1 | <?php |
||||
2 | namespace Elgg; |
||||
3 | /** |
||||
4 | * \Elgg\PersistentLoginService |
||||
5 | * |
||||
6 | * If a user selects a persistent login, a long, random token is generated and stored in the cookie |
||||
7 | * called "elggperm", and a hash of the token is stored in the DB. If the user's PHP session expires, |
||||
8 | * the session boot sequence will try to log the user in via the token in the cookie. |
||||
9 | * |
||||
10 | * Before Elgg 1.9, the token hashes were stored as "code" in the users_entity table. |
||||
11 | * |
||||
12 | * In Elgg 1.9, the token hashes are stored as "code" in the users_remember_me_cookies |
||||
13 | * table, allowing multiple browsers to maintain persistent logins. |
||||
14 | * |
||||
15 | * @todo Rename the "code" DB column to "hash" |
||||
16 | * |
||||
17 | * Legacy notes: This feature used to be called "remember me"; confusingly, both the tokens and the |
||||
18 | * hashes were called "codes"; old tokens were hexadecimal and lower entropy; new tokens are |
||||
19 | * base64 URL and always begin with the letter "z"; the boot sequence replaces old tokens whenever |
||||
20 | * possible. |
||||
21 | * |
||||
22 | * @package Elgg.Core |
||||
23 | * |
||||
24 | * @access private |
||||
25 | */ |
||||
26 | class PersistentLoginService { |
||||
27 | |||||
28 | /** |
||||
29 | * Constructor |
||||
30 | * |
||||
31 | * @param Database $db The DB service |
||||
32 | * @param \ElggSession $session The Elgg session |
||||
33 | * @param \ElggCrypto $crypto The cryptography service |
||||
34 | * @param array $cookie_config The persistent login cookie settings |
||||
35 | * @param string $cookie_token The token from the request cookie |
||||
36 | * @param int $time The current time |
||||
37 | */ |
||||
38 | 4417 | public function __construct( |
|||
39 | Database $db, |
||||
40 | \ElggSession $session, |
||||
41 | \ElggCrypto $crypto, |
||||
42 | array $cookie_config, |
||||
43 | $cookie_token, |
||||
44 | $time = null) { |
||||
45 | 4417 | $this->db = $db; |
|||
46 | 4417 | $this->session = $session; |
|||
47 | 4417 | $this->crypto = $crypto; |
|||
48 | 4417 | $this->cookie_config = $cookie_config; |
|||
49 | 4417 | $this->cookie_token = $cookie_token; |
|||
50 | |||||
51 | 4417 | $prefix = $this->db->prefix; |
|||
52 | 4417 | $this->table = "{$prefix}users_remember_me_cookies"; |
|||
53 | 4417 | $this->time = is_numeric($time) ? (int) $time : time(); |
|||
54 | 4417 | } |
|||
55 | |||||
56 | /** |
||||
57 | * Make the user's login persistent |
||||
58 | * |
||||
59 | * @param \ElggUser $user The user who logged in |
||||
60 | * |
||||
61 | * @return void |
||||
62 | */ |
||||
63 | 3 | public function makeLoginPersistent(\ElggUser $user) { |
|||
64 | 3 | $token = $this->generateToken(); |
|||
65 | 3 | $hash = $this->hashToken($token); |
|||
66 | |||||
67 | 3 | $this->storeHash($user, $hash); |
|||
68 | 3 | $this->setCookie($token); |
|||
69 | 3 | $this->setSession($token); |
|||
70 | 3 | } |
|||
71 | |||||
72 | /** |
||||
73 | * Remove the persisted login token from client and server |
||||
74 | * |
||||
75 | * @return void |
||||
76 | */ |
||||
77 | 2 | public function removePersistentLogin() { |
|||
78 | 2 | if ($this->cookie_token) { |
|||
79 | 1 | $client_hash = $this->hashToken($this->cookie_token); |
|||
80 | 1 | $this->removeHash($client_hash); |
|||
81 | } |
||||
82 | |||||
83 | 2 | $this->setCookie(""); |
|||
84 | 2 | $this->setSession(""); |
|||
85 | 2 | } |
|||
86 | |||||
87 | /** |
||||
88 | * Handle a password change |
||||
89 | * |
||||
90 | * @param \ElggUser $subject The user whose password changed |
||||
91 | * @param \ElggUser $modifier The user who changed the password |
||||
92 | * |
||||
93 | * @return void |
||||
94 | */ |
||||
95 | 3 | public function handlePasswordChange(\ElggUser $subject, \ElggUser $modifier = null) { |
|||
96 | 3 | $this->removeAllHashes($subject); |
|||
97 | 3 | if (!$modifier || ($modifier->guid !== $subject->guid) || !$this->cookie_token) { |
|||
98 | 2 | return; |
|||
99 | } |
||||
100 | |||||
101 | 1 | $this->makeLoginPersistent($modifier); |
|||
102 | 1 | } |
|||
103 | |||||
104 | /** |
||||
105 | * Boot the persistent login session, possibly returning the user who should be |
||||
106 | * silently logged in. |
||||
107 | * |
||||
108 | * @return \ElggUser|null |
||||
109 | */ |
||||
110 | 4777 | public function bootSession() { |
|||
111 | 4777 | if (!$this->cookie_token) { |
|||
112 | 4777 | return null; |
|||
113 | } |
||||
114 | |||||
115 | // is this token good? |
||||
116 | 3 | $cookie_hash = $this->hashToken($this->cookie_token); |
|||
117 | 3 | $user = $this->getUserFromHash($cookie_hash); |
|||
118 | 3 | if ($user) { |
|||
119 | 1 | $this->setSession($this->cookie_token); |
|||
120 | // note: if the token is legacy, we don't both replacing it here because |
||||
121 | // it will be replaced during the next request boot |
||||
122 | 1 | return $user; |
|||
0 ignored issues
–
show
Bug
Best Practice
introduced
by
Loading history...
|
|||||
123 | } else { |
||||
124 | 2 | if ($this->isLegacyToken($this->cookie_token)) { |
|||
125 | // may be attempt to brute force legacy low-entropy tokens |
||||
126 | 1 | call_user_func($this->_callable_sleep, 1); |
|||
127 | } |
||||
128 | 2 | $this->setCookie(''); |
|||
129 | } |
||||
130 | 2 | } |
|||
131 | |||||
132 | /** |
||||
133 | * Replace the user's token if it's a legacy hexadecimal token |
||||
134 | * |
||||
135 | * @param \ElggUser $logged_in_user The logged in user |
||||
136 | * |
||||
137 | * @return void |
||||
138 | */ |
||||
139 | 3 | public function replaceLegacyToken(\ElggUser $logged_in_user) { |
|||
140 | 3 | if (!$this->cookie_token || !$this->isLegacyToken($this->cookie_token)) { |
|||
141 | 2 | return; |
|||
142 | } |
||||
143 | |||||
144 | // replace user's old weaker-entropy code with new one |
||||
145 | 1 | $this->removeHash($this->hashToken($this->cookie_token)); |
|||
146 | 1 | $this->makeLoginPersistent($logged_in_user); |
|||
147 | 1 | } |
|||
148 | |||||
149 | /** |
||||
150 | * Find a user with the given hash |
||||
151 | * |
||||
152 | * @param string $hash The hashed token |
||||
153 | * |
||||
154 | * @return \ElggUser|null |
||||
155 | */ |
||||
156 | 6 | public function getUserFromHash($hash) { |
|||
157 | 6 | if (!$hash) { |
|||
158 | return null; |
||||
159 | } |
||||
160 | |||||
161 | 6 | $hash = $this->db->sanitizeString($hash); |
|||
0 ignored issues
–
show
The function
Elgg\Database::sanitizeString() has been deprecated: Use query parameters where possible
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This function has been deprecated. The supplier of the function has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.
Loading history...
|
|||||
162 | 6 | $query = "SELECT guid FROM {$this->table} WHERE code = '$hash'"; |
|||
163 | try { |
||||
164 | 6 | $user_row = $this->db->getDataRow($query); |
|||
165 | } catch (\DatabaseException $e) { |
||||
166 | return $this->handleDbException($e); |
||||
167 | } |
||||
168 | 6 | if (!$user_row) { |
|||
0 ignored issues
–
show
The expression
$user_row of type array is implicitly converted to a boolean; are you sure this is intended? If so, consider using empty($expr) instead to make it clear that you intend to check for an array without elements.
This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using
Loading history...
|
|||||
169 | 3 | return null; |
|||
170 | } |
||||
171 | |||||
172 | 3 | $user = call_user_func($this->_callable_get_user, $user_row->guid); |
|||
173 | 3 | return $user ? $user : null; |
|||
174 | } |
||||
175 | |||||
176 | /** |
||||
177 | * Store a hash in the DB |
||||
178 | * |
||||
179 | * @param \ElggUser $user The user for whom we're storing the hash |
||||
180 | * @param string $hash The hashed token |
||||
181 | * |
||||
182 | * @return void |
||||
183 | */ |
||||
184 | 3 | protected function storeHash(\ElggUser $user, $hash) { |
|||
185 | // This prevents inserting the same hash twice, which seems to be happening in some rare cases |
||||
186 | // and for unknown reasons. See https://github.com/Elgg/Elgg/issues/8104 |
||||
187 | 3 | $this->removeHash($hash); |
|||
188 | |||||
189 | 3 | $time = time(); |
|||
190 | 3 | $hash = $this->db->sanitizeString($hash); |
|||
0 ignored issues
–
show
The function
Elgg\Database::sanitizeString() has been deprecated: Use query parameters where possible
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This function has been deprecated. The supplier of the function has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.
Loading history...
|
|||||
191 | |||||
192 | $query = " |
||||
193 | 3 | INSERT INTO {$this->table} (code, guid, timestamp) |
|||
194 | 3 | VALUES ('$hash', {$user->guid}, $time) |
|||
195 | "; |
||||
196 | try { |
||||
197 | 3 | $this->db->insertData($query); |
|||
198 | } catch (\DatabaseException $e) { |
||||
199 | $this->handleDbException($e); |
||||
200 | } |
||||
201 | 3 | } |
|||
202 | |||||
203 | /** |
||||
204 | * Remove a hash from the DB |
||||
205 | * |
||||
206 | * @param string $hash The hashed token to remove (unused before 1.9) |
||||
207 | * @return void |
||||
208 | */ |
||||
209 | 4 | protected function removeHash($hash) { |
|||
210 | 4 | $hash = $this->db->sanitizeString($hash); |
|||
0 ignored issues
–
show
The function
Elgg\Database::sanitizeString() has been deprecated: Use query parameters where possible
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This function has been deprecated. The supplier of the function has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.
Loading history...
|
|||||
211 | |||||
212 | 4 | $query = "DELETE FROM {$this->table} WHERE code = '$hash'"; |
|||
213 | try { |
||||
214 | 4 | $this->db->deleteData($query); |
|||
215 | } catch (\DatabaseException $e) { |
||||
216 | $this->handleDbException($e); |
||||
217 | } |
||||
218 | 4 | } |
|||
219 | |||||
220 | /** |
||||
221 | * Swallow a schema not upgraded exception, otherwise rethrow it |
||||
222 | * |
||||
223 | * @param \DatabaseException $exception The exception to handle |
||||
224 | * @param string $default The value to return if the table doesn't exist yet |
||||
225 | * |
||||
226 | * @return mixed |
||||
227 | * |
||||
228 | * @throws \DatabaseException |
||||
229 | */ |
||||
230 | protected function handleDbException(\DatabaseException $exception, $default = null) { |
||||
231 | if (false !== strpos($exception->getMessage(), "users_remember_me_cookies' doesn't exist")) { |
||||
232 | // schema has not been updated so we swallow this exception |
||||
233 | return $default; |
||||
234 | } else { |
||||
235 | throw $exception; |
||||
236 | } |
||||
237 | } |
||||
238 | |||||
239 | /** |
||||
240 | * Remove all the hashes associated with a user |
||||
241 | * |
||||
242 | * @param \ElggUser $user The user for whom we're removing hashes |
||||
243 | * |
||||
244 | * @return void |
||||
245 | */ |
||||
246 | 3 | protected function removeAllHashes(\ElggUser $user) { |
|||
247 | 3 | $query = "DELETE FROM {$this->table} WHERE guid = '{$user->guid}'"; |
|||
248 | try { |
||||
249 | 3 | $this->db->deleteData($query); |
|||
250 | } catch (\DatabaseException $e) { |
||||
251 | $this->handleDbException($e); |
||||
252 | } |
||||
253 | 3 | } |
|||
254 | |||||
255 | /** |
||||
256 | * Create a hash from the token |
||||
257 | * |
||||
258 | * @param string $token The token to hash |
||||
259 | * |
||||
260 | * @return string |
||||
261 | */ |
||||
262 | 7 | protected function hashToken($token) { |
|||
263 | // note: with user passwords, you'd want legit password hashing, but since these are randomly |
||||
264 | // generated and long tokens, rainbow tables aren't any help. |
||||
265 | 7 | return md5($token); |
|||
266 | } |
||||
267 | |||||
268 | /** |
||||
269 | * Store the token in the client cookie (or remove the cookie) |
||||
270 | * |
||||
271 | * @param string $token Empty string to remove cookie |
||||
272 | * |
||||
273 | * @return void |
||||
274 | */ |
||||
275 | 7 | protected function setCookie($token) { |
|||
276 | 7 | $cookie = new \ElggCookie($this->cookie_config['name']); |
|||
277 | 7 | foreach (['expire', 'path', 'domain', 'secure', 'httponly'] as $key) { |
|||
278 | 7 | $cookie->$key = $this->cookie_config[$key]; |
|||
279 | } |
||||
280 | 7 | $cookie->value = $token; |
|||
281 | 7 | if (!$token) { |
|||
282 | 4 | $cookie->expire = $this->time - (86400 * 30); |
|||
283 | } |
||||
284 | 7 | call_user_func($this->_callable_elgg_set_cookie, $cookie); |
|||
285 | 7 | } |
|||
286 | |||||
287 | /** |
||||
288 | * Store the token in the session (or remove it from the session) |
||||
289 | * |
||||
290 | * @param string $token The token to store in session. Empty string to remove. |
||||
291 | * |
||||
292 | * @return void |
||||
293 | */ |
||||
294 | 6 | protected function setSession($token) { |
|||
295 | 6 | if ($token) { |
|||
296 | 4 | $this->session->set('code', $token); |
|||
297 | } else { |
||||
298 | 2 | $this->session->remove('code'); |
|||
299 | } |
||||
300 | 6 | } |
|||
301 | |||||
302 | /** |
||||
303 | * Generate a random token (base 64 URL) |
||||
304 | * |
||||
305 | * The first char is always "z" to indicate the value has more entropy than the |
||||
306 | * previously generated ones. |
||||
307 | * |
||||
308 | * @return string |
||||
309 | */ |
||||
310 | 3 | protected function generateToken() { |
|||
311 | 3 | return 'z' . $this->crypto->getRandomString(31); |
|||
312 | } |
||||
313 | |||||
314 | /** |
||||
315 | * Is the given token a legacy MD5 hash? |
||||
316 | * |
||||
317 | * @param string $token The token to analyze |
||||
318 | * |
||||
319 | * @return bool |
||||
320 | */ |
||||
321 | 3 | protected function isLegacyToken($token) { |
|||
322 | 3 | return (isset($token[0]) && $token[0] !== 'z'); |
|||
323 | } |
||||
324 | |||||
325 | /** |
||||
326 | * @var Database |
||||
327 | */ |
||||
328 | protected $db; |
||||
329 | |||||
330 | /** |
||||
331 | * @var string |
||||
332 | */ |
||||
333 | protected $table; |
||||
334 | |||||
335 | /** |
||||
336 | * @var array |
||||
337 | */ |
||||
338 | protected $cookie_config; |
||||
339 | |||||
340 | /** |
||||
341 | * @var string |
||||
342 | */ |
||||
343 | protected $cookie_token; |
||||
344 | |||||
345 | /** |
||||
346 | * @var \ElggSession |
||||
347 | */ |
||||
348 | protected $session; |
||||
349 | |||||
350 | /** |
||||
351 | * @var \ElggCrypto |
||||
352 | */ |
||||
353 | protected $crypto; |
||||
354 | |||||
355 | /** |
||||
356 | * @var int |
||||
357 | */ |
||||
358 | protected $time; |
||||
359 | |||||
360 | /** |
||||
361 | * DO NOT USE. For unit test mocking |
||||
362 | * @access private |
||||
363 | */ |
||||
364 | public $_callable_get_user = 'get_user'; |
||||
365 | |||||
366 | /** |
||||
367 | * DO NOT USE. For unit test mocking |
||||
368 | * @access private |
||||
369 | */ |
||||
370 | public $_callable_elgg_set_cookie = 'elgg_set_cookie'; |
||||
371 | |||||
372 | /** |
||||
373 | * DO NOT USE. For unit test mocking |
||||
374 | * @access private |
||||
375 | */ |
||||
376 | public $_callable_sleep = 'sleep'; |
||||
377 | } |
||||
378 | |||||
379 |