage, $oauth2_storage, $oauth2_config));
+
+ // Add 'code' response type (mirroring what getDefaultResponseTypes is doing).
+ $server->addResponseType(new OAuth2\ResponseType\AuthorizationCode($oauth2_storage));
+
return $server;
}
@@ -510,12 +527,19 @@ class AuthUtils {
$style = $head->appendElement('link');
$style->setAttribute('rel', 'stylesheet');
$style->setAttribute('href', 'authsystem.css');
+ $style = $head->appendElement('link');
+ $style->setAttribute('rel', 'stylesheet');
+ $style->setAttribute('href', 'skin/'.$settings['skin'].'/authskin.css');
$head->appendJSFile('authsystem.js');
if ($settings['piwik_enabled']) {
$head->setAttribute('data-piwiksite', $settings['piwik_site_id']);
$head->setAttribute('data-piwikurl', $settings['piwik_url']);
$head->appendJSFile('piwik.js', true, true);
}
+ $icon = $head->appendElement('link');
+ $icon->setAttribute('rel', 'shortcut icon');
+ $icon->setAttribute('href', 'skin/'.$settings['skin'].'/icon32.png');
+ $icon->setAttribute('type', 'image/png');
$title->appendText($titletext);
$h1 = $body->appendElement('h1', $headlinetext);
@@ -550,7 +574,7 @@ class AuthUtils {
$ulist = $form->appendElement('ul');
$ulist->setAttribute('class', 'flat login');
$litem = $ulist->appendElement('li');
- $inptxt = $litem->appendInputEmail('email', 30, 20, 'login_email', (intval(@$user['id'])?$user['email']:''));
+ $inptxt = $litem->appendInputEmail('email', 30, 20, 'login_email', (intval($user['id'] ?? 0) ? $user['email'] : ''));
$inptxt->setAttribute('autocomplete', 'email');
$inptxt->setAttribute('required', '');
$inptxt->setAttribute('placeholder', _('Email'));
@@ -597,7 +621,7 @@ class AuthUtils {
$table->addColumn('logged_in', 'boolean', array('notnull' => true, 'default' => false));
$table->addColumn('time_created', 'datetime', array('notnull' => true, 'default' => 'CURRENT_TIMESTAMP'));
$table->addColumn('time_expire', 'datetime', array('notnull' => true, 'default' => 'CURRENT_TIMESTAMP'));
- $table->addColumn('saved_redirect', 'string', array('length' => 255, 'notnull' => true, 'default' => ''));
+ $table->addColumn('saved_redirect', 'string', array('length' => 2000, 'notnull' => true, 'default' => ''));
$table->setPrimaryKey(array('id'), 'id');
$table->addIndex(array('sesskey'), 'sesskey');
$table->addIndex(array('time_expire'), 'time_expire');
@@ -609,6 +633,8 @@ class AuthUtils {
$table->addColumn('status', 'string', array('length' => 20, 'notnull' => true, 'default' => 'unverified'));
$table->addColumn('verify_hash', 'string', array('length' => 150, 'notnull' => false, 'default' => null));
$table->addColumn('group_id', 'integer', array('unsigned' => true, 'notnull' => true, 'default' => 0));
+ $table->addColumn('hcheck_question', 'string', array('length' => 100, 'notnull' => false, 'default' => null));
+ $table->addColumn('hcheck_solution', 'string', array('length' => 20, 'notnull' => false, 'default' => null));
$table->setPrimaryKey(array('id'), 'id');
$table->addUniqueIndex(array('email'), 'email');