enwikipedia-acc /
waca
@@ -8,10 +8,10 @@ |
||
| 8 | 8 | |
| 9 | 9 | function smarty_modifier_demodhex($input) |
| 10 | 10 | { |
| 11 | - $hex = preg_replace( |
|
| 12 | - array('/c/', '/b/', '/d/', '/e/', '/f/', '/g/', '/h/', '/i/', '/j/', '/k/', '/l/', '/n/', '/r/', '/t/', '/u/', '/v/'), |
|
| 13 | - array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'), |
|
| 14 | - $input); |
|
| 11 | + $hex = preg_replace( |
|
| 12 | + array('/c/', '/b/', '/d/', '/e/', '/f/', '/g/', '/h/', '/i/', '/j/', '/k/', '/l/', '/n/', '/r/', '/t/', '/u/', '/v/'), |
|
| 13 | + array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'), |
|
| 14 | + $input); |
|
| 15 | 15 | |
| 16 | - return hexdec($hex); |
|
| 16 | + return hexdec($hex); |
|
| 17 | 17 | } |
| 18 | 18 | \ No newline at end of file |
@@ -18,134 +18,134 @@ |
||
| 18 | 18 | |
| 19 | 19 | class ScratchTokenCredentialProvider extends CredentialProviderBase |
| 20 | 20 | { |
| 21 | - /** @var EncryptionHelper */ |
|
| 22 | - private $encryptionHelper; |
|
| 23 | - /** @var array the tokens generated in the last generation round. */ |
|
| 24 | - private $generatedTokens; |
|
| 25 | - |
|
| 26 | - /** |
|
| 27 | - * ScratchTokenCredentialProvider constructor. |
|
| 28 | - * |
|
| 29 | - * @param PdoDatabase $database |
|
| 30 | - * @param SiteConfiguration $configuration |
|
| 31 | - */ |
|
| 32 | - public function __construct(PdoDatabase $database, SiteConfiguration $configuration) |
|
| 33 | - { |
|
| 34 | - parent::__construct($database, $configuration, 'scratch'); |
|
| 35 | - $this->encryptionHelper = new EncryptionHelper($configuration); |
|
| 36 | - } |
|
| 37 | - |
|
| 38 | - /** |
|
| 39 | - * Validates a user-provided credential |
|
| 40 | - * |
|
| 41 | - * @param User $user The user to test the authentication against |
|
| 42 | - * @param string $data The raw credential data to be validated |
|
| 43 | - * |
|
| 44 | - * @return bool |
|
| 45 | - * @throws ApplicationLogicException|OptimisticLockFailedException |
|
| 46 | - */ |
|
| 47 | - public function authenticate(User $user, $data) |
|
| 48 | - { |
|
| 49 | - if (is_array($data)) { |
|
| 50 | - return false; |
|
| 51 | - } |
|
| 52 | - |
|
| 53 | - $storedData = $this->getCredentialData($user->getId()); |
|
| 54 | - |
|
| 55 | - if ($storedData === null) { |
|
| 56 | - throw new ApplicationLogicException('Credential data not found'); |
|
| 57 | - } |
|
| 58 | - |
|
| 59 | - $scratchTokens = unserialize($this->encryptionHelper->decryptData($storedData->getData())); |
|
| 60 | - |
|
| 61 | - $usedToken = null; |
|
| 62 | - foreach ($scratchTokens as $scratchToken) { |
|
| 63 | - if (password_verify($data, $scratchToken)){ |
|
| 64 | - $usedToken = $scratchToken; |
|
| 65 | - break; |
|
| 66 | - } |
|
| 67 | - } |
|
| 68 | - |
|
| 69 | - if($usedToken === null) { |
|
| 70 | - return false; |
|
| 71 | - } |
|
| 72 | - |
|
| 73 | - $scratchTokens = array_diff($scratchTokens, [$usedToken]); |
|
| 74 | - |
|
| 75 | - $storedData->setData($this->encryptionHelper->encryptData(serialize($scratchTokens))); |
|
| 76 | - $storedData->save(); |
|
| 77 | - |
|
| 78 | - return true; |
|
| 79 | - } |
|
| 80 | - |
|
| 81 | - /** |
|
| 82 | - * @param User $user The user the credential belongs to |
|
| 83 | - * @param int $factor The factor this credential provides |
|
| 84 | - * @param string $data Unused. |
|
| 85 | - * |
|
| 86 | - * @throws OptimisticLockFailedException |
|
| 87 | - */ |
|
| 88 | - public function setCredential(User $user, $factor, $data) |
|
| 89 | - { |
|
| 90 | - $plaintextScratch = array(); |
|
| 91 | - $storedScratch = array(); |
|
| 92 | - for ($i = 0; $i < 5; $i++) { |
|
| 93 | - $token = Base32::encode(openssl_random_pseudo_bytes(10)); |
|
| 94 | - $plaintextScratch[] = $token; |
|
| 95 | - |
|
| 96 | - $storedScratch[] = password_hash( |
|
| 97 | - $token, |
|
| 98 | - PasswordCredentialProvider::PASSWORD_ALGO, |
|
| 99 | - array('cost' => PasswordCredentialProvider::PASSWORD_COST) |
|
| 100 | - ); |
|
| 101 | - } |
|
| 102 | - |
|
| 103 | - $storedData = $this->getCredentialData($user->getId(), null); |
|
| 104 | - |
|
| 105 | - if ($storedData !== null) { |
|
| 106 | - $storedData->delete(); |
|
| 107 | - } |
|
| 108 | - |
|
| 109 | - $storedData = $this->createNewCredential($user); |
|
| 110 | - |
|
| 111 | - $storedData->setData($this->encryptionHelper->encryptData(serialize($storedScratch))); |
|
| 112 | - $storedData->setFactor($factor); |
|
| 113 | - $storedData->setVersion(1); |
|
| 114 | - $storedData->setPriority(9); |
|
| 115 | - |
|
| 116 | - $storedData->save(); |
|
| 117 | - $this->generatedTokens = $plaintextScratch; |
|
| 118 | - } |
|
| 119 | - |
|
| 120 | - /** |
|
| 121 | - * Gets the count of remaining valid tokens |
|
| 122 | - * |
|
| 123 | - * @param int $userId |
|
| 124 | - * |
|
| 125 | - * @return int |
|
| 126 | - */ |
|
| 127 | - public function getRemaining($userId) |
|
| 128 | - { |
|
| 129 | - $storedData = $this->getCredentialData($userId); |
|
| 130 | - |
|
| 131 | - if ($storedData === null) { |
|
| 132 | - return 0; |
|
| 133 | - } |
|
| 134 | - |
|
| 135 | - $scratchTokens = unserialize($this->encryptionHelper->decryptData($storedData->getData())); |
|
| 136 | - |
|
| 137 | - return count($scratchTokens); |
|
| 138 | - } |
|
| 139 | - |
|
| 140 | - /** |
|
| 141 | - * @return array |
|
| 142 | - */ |
|
| 143 | - public function getTokens() |
|
| 144 | - { |
|
| 145 | - if ($this->generatedTokens != null) { |
|
| 146 | - return $this->generatedTokens; |
|
| 147 | - } |
|
| 148 | - |
|
| 149 | - return array(); |
|
| 150 | - } |
|
| 21 | + /** @var EncryptionHelper */ |
|
| 22 | + private $encryptionHelper; |
|
| 23 | + /** @var array the tokens generated in the last generation round. */ |
|
| 24 | + private $generatedTokens; |
|
| 25 | + |
|
| 26 | + /** |
|
| 27 | + * ScratchTokenCredentialProvider constructor. |
|
| 28 | + * |
|
| 29 | + * @param PdoDatabase $database |
|
| 30 | + * @param SiteConfiguration $configuration |
|
| 31 | + */ |
|
| 32 | + public function __construct(PdoDatabase $database, SiteConfiguration $configuration) |
|
| 33 | + { |
|
| 34 | + parent::__construct($database, $configuration, 'scratch'); |
|
| 35 | + $this->encryptionHelper = new EncryptionHelper($configuration); |
|
| 36 | + } |
|
| 37 | + |
|
| 38 | + /** |
|
| 39 | + * Validates a user-provided credential |
|
| 40 | + * |
|
| 41 | + * @param User $user The user to test the authentication against |
|
| 42 | + * @param string $data The raw credential data to be validated |
|
| 43 | + * |
|
| 44 | + * @return bool |
|
| 45 | + * @throws ApplicationLogicException|OptimisticLockFailedException |
|
| 46 | + */ |
|
| 47 | + public function authenticate(User $user, $data) |
|
| 48 | + { |
|
| 49 | + if (is_array($data)) { |
|
| 50 | + return false; |
|
| 51 | + } |
|
| 52 | + |
|
| 53 | + $storedData = $this->getCredentialData($user->getId()); |
|
| 54 | + |
|
| 55 | + if ($storedData === null) { |
|
| 56 | + throw new ApplicationLogicException('Credential data not found'); |
|
| 57 | + } |
|
| 58 | + |
|
| 59 | + $scratchTokens = unserialize($this->encryptionHelper->decryptData($storedData->getData())); |
|
| 60 | + |
|
| 61 | + $usedToken = null; |
|
| 62 | + foreach ($scratchTokens as $scratchToken) { |
|
| 63 | + if (password_verify($data, $scratchToken)){ |
|
| 64 | + $usedToken = $scratchToken; |
|
| 65 | + break; |
|
| 66 | + } |
|
| 67 | + } |
|
| 68 | + |
|
| 69 | + if($usedToken === null) { |
|
| 70 | + return false; |
|
| 71 | + } |
|
| 72 | + |
|
| 73 | + $scratchTokens = array_diff($scratchTokens, [$usedToken]); |
|
| 74 | + |
|
| 75 | + $storedData->setData($this->encryptionHelper->encryptData(serialize($scratchTokens))); |
|
| 76 | + $storedData->save(); |
|
| 77 | + |
|
| 78 | + return true; |
|
| 79 | + } |
|
| 80 | + |
|
| 81 | + /** |
|
| 82 | + * @param User $user The user the credential belongs to |
|
| 83 | + * @param int $factor The factor this credential provides |
|
| 84 | + * @param string $data Unused. |
|
| 85 | + * |
|
| 86 | + * @throws OptimisticLockFailedException |
|
| 87 | + */ |
|
| 88 | + public function setCredential(User $user, $factor, $data) |
|
| 89 | + { |
|
| 90 | + $plaintextScratch = array(); |
|
| 91 | + $storedScratch = array(); |
|
| 92 | + for ($i = 0; $i < 5; $i++) { |
|
| 93 | + $token = Base32::encode(openssl_random_pseudo_bytes(10)); |
|
| 94 | + $plaintextScratch[] = $token; |
|
| 95 | + |
|
| 96 | + $storedScratch[] = password_hash( |
|
| 97 | + $token, |
|
| 98 | + PasswordCredentialProvider::PASSWORD_ALGO, |
|
| 99 | + array('cost' => PasswordCredentialProvider::PASSWORD_COST) |
|
| 100 | + ); |
|
| 101 | + } |
|
| 102 | + |
|
| 103 | + $storedData = $this->getCredentialData($user->getId(), null); |
|
| 104 | + |
|
| 105 | + if ($storedData !== null) { |
|
| 106 | + $storedData->delete(); |
|
| 107 | + } |
|
| 108 | + |
|
| 109 | + $storedData = $this->createNewCredential($user); |
|
| 110 | + |
|
| 111 | + $storedData->setData($this->encryptionHelper->encryptData(serialize($storedScratch))); |
|
| 112 | + $storedData->setFactor($factor); |
|
| 113 | + $storedData->setVersion(1); |
|
| 114 | + $storedData->setPriority(9); |
|
| 115 | + |
|
| 116 | + $storedData->save(); |
|
| 117 | + $this->generatedTokens = $plaintextScratch; |
|
| 118 | + } |
|
| 119 | + |
|
| 120 | + /** |
|
| 121 | + * Gets the count of remaining valid tokens |
|
| 122 | + * |
|
| 123 | + * @param int $userId |
|
| 124 | + * |
|
| 125 | + * @return int |
|
| 126 | + */ |
|
| 127 | + public function getRemaining($userId) |
|
| 128 | + { |
|
| 129 | + $storedData = $this->getCredentialData($userId); |
|
| 130 | + |
|
| 131 | + if ($storedData === null) { |
|
| 132 | + return 0; |
|
| 133 | + } |
|
| 134 | + |
|
| 135 | + $scratchTokens = unserialize($this->encryptionHelper->decryptData($storedData->getData())); |
|
| 136 | + |
|
| 137 | + return count($scratchTokens); |
|
| 138 | + } |
|
| 139 | + |
|
| 140 | + /** |
|
| 141 | + * @return array |
|
| 142 | + */ |
|
| 143 | + public function getTokens() |
|
| 144 | + { |
|
| 145 | + if ($this->generatedTokens != null) { |
|
| 146 | + return $this->generatedTokens; |
|
| 147 | + } |
|
| 148 | + |
|
| 149 | + return array(); |
|
| 150 | + } |
|
| 151 | 151 | } |
@@ -60,13 +60,13 @@ |
||
| 60 | 60 | |
| 61 | 61 | $usedToken = null; |
| 62 | 62 | foreach ($scratchTokens as $scratchToken) { |
| 63 | - if (password_verify($data, $scratchToken)){ |
|
| 63 | + if (password_verify($data, $scratchToken)) { |
|
| 64 | 64 | $usedToken = $scratchToken; |
| 65 | 65 | break; |
| 66 | 66 | } |
| 67 | 67 | } |
| 68 | 68 | |
| 69 | - if($usedToken === null) { |
|
| 69 | + if ($usedToken === null) { |
|
| 70 | 70 | return false; |
| 71 | 71 | } |
| 72 | 72 | |
@@ -60,7 +60,7 @@ |
||
| 60 | 60 | |
| 61 | 61 | $usedToken = null; |
| 62 | 62 | foreach ($scratchTokens as $scratchToken) { |
| 63 | - if (password_verify($data, $scratchToken)){ |
|
| 63 | + if (password_verify($data, $scratchToken)) { |
|
| 64 | 64 | $usedToken = $scratchToken; |
| 65 | 65 | break; |
| 66 | 66 | } |
@@ -15,56 +15,56 @@ |
||
| 15 | 15 | |
| 16 | 16 | class PasswordCredentialProvider extends CredentialProviderBase |
| 17 | 17 | { |
| 18 | - const PASSWORD_COST = 10; |
|
| 19 | - const PASSWORD_ALGO = PASSWORD_BCRYPT; |
|
| 18 | + const PASSWORD_COST = 10; |
|
| 19 | + const PASSWORD_ALGO = PASSWORD_BCRYPT; |
|
| 20 | 20 | |
| 21 | - public function __construct(PdoDatabase $database, SiteConfiguration $configuration) |
|
| 22 | - { |
|
| 23 | - parent::__construct($database, $configuration, 'password'); |
|
| 24 | - } |
|
| 21 | + public function __construct(PdoDatabase $database, SiteConfiguration $configuration) |
|
| 22 | + { |
|
| 23 | + parent::__construct($database, $configuration, 'password'); |
|
| 24 | + } |
|
| 25 | 25 | |
| 26 | - public function authenticate(User $user, $data) |
|
| 27 | - { |
|
| 28 | - $storedData = $this->getCredentialData($user->getId()); |
|
| 29 | - if($storedData === null) |
|
| 30 | - { |
|
| 31 | - // No available credential matching these parameters |
|
| 32 | - return false; |
|
| 33 | - } |
|
| 26 | + public function authenticate(User $user, $data) |
|
| 27 | + { |
|
| 28 | + $storedData = $this->getCredentialData($user->getId()); |
|
| 29 | + if($storedData === null) |
|
| 30 | + { |
|
| 31 | + // No available credential matching these parameters |
|
| 32 | + return false; |
|
| 33 | + } |
|
| 34 | 34 | |
| 35 | - if($storedData->getVersion() !== 2) { |
|
| 36 | - // Non-2 versions are not supported. |
|
| 37 | - return false; |
|
| 38 | - } |
|
| 35 | + if($storedData->getVersion() !== 2) { |
|
| 36 | + // Non-2 versions are not supported. |
|
| 37 | + return false; |
|
| 38 | + } |
|
| 39 | 39 | |
| 40 | - if(password_verify($data, $storedData->getData())) { |
|
| 41 | - if(password_needs_rehash($storedData->getData(), self::PASSWORD_ALGO, array('cost' => self::PASSWORD_COST))){ |
|
| 42 | - $this->setCredential($user, $storedData->getFactor(), $data); |
|
| 43 | - } |
|
| 40 | + if(password_verify($data, $storedData->getData())) { |
|
| 41 | + if(password_needs_rehash($storedData->getData(), self::PASSWORD_ALGO, array('cost' => self::PASSWORD_COST))){ |
|
| 42 | + $this->setCredential($user, $storedData->getFactor(), $data); |
|
| 43 | + } |
|
| 44 | 44 | |
| 45 | - return true; |
|
| 46 | - } |
|
| 45 | + return true; |
|
| 46 | + } |
|
| 47 | 47 | |
| 48 | - return false; |
|
| 49 | - } |
|
| 48 | + return false; |
|
| 49 | + } |
|
| 50 | 50 | |
| 51 | - public function setCredential(User $user, $factor, $password) |
|
| 52 | - { |
|
| 53 | - $storedData = $this->getCredentialData($user->getId()); |
|
| 51 | + public function setCredential(User $user, $factor, $password) |
|
| 52 | + { |
|
| 53 | + $storedData = $this->getCredentialData($user->getId()); |
|
| 54 | 54 | |
| 55 | - if($storedData === null){ |
|
| 56 | - $storedData = $this->createNewCredential($user); |
|
| 57 | - } |
|
| 55 | + if($storedData === null){ |
|
| 56 | + $storedData = $this->createNewCredential($user); |
|
| 57 | + } |
|
| 58 | 58 | |
| 59 | - $storedData->setData(password_hash($password, self::PASSWORD_ALGO, array('cost' => self::PASSWORD_COST))); |
|
| 60 | - $storedData->setFactor($factor); |
|
| 61 | - $storedData->setVersion(2); |
|
| 59 | + $storedData->setData(password_hash($password, self::PASSWORD_ALGO, array('cost' => self::PASSWORD_COST))); |
|
| 60 | + $storedData->setFactor($factor); |
|
| 61 | + $storedData->setVersion(2); |
|
| 62 | 62 | |
| 63 | - $storedData->save(); |
|
| 64 | - } |
|
| 63 | + $storedData->save(); |
|
| 64 | + } |
|
| 65 | 65 | |
| 66 | - public function deleteCredential(User $user) |
|
| 67 | - { |
|
| 68 | - throw new ApplicationLogicException('Deletion of password credential is not allowed.'); |
|
| 69 | - } |
|
| 66 | + public function deleteCredential(User $user) |
|
| 67 | + { |
|
| 68 | + throw new ApplicationLogicException('Deletion of password credential is not allowed.'); |
|
| 69 | + } |
|
| 70 | 70 | } |
@@ -26,19 +26,19 @@ discard block |
||
| 26 | 26 | public function authenticate(User $user, $data) |
| 27 | 27 | { |
| 28 | 28 | $storedData = $this->getCredentialData($user->getId()); |
| 29 | - if($storedData === null) |
|
| 29 | + if ($storedData === null) |
|
| 30 | 30 | { |
| 31 | 31 | // No available credential matching these parameters |
| 32 | 32 | return false; |
| 33 | 33 | } |
| 34 | 34 | |
| 35 | - if($storedData->getVersion() !== 2) { |
|
| 35 | + if ($storedData->getVersion() !== 2) { |
|
| 36 | 36 | // Non-2 versions are not supported. |
| 37 | 37 | return false; |
| 38 | 38 | } |
| 39 | 39 | |
| 40 | - if(password_verify($data, $storedData->getData())) { |
|
| 41 | - if(password_needs_rehash($storedData->getData(), self::PASSWORD_ALGO, array('cost' => self::PASSWORD_COST))){ |
|
| 40 | + if (password_verify($data, $storedData->getData())) { |
|
| 41 | + if (password_needs_rehash($storedData->getData(), self::PASSWORD_ALGO, array('cost' => self::PASSWORD_COST))) { |
|
| 42 | 42 | $this->setCredential($user, $storedData->getFactor(), $data); |
| 43 | 43 | } |
| 44 | 44 | |
@@ -52,7 +52,7 @@ discard block |
||
| 52 | 52 | { |
| 53 | 53 | $storedData = $this->getCredentialData($user->getId()); |
| 54 | 54 | |
| 55 | - if($storedData === null){ |
|
| 55 | + if ($storedData === null) { |
|
| 56 | 56 | $storedData = $this->createNewCredential($user); |
| 57 | 57 | } |
| 58 | 58 | |
@@ -26,8 +26,7 @@ discard block |
||
| 26 | 26 | public function authenticate(User $user, $data) |
| 27 | 27 | { |
| 28 | 28 | $storedData = $this->getCredentialData($user->getId()); |
| 29 | - if($storedData === null) |
|
| 30 | - { |
|
| 29 | + if($storedData === null) { |
|
| 31 | 30 | // No available credential matching these parameters |
| 32 | 31 | return false; |
| 33 | 32 | } |
@@ -38,7 +37,7 @@ discard block |
||
| 38 | 37 | } |
| 39 | 38 | |
| 40 | 39 | if(password_verify($data, $storedData->getData())) { |
| 41 | - if(password_needs_rehash($storedData->getData(), self::PASSWORD_ALGO, array('cost' => self::PASSWORD_COST))){ |
|
| 40 | + if(password_needs_rehash($storedData->getData(), self::PASSWORD_ALGO, array('cost' => self::PASSWORD_COST))) { |
|
| 42 | 41 | $this->setCredential($user, $storedData->getFactor(), $data); |
| 43 | 42 | } |
| 44 | 43 | |
@@ -52,7 +51,7 @@ discard block |
||
| 52 | 51 | { |
| 53 | 52 | $storedData = $this->getCredentialData($user->getId()); |
| 54 | 53 | |
| 55 | - if($storedData === null){ |
|
| 54 | + if($storedData === null) { |
|
| 56 | 55 | $storedData = $this->createNewCredential($user); |
| 57 | 56 | } |
| 58 | 57 | |
