nextcloud /
server
@@ -33,35 +33,35 @@ |
||
| 33 | 33 | * @since 14.0.0 |
| 34 | 34 | */ |
| 35 | 35 | class CloudFederationNotification implements ICloudFederationNotification { |
| 36 | - private $message = []; |
|
| 36 | + private $message = []; |
|
| 37 | 37 | |
| 38 | - /** |
|
| 39 | - * add a message to the notification |
|
| 40 | - * |
|
| 41 | - * @param string $notificationType (e.g. SHARE_ACCEPTED) |
|
| 42 | - * @param string $resourceType (e.g. file, calendar, contact,...) |
|
| 43 | - * @param string $providerId id of the share |
|
| 44 | - * @param array $notification payload of the notification |
|
| 45 | - * |
|
| 46 | - * @since 14.0.0 |
|
| 47 | - */ |
|
| 48 | - public function setMessage($notificationType, $resourceType, $providerId, array $notification) { |
|
| 49 | - $this->message = [ |
|
| 50 | - 'notificationType' => $notificationType, |
|
| 51 | - 'resourceType' => $resourceType, |
|
| 52 | - 'providerId' => $providerId, |
|
| 53 | - 'notification' => $notification, |
|
| 54 | - ]; |
|
| 55 | - } |
|
| 38 | + /** |
|
| 39 | + * add a message to the notification |
|
| 40 | + * |
|
| 41 | + * @param string $notificationType (e.g. SHARE_ACCEPTED) |
|
| 42 | + * @param string $resourceType (e.g. file, calendar, contact,...) |
|
| 43 | + * @param string $providerId id of the share |
|
| 44 | + * @param array $notification payload of the notification |
|
| 45 | + * |
|
| 46 | + * @since 14.0.0 |
|
| 47 | + */ |
|
| 48 | + public function setMessage($notificationType, $resourceType, $providerId, array $notification) { |
|
| 49 | + $this->message = [ |
|
| 50 | + 'notificationType' => $notificationType, |
|
| 51 | + 'resourceType' => $resourceType, |
|
| 52 | + 'providerId' => $providerId, |
|
| 53 | + 'notification' => $notification, |
|
| 54 | + ]; |
|
| 55 | + } |
|
| 56 | 56 | |
| 57 | - /** |
|
| 58 | - * get message, ready to send out |
|
| 59 | - * |
|
| 60 | - * @return array |
|
| 61 | - * |
|
| 62 | - * @since 14.0.0 |
|
| 63 | - */ |
|
| 64 | - public function getMessage() { |
|
| 65 | - return $this->message; |
|
| 66 | - } |
|
| 57 | + /** |
|
| 58 | + * get message, ready to send out |
|
| 59 | + * |
|
| 60 | + * @return array |
|
| 61 | + * |
|
| 62 | + * @since 14.0.0 |
|
| 63 | + */ |
|
| 64 | + public function getMessage() { |
|
| 65 | + return $this->message; |
|
| 66 | + } |
|
| 67 | 67 | } |
@@ -38,7 +38,7 @@ |
||
| 38 | 38 | |
| 39 | 39 | public function run($dummy) { |
| 40 | 40 | $systemConfig = \OC::$server->getSystemConfig(); |
| 41 | - $this->filePath = $systemConfig->getValue('logfile', $systemConfig->getValue('datadirectory', \OC::$SERVERROOT . '/data') . '/nextcloud.log'); |
|
| 41 | + $this->filePath = $systemConfig->getValue('logfile', $systemConfig->getValue('datadirectory', \OC::$SERVERROOT.'/data').'/nextcloud.log'); |
|
| 42 | 42 | |
| 43 | 43 | $this->maxSize = \OC::$server->getConfig()->getSystemValue('log_rotate_size', 100 * 1024 * 1024); |
| 44 | 44 | if ($this->shouldRotateBySize()) { |
@@ -33,17 +33,17 @@ |
||
| 33 | 33 | * location and manage that with your own tools. |
| 34 | 34 | */ |
| 35 | 35 | class Rotate extends \OCP\BackgroundJob\Job { |
| 36 | - use RotationTrait; |
|
| 36 | + use RotationTrait; |
|
| 37 | 37 | |
| 38 | - public function run($dummy) { |
|
| 39 | - $systemConfig = \OC::$server->getSystemConfig(); |
|
| 40 | - $this->filePath = $systemConfig->getValue('logfile', $systemConfig->getValue('datadirectory', \OC::$SERVERROOT . '/data') . '/nextcloud.log'); |
|
| 38 | + public function run($dummy) { |
|
| 39 | + $systemConfig = \OC::$server->getSystemConfig(); |
|
| 40 | + $this->filePath = $systemConfig->getValue('logfile', $systemConfig->getValue('datadirectory', \OC::$SERVERROOT . '/data') . '/nextcloud.log'); |
|
| 41 | 41 | |
| 42 | - $this->maxSize = \OC::$server->getConfig()->getSystemValue('log_rotate_size', 100 * 1024 * 1024); |
|
| 43 | - if ($this->shouldRotateBySize()) { |
|
| 44 | - $rotatedFile = $this->rotate(); |
|
| 45 | - $msg = 'Log file "'.$this->filePath.'" was over '.$this->maxSize.' bytes, moved to "'.$rotatedFile.'"'; |
|
| 46 | - \OC::$server->getLogger()->warning($msg, ['app' => Rotate::class]); |
|
| 47 | - } |
|
| 48 | - } |
|
| 42 | + $this->maxSize = \OC::$server->getConfig()->getSystemValue('log_rotate_size', 100 * 1024 * 1024); |
|
| 43 | + if ($this->shouldRotateBySize()) { |
|
| 44 | + $rotatedFile = $this->rotate(); |
|
| 45 | + $msg = 'Log file "'.$this->filePath.'" was over '.$this->maxSize.' bytes, moved to "'.$rotatedFile.'"'; |
|
| 46 | + \OC::$server->getLogger()->warning($msg, ['app' => Rotate::class]); |
|
| 47 | + } |
|
| 48 | + } |
|
| 49 | 49 | } |
@@ -27,51 +27,51 @@ |
||
| 27 | 27 | namespace OC\Security\FeaturePolicy; |
| 28 | 28 | |
| 29 | 29 | class FeaturePolicy extends \OCP\AppFramework\Http\FeaturePolicy { |
| 30 | - public function getAutoplayDomains(): array { |
|
| 31 | - return $this->autoplayDomains; |
|
| 32 | - } |
|
| 30 | + public function getAutoplayDomains(): array { |
|
| 31 | + return $this->autoplayDomains; |
|
| 32 | + } |
|
| 33 | 33 | |
| 34 | - public function setAutoplayDomains(array $autoplayDomains): void { |
|
| 35 | - $this->autoplayDomains = $autoplayDomains; |
|
| 36 | - } |
|
| 34 | + public function setAutoplayDomains(array $autoplayDomains): void { |
|
| 35 | + $this->autoplayDomains = $autoplayDomains; |
|
| 36 | + } |
|
| 37 | 37 | |
| 38 | - public function getCameraDomains(): array { |
|
| 39 | - return $this->cameraDomains; |
|
| 40 | - } |
|
| 38 | + public function getCameraDomains(): array { |
|
| 39 | + return $this->cameraDomains; |
|
| 40 | + } |
|
| 41 | 41 | |
| 42 | - public function setCameraDomains(array $cameraDomains): void { |
|
| 43 | - $this->cameraDomains = $cameraDomains; |
|
| 44 | - } |
|
| 42 | + public function setCameraDomains(array $cameraDomains): void { |
|
| 43 | + $this->cameraDomains = $cameraDomains; |
|
| 44 | + } |
|
| 45 | 45 | |
| 46 | - public function getFullscreenDomains(): array { |
|
| 47 | - return $this->fullscreenDomains; |
|
| 48 | - } |
|
| 46 | + public function getFullscreenDomains(): array { |
|
| 47 | + return $this->fullscreenDomains; |
|
| 48 | + } |
|
| 49 | 49 | |
| 50 | - public function setFullscreenDomains(array $fullscreenDomains): void { |
|
| 51 | - $this->fullscreenDomains = $fullscreenDomains; |
|
| 52 | - } |
|
| 50 | + public function setFullscreenDomains(array $fullscreenDomains): void { |
|
| 51 | + $this->fullscreenDomains = $fullscreenDomains; |
|
| 52 | + } |
|
| 53 | 53 | |
| 54 | - public function getGeolocationDomains(): array { |
|
| 55 | - return $this->geolocationDomains; |
|
| 56 | - } |
|
| 54 | + public function getGeolocationDomains(): array { |
|
| 55 | + return $this->geolocationDomains; |
|
| 56 | + } |
|
| 57 | 57 | |
| 58 | - public function setGeolocationDomains(array $geolocationDomains): void { |
|
| 59 | - $this->geolocationDomains = $geolocationDomains; |
|
| 60 | - } |
|
| 58 | + public function setGeolocationDomains(array $geolocationDomains): void { |
|
| 59 | + $this->geolocationDomains = $geolocationDomains; |
|
| 60 | + } |
|
| 61 | 61 | |
| 62 | - public function getMicrophoneDomains(): array { |
|
| 63 | - return $this->microphoneDomains; |
|
| 64 | - } |
|
| 62 | + public function getMicrophoneDomains(): array { |
|
| 63 | + return $this->microphoneDomains; |
|
| 64 | + } |
|
| 65 | 65 | |
| 66 | - public function setMicrophoneDomains(array $microphoneDomains): void { |
|
| 67 | - $this->microphoneDomains = $microphoneDomains; |
|
| 68 | - } |
|
| 66 | + public function setMicrophoneDomains(array $microphoneDomains): void { |
|
| 67 | + $this->microphoneDomains = $microphoneDomains; |
|
| 68 | + } |
|
| 69 | 69 | |
| 70 | - public function getPaymentDomains(): array { |
|
| 71 | - return $this->paymentDomains; |
|
| 72 | - } |
|
| 70 | + public function getPaymentDomains(): array { |
|
| 71 | + return $this->paymentDomains; |
|
| 72 | + } |
|
| 73 | 73 | |
| 74 | - public function setPaymentDomains(array $paymentDomains): void { |
|
| 75 | - $this->paymentDomains = $paymentDomains; |
|
| 76 | - } |
|
| 74 | + public function setPaymentDomains(array $paymentDomains): void { |
|
| 75 | + $this->paymentDomains = $paymentDomains; |
|
| 76 | + } |
|
| 77 | 77 | } |
@@ -144,7 +144,7 @@ discard block |
||
| 144 | 144 | */ |
| 145 | 145 | public function getKey(IUser $user): Key { |
| 146 | 146 | $uid = $user->getUID(); |
| 147 | - return $this->retrieveKey('user-' . $uid); |
|
| 147 | + return $this->retrieveKey('user-'.$uid); |
|
| 148 | 148 | } |
| 149 | 149 | |
| 150 | 150 | /** |
@@ -158,7 +158,7 @@ discard block |
||
| 158 | 158 | if ($instanceId === null) { |
| 159 | 159 | throw new \RuntimeException('no instance id!'); |
| 160 | 160 | } |
| 161 | - return $this->retrieveKey('system-' . $instanceId); |
|
| 161 | + return $this->retrieveKey('system-'.$instanceId); |
|
| 162 | 162 | } |
| 163 | 163 | |
| 164 | 164 | private function logOpensslError(): void { |
@@ -166,6 +166,6 @@ discard block |
||
| 166 | 166 | while ($error = openssl_error_string()) { |
| 167 | 167 | $errors[] = $error; |
| 168 | 168 | } |
| 169 | - $this->logger->critical('Something is wrong with your openssl setup: ' . implode(', ', $errors)); |
|
| 169 | + $this->logger->critical('Something is wrong with your openssl setup: '.implode(', ', $errors)); |
|
| 170 | 170 | } |
| 171 | 171 | } |
@@ -37,134 +37,134 @@ |
||
| 37 | 37 | use Psr\Log\LoggerInterface; |
| 38 | 38 | |
| 39 | 39 | class Manager { |
| 40 | - /** @var IAppData */ |
|
| 41 | - private $appData; |
|
| 42 | - /** @var ICrypto */ |
|
| 43 | - private $crypto; |
|
| 44 | - /** @var IConfig */ |
|
| 45 | - private $config; |
|
| 46 | - private LoggerInterface $logger; |
|
| 47 | - |
|
| 48 | - public function __construct(Factory $appDataFactory, |
|
| 49 | - ICrypto $crypto, |
|
| 50 | - IConfig $config, |
|
| 51 | - LoggerInterface $logger |
|
| 52 | - ) { |
|
| 53 | - $this->appData = $appDataFactory->get('identityproof'); |
|
| 54 | - $this->crypto = $crypto; |
|
| 55 | - $this->config = $config; |
|
| 56 | - $this->logger = $logger; |
|
| 57 | - } |
|
| 58 | - |
|
| 59 | - /** |
|
| 60 | - * Calls the openssl functions to generate a public and private key. |
|
| 61 | - * In a separate function for unit testing purposes. |
|
| 62 | - * |
|
| 63 | - * @return array [$publicKey, $privateKey] |
|
| 64 | - * @throws \RuntimeException |
|
| 65 | - */ |
|
| 66 | - protected function generateKeyPair(): array { |
|
| 67 | - $config = [ |
|
| 68 | - 'digest_alg' => 'sha512', |
|
| 69 | - 'private_key_bits' => 2048, |
|
| 70 | - ]; |
|
| 71 | - |
|
| 72 | - // Generate new key |
|
| 73 | - $res = openssl_pkey_new($config); |
|
| 74 | - |
|
| 75 | - if ($res === false) { |
|
| 76 | - $this->logOpensslError(); |
|
| 77 | - throw new \RuntimeException('OpenSSL reported a problem'); |
|
| 78 | - } |
|
| 79 | - |
|
| 80 | - if (openssl_pkey_export($res, $privateKey, null, $config) === false) { |
|
| 81 | - $this->logOpensslError(); |
|
| 82 | - throw new \RuntimeException('OpenSSL reported a problem'); |
|
| 83 | - } |
|
| 84 | - |
|
| 85 | - // Extract the public key from $res to $pubKey |
|
| 86 | - $publicKey = openssl_pkey_get_details($res); |
|
| 87 | - $publicKey = $publicKey['key']; |
|
| 88 | - |
|
| 89 | - return [$publicKey, $privateKey]; |
|
| 90 | - } |
|
| 91 | - |
|
| 92 | - /** |
|
| 93 | - * Generate a key for a given ID |
|
| 94 | - * Note: If a key already exists it will be overwritten |
|
| 95 | - * |
|
| 96 | - * @param string $id key id |
|
| 97 | - * @return Key |
|
| 98 | - * @throws \RuntimeException |
|
| 99 | - */ |
|
| 100 | - protected function generateKey(string $id): Key { |
|
| 101 | - [$publicKey, $privateKey] = $this->generateKeyPair(); |
|
| 102 | - |
|
| 103 | - // Write the private and public key to the disk |
|
| 104 | - try { |
|
| 105 | - $this->appData->newFolder($id); |
|
| 106 | - } catch (\Exception $e) { |
|
| 107 | - } |
|
| 108 | - $folder = $this->appData->getFolder($id); |
|
| 109 | - $folder->newFile('private') |
|
| 110 | - ->putContent($this->crypto->encrypt($privateKey)); |
|
| 111 | - $folder->newFile('public') |
|
| 112 | - ->putContent($publicKey); |
|
| 113 | - |
|
| 114 | - return new Key($publicKey, $privateKey); |
|
| 115 | - } |
|
| 116 | - |
|
| 117 | - /** |
|
| 118 | - * Get key for a specific id |
|
| 119 | - * |
|
| 120 | - * @param string $id |
|
| 121 | - * @return Key |
|
| 122 | - * @throws \RuntimeException |
|
| 123 | - */ |
|
| 124 | - protected function retrieveKey(string $id): Key { |
|
| 125 | - try { |
|
| 126 | - $folder = $this->appData->getFolder($id); |
|
| 127 | - $privateKey = $this->crypto->decrypt( |
|
| 128 | - $folder->getFile('private')->getContent() |
|
| 129 | - ); |
|
| 130 | - $publicKey = $folder->getFile('public')->getContent(); |
|
| 131 | - return new Key($publicKey, $privateKey); |
|
| 132 | - } catch (\Exception $e) { |
|
| 133 | - return $this->generateKey($id); |
|
| 134 | - } |
|
| 135 | - } |
|
| 136 | - |
|
| 137 | - /** |
|
| 138 | - * Get public and private key for $user |
|
| 139 | - * |
|
| 140 | - * @param IUser $user |
|
| 141 | - * @return Key |
|
| 142 | - * @throws \RuntimeException |
|
| 143 | - */ |
|
| 144 | - public function getKey(IUser $user): Key { |
|
| 145 | - $uid = $user->getUID(); |
|
| 146 | - return $this->retrieveKey('user-' . $uid); |
|
| 147 | - } |
|
| 148 | - |
|
| 149 | - /** |
|
| 150 | - * Get instance wide public and private key |
|
| 151 | - * |
|
| 152 | - * @return Key |
|
| 153 | - * @throws \RuntimeException |
|
| 154 | - */ |
|
| 155 | - public function getSystemKey(): Key { |
|
| 156 | - $instanceId = $this->config->getSystemValue('instanceid', null); |
|
| 157 | - if ($instanceId === null) { |
|
| 158 | - throw new \RuntimeException('no instance id!'); |
|
| 159 | - } |
|
| 160 | - return $this->retrieveKey('system-' . $instanceId); |
|
| 161 | - } |
|
| 162 | - |
|
| 163 | - private function logOpensslError(): void { |
|
| 164 | - $errors = []; |
|
| 165 | - while ($error = openssl_error_string()) { |
|
| 166 | - $errors[] = $error; |
|
| 167 | - } |
|
| 168 | - $this->logger->critical('Something is wrong with your openssl setup: ' . implode(', ', $errors)); |
|
| 169 | - } |
|
| 40 | + /** @var IAppData */ |
|
| 41 | + private $appData; |
|
| 42 | + /** @var ICrypto */ |
|
| 43 | + private $crypto; |
|
| 44 | + /** @var IConfig */ |
|
| 45 | + private $config; |
|
| 46 | + private LoggerInterface $logger; |
|
| 47 | + |
|
| 48 | + public function __construct(Factory $appDataFactory, |
|
| 49 | + ICrypto $crypto, |
|
| 50 | + IConfig $config, |
|
| 51 | + LoggerInterface $logger |
|
| 52 | + ) { |
|
| 53 | + $this->appData = $appDataFactory->get('identityproof'); |
|
| 54 | + $this->crypto = $crypto; |
|
| 55 | + $this->config = $config; |
|
| 56 | + $this->logger = $logger; |
|
| 57 | + } |
|
| 58 | + |
|
| 59 | + /** |
|
| 60 | + * Calls the openssl functions to generate a public and private key. |
|
| 61 | + * In a separate function for unit testing purposes. |
|
| 62 | + * |
|
| 63 | + * @return array [$publicKey, $privateKey] |
|
| 64 | + * @throws \RuntimeException |
|
| 65 | + */ |
|
| 66 | + protected function generateKeyPair(): array { |
|
| 67 | + $config = [ |
|
| 68 | + 'digest_alg' => 'sha512', |
|
| 69 | + 'private_key_bits' => 2048, |
|
| 70 | + ]; |
|
| 71 | + |
|
| 72 | + // Generate new key |
|
| 73 | + $res = openssl_pkey_new($config); |
|
| 74 | + |
|
| 75 | + if ($res === false) { |
|
| 76 | + $this->logOpensslError(); |
|
| 77 | + throw new \RuntimeException('OpenSSL reported a problem'); |
|
| 78 | + } |
|
| 79 | + |
|
| 80 | + if (openssl_pkey_export($res, $privateKey, null, $config) === false) { |
|
| 81 | + $this->logOpensslError(); |
|
| 82 | + throw new \RuntimeException('OpenSSL reported a problem'); |
|
| 83 | + } |
|
| 84 | + |
|
| 85 | + // Extract the public key from $res to $pubKey |
|
| 86 | + $publicKey = openssl_pkey_get_details($res); |
|
| 87 | + $publicKey = $publicKey['key']; |
|
| 88 | + |
|
| 89 | + return [$publicKey, $privateKey]; |
|
| 90 | + } |
|
| 91 | + |
|
| 92 | + /** |
|
| 93 | + * Generate a key for a given ID |
|
| 94 | + * Note: If a key already exists it will be overwritten |
|
| 95 | + * |
|
| 96 | + * @param string $id key id |
|
| 97 | + * @return Key |
|
| 98 | + * @throws \RuntimeException |
|
| 99 | + */ |
|
| 100 | + protected function generateKey(string $id): Key { |
|
| 101 | + [$publicKey, $privateKey] = $this->generateKeyPair(); |
|
| 102 | + |
|
| 103 | + // Write the private and public key to the disk |
|
| 104 | + try { |
|
| 105 | + $this->appData->newFolder($id); |
|
| 106 | + } catch (\Exception $e) { |
|
| 107 | + } |
|
| 108 | + $folder = $this->appData->getFolder($id); |
|
| 109 | + $folder->newFile('private') |
|
| 110 | + ->putContent($this->crypto->encrypt($privateKey)); |
|
| 111 | + $folder->newFile('public') |
|
| 112 | + ->putContent($publicKey); |
|
| 113 | + |
|
| 114 | + return new Key($publicKey, $privateKey); |
|
| 115 | + } |
|
| 116 | + |
|
| 117 | + /** |
|
| 118 | + * Get key for a specific id |
|
| 119 | + * |
|
| 120 | + * @param string $id |
|
| 121 | + * @return Key |
|
| 122 | + * @throws \RuntimeException |
|
| 123 | + */ |
|
| 124 | + protected function retrieveKey(string $id): Key { |
|
| 125 | + try { |
|
| 126 | + $folder = $this->appData->getFolder($id); |
|
| 127 | + $privateKey = $this->crypto->decrypt( |
|
| 128 | + $folder->getFile('private')->getContent() |
|
| 129 | + ); |
|
| 130 | + $publicKey = $folder->getFile('public')->getContent(); |
|
| 131 | + return new Key($publicKey, $privateKey); |
|
| 132 | + } catch (\Exception $e) { |
|
| 133 | + return $this->generateKey($id); |
|
| 134 | + } |
|
| 135 | + } |
|
| 136 | + |
|
| 137 | + /** |
|
| 138 | + * Get public and private key for $user |
|
| 139 | + * |
|
| 140 | + * @param IUser $user |
|
| 141 | + * @return Key |
|
| 142 | + * @throws \RuntimeException |
|
| 143 | + */ |
|
| 144 | + public function getKey(IUser $user): Key { |
|
| 145 | + $uid = $user->getUID(); |
|
| 146 | + return $this->retrieveKey('user-' . $uid); |
|
| 147 | + } |
|
| 148 | + |
|
| 149 | + /** |
|
| 150 | + * Get instance wide public and private key |
|
| 151 | + * |
|
| 152 | + * @return Key |
|
| 153 | + * @throws \RuntimeException |
|
| 154 | + */ |
|
| 155 | + public function getSystemKey(): Key { |
|
| 156 | + $instanceId = $this->config->getSystemValue('instanceid', null); |
|
| 157 | + if ($instanceId === null) { |
|
| 158 | + throw new \RuntimeException('no instance id!'); |
|
| 159 | + } |
|
| 160 | + return $this->retrieveKey('system-' . $instanceId); |
|
| 161 | + } |
|
| 162 | + |
|
| 163 | + private function logOpensslError(): void { |
|
| 164 | + $errors = []; |
|
| 165 | + while ($error = openssl_error_string()) { |
|
| 166 | + $errors[] = $error; |
|
| 167 | + } |
|
| 168 | + $this->logger->critical('Something is wrong with your openssl setup: ' . implode(', ', $errors)); |
|
| 169 | + } |
|
| 170 | 170 | } |
@@ -36,46 +36,46 @@ |
||
| 36 | 36 | * @package OC\Security\CSRF |
| 37 | 37 | */ |
| 38 | 38 | class CsrfToken { |
| 39 | - /** @var string */ |
|
| 40 | - private $value; |
|
| 41 | - /** @var string */ |
|
| 42 | - private $encryptedValue = ''; |
|
| 39 | + /** @var string */ |
|
| 40 | + private $value; |
|
| 41 | + /** @var string */ |
|
| 42 | + private $encryptedValue = ''; |
|
| 43 | 43 | |
| 44 | - /** |
|
| 45 | - * @param string $value Value of the token. Can be encrypted or not encrypted. |
|
| 46 | - */ |
|
| 47 | - public function __construct(string $value) { |
|
| 48 | - $this->value = $value; |
|
| 49 | - } |
|
| 44 | + /** |
|
| 45 | + * @param string $value Value of the token. Can be encrypted or not encrypted. |
|
| 46 | + */ |
|
| 47 | + public function __construct(string $value) { |
|
| 48 | + $this->value = $value; |
|
| 49 | + } |
|
| 50 | 50 | |
| 51 | - /** |
|
| 52 | - * Encrypted value of the token. This is used to mitigate BREACH alike |
|
| 53 | - * vulnerabilities. For display measures do use this functionality. |
|
| 54 | - * |
|
| 55 | - * @return string |
|
| 56 | - */ |
|
| 57 | - public function getEncryptedValue(): string { |
|
| 58 | - if ($this->encryptedValue === '') { |
|
| 59 | - $sharedSecret = random_bytes(\strlen($this->value)); |
|
| 60 | - $this->encryptedValue = base64_encode($this->value ^ $sharedSecret) . ':' . base64_encode($sharedSecret); |
|
| 61 | - } |
|
| 51 | + /** |
|
| 52 | + * Encrypted value of the token. This is used to mitigate BREACH alike |
|
| 53 | + * vulnerabilities. For display measures do use this functionality. |
|
| 54 | + * |
|
| 55 | + * @return string |
|
| 56 | + */ |
|
| 57 | + public function getEncryptedValue(): string { |
|
| 58 | + if ($this->encryptedValue === '') { |
|
| 59 | + $sharedSecret = random_bytes(\strlen($this->value)); |
|
| 60 | + $this->encryptedValue = base64_encode($this->value ^ $sharedSecret) . ':' . base64_encode($sharedSecret); |
|
| 61 | + } |
|
| 62 | 62 | |
| 63 | - return $this->encryptedValue; |
|
| 64 | - } |
|
| 63 | + return $this->encryptedValue; |
|
| 64 | + } |
|
| 65 | 65 | |
| 66 | - /** |
|
| 67 | - * The unencrypted value of the token. Used for decrypting an already |
|
| 68 | - * encrypted token. |
|
| 69 | - * |
|
| 70 | - * @return string |
|
| 71 | - */ |
|
| 72 | - public function getDecryptedValue(): string { |
|
| 73 | - $token = explode(':', $this->value); |
|
| 74 | - if (\count($token) !== 2) { |
|
| 75 | - return ''; |
|
| 76 | - } |
|
| 77 | - $obfuscatedToken = $token[0]; |
|
| 78 | - $secret = $token[1]; |
|
| 79 | - return base64_decode($obfuscatedToken) ^ base64_decode($secret); |
|
| 80 | - } |
|
| 66 | + /** |
|
| 67 | + * The unencrypted value of the token. Used for decrypting an already |
|
| 68 | + * encrypted token. |
|
| 69 | + * |
|
| 70 | + * @return string |
|
| 71 | + */ |
|
| 72 | + public function getDecryptedValue(): string { |
|
| 73 | + $token = explode(':', $this->value); |
|
| 74 | + if (\count($token) !== 2) { |
|
| 75 | + return ''; |
|
| 76 | + } |
|
| 77 | + $obfuscatedToken = $token[0]; |
|
| 78 | + $secret = $token[1]; |
|
| 79 | + return base64_decode($obfuscatedToken) ^ base64_decode($secret); |
|
| 80 | + } |
|
| 81 | 81 | } |
@@ -57,7 +57,7 @@ |
||
| 57 | 57 | public function getEncryptedValue(): string { |
| 58 | 58 | if ($this->encryptedValue === '') { |
| 59 | 59 | $sharedSecret = random_bytes(\strlen($this->value)); |
| 60 | - $this->encryptedValue = base64_encode($this->value ^ $sharedSecret) . ':' . base64_encode($sharedSecret); |
|
| 60 | + $this->encryptedValue = base64_encode($this->value ^ $sharedSecret).':'.base64_encode($sharedSecret); |
|
| 61 | 61 | } |
| 62 | 62 | |
| 63 | 63 | return $this->encryptedValue; |
@@ -35,59 +35,59 @@ |
||
| 35 | 35 | * @package OC\Security\CSRF\TokenStorage |
| 36 | 36 | */ |
| 37 | 37 | class SessionStorage { |
| 38 | - /** @var ISession */ |
|
| 39 | - private $session; |
|
| 38 | + /** @var ISession */ |
|
| 39 | + private $session; |
|
| 40 | 40 | |
| 41 | - /** |
|
| 42 | - * @param ISession $session |
|
| 43 | - */ |
|
| 44 | - public function __construct(ISession $session) { |
|
| 45 | - $this->session = $session; |
|
| 46 | - } |
|
| 41 | + /** |
|
| 42 | + * @param ISession $session |
|
| 43 | + */ |
|
| 44 | + public function __construct(ISession $session) { |
|
| 45 | + $this->session = $session; |
|
| 46 | + } |
|
| 47 | 47 | |
| 48 | - /** |
|
| 49 | - * @param ISession $session |
|
| 50 | - */ |
|
| 51 | - public function setSession(ISession $session) { |
|
| 52 | - $this->session = $session; |
|
| 53 | - } |
|
| 48 | + /** |
|
| 49 | + * @param ISession $session |
|
| 50 | + */ |
|
| 51 | + public function setSession(ISession $session) { |
|
| 52 | + $this->session = $session; |
|
| 53 | + } |
|
| 54 | 54 | |
| 55 | - /** |
|
| 56 | - * Returns the current token or throws an exception if none is found. |
|
| 57 | - * |
|
| 58 | - * @return string |
|
| 59 | - * @throws \Exception |
|
| 60 | - */ |
|
| 61 | - public function getToken(): string { |
|
| 62 | - $token = $this->session->get('requesttoken'); |
|
| 63 | - if (empty($token)) { |
|
| 64 | - throw new \Exception('Session does not contain a requesttoken'); |
|
| 65 | - } |
|
| 55 | + /** |
|
| 56 | + * Returns the current token or throws an exception if none is found. |
|
| 57 | + * |
|
| 58 | + * @return string |
|
| 59 | + * @throws \Exception |
|
| 60 | + */ |
|
| 61 | + public function getToken(): string { |
|
| 62 | + $token = $this->session->get('requesttoken'); |
|
| 63 | + if (empty($token)) { |
|
| 64 | + throw new \Exception('Session does not contain a requesttoken'); |
|
| 65 | + } |
|
| 66 | 66 | |
| 67 | - return $token; |
|
| 68 | - } |
|
| 67 | + return $token; |
|
| 68 | + } |
|
| 69 | 69 | |
| 70 | - /** |
|
| 71 | - * Set the valid current token to $value. |
|
| 72 | - * |
|
| 73 | - * @param string $value |
|
| 74 | - */ |
|
| 75 | - public function setToken(string $value) { |
|
| 76 | - $this->session->set('requesttoken', $value); |
|
| 77 | - } |
|
| 70 | + /** |
|
| 71 | + * Set the valid current token to $value. |
|
| 72 | + * |
|
| 73 | + * @param string $value |
|
| 74 | + */ |
|
| 75 | + public function setToken(string $value) { |
|
| 76 | + $this->session->set('requesttoken', $value); |
|
| 77 | + } |
|
| 78 | 78 | |
| 79 | - /** |
|
| 80 | - * Removes the current token. |
|
| 81 | - */ |
|
| 82 | - public function removeToken() { |
|
| 83 | - $this->session->remove('requesttoken'); |
|
| 84 | - } |
|
| 85 | - /** |
|
| 86 | - * Whether the storage has a storage. |
|
| 87 | - * |
|
| 88 | - * @return bool |
|
| 89 | - */ |
|
| 90 | - public function hasToken(): bool { |
|
| 91 | - return $this->session->exists('requesttoken'); |
|
| 92 | - } |
|
| 79 | + /** |
|
| 80 | + * Removes the current token. |
|
| 81 | + */ |
|
| 82 | + public function removeToken() { |
|
| 83 | + $this->session->remove('requesttoken'); |
|
| 84 | + } |
|
| 85 | + /** |
|
| 86 | + * Whether the storage has a storage. |
|
| 87 | + * |
|
| 88 | + * @return bool |
|
| 89 | + */ |
|
| 90 | + public function hasToken(): bool { |
|
| 91 | + return $this->session->exists('requesttoken'); |
|
| 92 | + } |
|
| 93 | 93 | } |
@@ -34,78 +34,78 @@ |
||
| 34 | 34 | * @package OC\Security\CSRF |
| 35 | 35 | */ |
| 36 | 36 | class CsrfTokenManager { |
| 37 | - /** @var CsrfTokenGenerator */ |
|
| 38 | - private $tokenGenerator; |
|
| 39 | - /** @var SessionStorage */ |
|
| 40 | - private $sessionStorage; |
|
| 41 | - /** @var CsrfToken|null */ |
|
| 42 | - private $csrfToken = null; |
|
| 37 | + /** @var CsrfTokenGenerator */ |
|
| 38 | + private $tokenGenerator; |
|
| 39 | + /** @var SessionStorage */ |
|
| 40 | + private $sessionStorage; |
|
| 41 | + /** @var CsrfToken|null */ |
|
| 42 | + private $csrfToken = null; |
|
| 43 | 43 | |
| 44 | - /** |
|
| 45 | - * @param CsrfTokenGenerator $tokenGenerator |
|
| 46 | - * @param SessionStorage $storageInterface |
|
| 47 | - */ |
|
| 48 | - public function __construct(CsrfTokenGenerator $tokenGenerator, |
|
| 49 | - SessionStorage $storageInterface) { |
|
| 50 | - $this->tokenGenerator = $tokenGenerator; |
|
| 51 | - $this->sessionStorage = $storageInterface; |
|
| 52 | - } |
|
| 44 | + /** |
|
| 45 | + * @param CsrfTokenGenerator $tokenGenerator |
|
| 46 | + * @param SessionStorage $storageInterface |
|
| 47 | + */ |
|
| 48 | + public function __construct(CsrfTokenGenerator $tokenGenerator, |
|
| 49 | + SessionStorage $storageInterface) { |
|
| 50 | + $this->tokenGenerator = $tokenGenerator; |
|
| 51 | + $this->sessionStorage = $storageInterface; |
|
| 52 | + } |
|
| 53 | 53 | |
| 54 | - /** |
|
| 55 | - * Returns the current CSRF token, if none set it will create a new one. |
|
| 56 | - * |
|
| 57 | - * @return CsrfToken |
|
| 58 | - */ |
|
| 59 | - public function getToken(): CsrfToken { |
|
| 60 | - if (!\is_null($this->csrfToken)) { |
|
| 61 | - return $this->csrfToken; |
|
| 62 | - } |
|
| 54 | + /** |
|
| 55 | + * Returns the current CSRF token, if none set it will create a new one. |
|
| 56 | + * |
|
| 57 | + * @return CsrfToken |
|
| 58 | + */ |
|
| 59 | + public function getToken(): CsrfToken { |
|
| 60 | + if (!\is_null($this->csrfToken)) { |
|
| 61 | + return $this->csrfToken; |
|
| 62 | + } |
|
| 63 | 63 | |
| 64 | - if ($this->sessionStorage->hasToken()) { |
|
| 65 | - $value = $this->sessionStorage->getToken(); |
|
| 66 | - } else { |
|
| 67 | - $value = $this->tokenGenerator->generateToken(); |
|
| 68 | - $this->sessionStorage->setToken($value); |
|
| 69 | - } |
|
| 64 | + if ($this->sessionStorage->hasToken()) { |
|
| 65 | + $value = $this->sessionStorage->getToken(); |
|
| 66 | + } else { |
|
| 67 | + $value = $this->tokenGenerator->generateToken(); |
|
| 68 | + $this->sessionStorage->setToken($value); |
|
| 69 | + } |
|
| 70 | 70 | |
| 71 | - $this->csrfToken = new CsrfToken($value); |
|
| 72 | - return $this->csrfToken; |
|
| 73 | - } |
|
| 71 | + $this->csrfToken = new CsrfToken($value); |
|
| 72 | + return $this->csrfToken; |
|
| 73 | + } |
|
| 74 | 74 | |
| 75 | - /** |
|
| 76 | - * Invalidates any current token and sets a new one. |
|
| 77 | - * |
|
| 78 | - * @return CsrfToken |
|
| 79 | - */ |
|
| 80 | - public function refreshToken(): CsrfToken { |
|
| 81 | - $value = $this->tokenGenerator->generateToken(); |
|
| 82 | - $this->sessionStorage->setToken($value); |
|
| 83 | - $this->csrfToken = new CsrfToken($value); |
|
| 84 | - return $this->csrfToken; |
|
| 85 | - } |
|
| 75 | + /** |
|
| 76 | + * Invalidates any current token and sets a new one. |
|
| 77 | + * |
|
| 78 | + * @return CsrfToken |
|
| 79 | + */ |
|
| 80 | + public function refreshToken(): CsrfToken { |
|
| 81 | + $value = $this->tokenGenerator->generateToken(); |
|
| 82 | + $this->sessionStorage->setToken($value); |
|
| 83 | + $this->csrfToken = new CsrfToken($value); |
|
| 84 | + return $this->csrfToken; |
|
| 85 | + } |
|
| 86 | 86 | |
| 87 | - /** |
|
| 88 | - * Remove the current token from the storage. |
|
| 89 | - */ |
|
| 90 | - public function removeToken() { |
|
| 91 | - $this->csrfToken = null; |
|
| 92 | - $this->sessionStorage->removeToken(); |
|
| 93 | - } |
|
| 87 | + /** |
|
| 88 | + * Remove the current token from the storage. |
|
| 89 | + */ |
|
| 90 | + public function removeToken() { |
|
| 91 | + $this->csrfToken = null; |
|
| 92 | + $this->sessionStorage->removeToken(); |
|
| 93 | + } |
|
| 94 | 94 | |
| 95 | - /** |
|
| 96 | - * Verifies whether the provided token is valid. |
|
| 97 | - * |
|
| 98 | - * @param CsrfToken $token |
|
| 99 | - * @return bool |
|
| 100 | - */ |
|
| 101 | - public function isTokenValid(CsrfToken $token): bool { |
|
| 102 | - if (!$this->sessionStorage->hasToken()) { |
|
| 103 | - return false; |
|
| 104 | - } |
|
| 95 | + /** |
|
| 96 | + * Verifies whether the provided token is valid. |
|
| 97 | + * |
|
| 98 | + * @param CsrfToken $token |
|
| 99 | + * @return bool |
|
| 100 | + */ |
|
| 101 | + public function isTokenValid(CsrfToken $token): bool { |
|
| 102 | + if (!$this->sessionStorage->hasToken()) { |
|
| 103 | + return false; |
|
| 104 | + } |
|
| 105 | 105 | |
| 106 | - return hash_equals( |
|
| 107 | - $this->sessionStorage->getToken(), |
|
| 108 | - $token->getDecryptedValue() |
|
| 109 | - ); |
|
| 110 | - } |
|
| 106 | + return hash_equals( |
|
| 107 | + $this->sessionStorage->getToken(), |
|
| 108 | + $token->getDecryptedValue() |
|
| 109 | + ); |
|
| 110 | + } |
|
| 111 | 111 | } |
@@ -74,7 +74,7 @@ |
||
| 74 | 74 | */ |
| 75 | 75 | public function mergePolicies(ContentSecurityPolicy $defaultPolicy, |
| 76 | 76 | EmptyContentSecurityPolicy $originalPolicy): ContentSecurityPolicy { |
| 77 | - foreach ((object)(array)$originalPolicy as $name => $value) { |
|
| 77 | + foreach ((object) (array) $originalPolicy as $name => $value) { |
|
| 78 | 78 | $setter = 'set'.ucfirst($name); |
| 79 | 79 | if (\is_array($value)) { |
| 80 | 80 | $getter = 'get'.ucfirst($name); |
@@ -34,63 +34,63 @@ |
||
| 34 | 34 | use OCP\Security\IContentSecurityPolicyManager; |
| 35 | 35 | |
| 36 | 36 | class ContentSecurityPolicyManager implements IContentSecurityPolicyManager { |
| 37 | - /** @var ContentSecurityPolicy[] */ |
|
| 38 | - private $policies = []; |
|
| 37 | + /** @var ContentSecurityPolicy[] */ |
|
| 38 | + private $policies = []; |
|
| 39 | 39 | |
| 40 | - /** @var IEventDispatcher */ |
|
| 41 | - private $dispatcher; |
|
| 40 | + /** @var IEventDispatcher */ |
|
| 41 | + private $dispatcher; |
|
| 42 | 42 | |
| 43 | - public function __construct(IEventDispatcher $dispatcher) { |
|
| 44 | - $this->dispatcher = $dispatcher; |
|
| 45 | - } |
|
| 43 | + public function __construct(IEventDispatcher $dispatcher) { |
|
| 44 | + $this->dispatcher = $dispatcher; |
|
| 45 | + } |
|
| 46 | 46 | |
| 47 | - /** {@inheritdoc} */ |
|
| 48 | - public function addDefaultPolicy(EmptyContentSecurityPolicy $policy) { |
|
| 49 | - $this->policies[] = $policy; |
|
| 50 | - } |
|
| 47 | + /** {@inheritdoc} */ |
|
| 48 | + public function addDefaultPolicy(EmptyContentSecurityPolicy $policy) { |
|
| 49 | + $this->policies[] = $policy; |
|
| 50 | + } |
|
| 51 | 51 | |
| 52 | - /** |
|
| 53 | - * Get the configured default policy. This is not in the public namespace |
|
| 54 | - * as it is only supposed to be used by core itself. |
|
| 55 | - * |
|
| 56 | - * @return ContentSecurityPolicy |
|
| 57 | - */ |
|
| 58 | - public function getDefaultPolicy(): ContentSecurityPolicy { |
|
| 59 | - $event = new AddContentSecurityPolicyEvent($this); |
|
| 60 | - $this->dispatcher->dispatchTyped($event); |
|
| 52 | + /** |
|
| 53 | + * Get the configured default policy. This is not in the public namespace |
|
| 54 | + * as it is only supposed to be used by core itself. |
|
| 55 | + * |
|
| 56 | + * @return ContentSecurityPolicy |
|
| 57 | + */ |
|
| 58 | + public function getDefaultPolicy(): ContentSecurityPolicy { |
|
| 59 | + $event = new AddContentSecurityPolicyEvent($this); |
|
| 60 | + $this->dispatcher->dispatchTyped($event); |
|
| 61 | 61 | |
| 62 | - $defaultPolicy = new \OC\Security\CSP\ContentSecurityPolicy(); |
|
| 63 | - foreach ($this->policies as $policy) { |
|
| 64 | - $defaultPolicy = $this->mergePolicies($defaultPolicy, $policy); |
|
| 65 | - } |
|
| 66 | - return $defaultPolicy; |
|
| 67 | - } |
|
| 62 | + $defaultPolicy = new \OC\Security\CSP\ContentSecurityPolicy(); |
|
| 63 | + foreach ($this->policies as $policy) { |
|
| 64 | + $defaultPolicy = $this->mergePolicies($defaultPolicy, $policy); |
|
| 65 | + } |
|
| 66 | + return $defaultPolicy; |
|
| 67 | + } |
|
| 68 | 68 | |
| 69 | - /** |
|
| 70 | - * Merges the first given policy with the second one |
|
| 71 | - * |
|
| 72 | - * @param ContentSecurityPolicy $defaultPolicy |
|
| 73 | - * @param EmptyContentSecurityPolicy $originalPolicy |
|
| 74 | - * @return ContentSecurityPolicy |
|
| 75 | - */ |
|
| 76 | - public function mergePolicies(ContentSecurityPolicy $defaultPolicy, |
|
| 77 | - EmptyContentSecurityPolicy $originalPolicy): ContentSecurityPolicy { |
|
| 78 | - foreach ((object)(array)$originalPolicy as $name => $value) { |
|
| 79 | - $setter = 'set'.ucfirst($name); |
|
| 80 | - if (\is_array($value)) { |
|
| 81 | - $getter = 'get'.ucfirst($name); |
|
| 82 | - $currentValues = \is_array($defaultPolicy->$getter()) ? $defaultPolicy->$getter() : []; |
|
| 83 | - $defaultPolicy->$setter(array_values(array_unique(array_merge($currentValues, $value)))); |
|
| 84 | - } elseif (\is_bool($value)) { |
|
| 85 | - $getter = 'is'.ucfirst($name); |
|
| 86 | - $currentValue = $defaultPolicy->$getter(); |
|
| 87 | - // true wins over false |
|
| 88 | - if ($value > $currentValue) { |
|
| 89 | - $defaultPolicy->$setter($value); |
|
| 90 | - } |
|
| 91 | - } |
|
| 92 | - } |
|
| 69 | + /** |
|
| 70 | + * Merges the first given policy with the second one |
|
| 71 | + * |
|
| 72 | + * @param ContentSecurityPolicy $defaultPolicy |
|
| 73 | + * @param EmptyContentSecurityPolicy $originalPolicy |
|
| 74 | + * @return ContentSecurityPolicy |
|
| 75 | + */ |
|
| 76 | + public function mergePolicies(ContentSecurityPolicy $defaultPolicy, |
|
| 77 | + EmptyContentSecurityPolicy $originalPolicy): ContentSecurityPolicy { |
|
| 78 | + foreach ((object)(array)$originalPolicy as $name => $value) { |
|
| 79 | + $setter = 'set'.ucfirst($name); |
|
| 80 | + if (\is_array($value)) { |
|
| 81 | + $getter = 'get'.ucfirst($name); |
|
| 82 | + $currentValues = \is_array($defaultPolicy->$getter()) ? $defaultPolicy->$getter() : []; |
|
| 83 | + $defaultPolicy->$setter(array_values(array_unique(array_merge($currentValues, $value)))); |
|
| 84 | + } elseif (\is_bool($value)) { |
|
| 85 | + $getter = 'is'.ucfirst($name); |
|
| 86 | + $currentValue = $defaultPolicy->$getter(); |
|
| 87 | + // true wins over false |
|
| 88 | + if ($value > $currentValue) { |
|
| 89 | + $defaultPolicy->$setter($value); |
|
| 90 | + } |
|
| 91 | + } |
|
| 92 | + } |
|
| 93 | 93 | |
| 94 | - return $defaultPolicy; |
|
| 95 | - } |
|
| 94 | + return $defaultPolicy; |
|
| 95 | + } |
|
| 96 | 96 | } |
@@ -96,14 +96,14 @@ discard block |
||
| 96 | 96 | $alg = $this->getPrefferedAlgorithm(); |
| 97 | 97 | |
| 98 | 98 | if (\defined('PASSWORD_ARGON2ID') && $alg === PASSWORD_ARGON2ID) { |
| 99 | - return 3 . '|' . password_hash($message, PASSWORD_ARGON2ID, $this->options); |
|
| 99 | + return 3.'|'.password_hash($message, PASSWORD_ARGON2ID, $this->options); |
|
| 100 | 100 | } |
| 101 | 101 | |
| 102 | 102 | if (\defined('PASSWORD_ARGON2I') && $alg === PASSWORD_ARGON2I) { |
| 103 | - return 2 . '|' . password_hash($message, PASSWORD_ARGON2I, $this->options); |
|
| 103 | + return 2.'|'.password_hash($message, PASSWORD_ARGON2I, $this->options); |
|
| 104 | 104 | } |
| 105 | 105 | |
| 106 | - return 1 . '|' . password_hash($message, PASSWORD_BCRYPT, $this->options); |
|
| 106 | + return 1.'|'.password_hash($message, PASSWORD_BCRYPT, $this->options); |
|
| 107 | 107 | } |
| 108 | 108 | |
| 109 | 109 | /** |
@@ -114,8 +114,8 @@ discard block |
||
| 114 | 114 | protected function splitHash(string $prefixedHash) { |
| 115 | 115 | $explodedString = explode('|', $prefixedHash, 2); |
| 116 | 116 | if (\count($explodedString) === 2) { |
| 117 | - if ((int)$explodedString[0] > 0) { |
|
| 118 | - return ['version' => (int)$explodedString[0], 'hash' => $explodedString[1]]; |
|
| 117 | + if ((int) $explodedString[0] > 0) { |
|
| 118 | + return ['version' => (int) $explodedString[0], 'hash' => $explodedString[1]]; |
|
| 119 | 119 | } |
| 120 | 120 | } |
| 121 | 121 | |
@@ -51,168 +51,168 @@ |
||
| 51 | 51 | * @package OC\Security |
| 52 | 52 | */ |
| 53 | 53 | class Hasher implements IHasher { |
| 54 | - /** @var IConfig */ |
|
| 55 | - private $config; |
|
| 56 | - /** @var array Options passed to password_hash and password_needs_rehash */ |
|
| 57 | - private $options = []; |
|
| 58 | - /** @var string Salt used for legacy passwords */ |
|
| 59 | - private $legacySalt = null; |
|
| 60 | - |
|
| 61 | - /** |
|
| 62 | - * @param IConfig $config |
|
| 63 | - */ |
|
| 64 | - public function __construct(IConfig $config) { |
|
| 65 | - $this->config = $config; |
|
| 66 | - |
|
| 67 | - if (\defined('PASSWORD_ARGON2ID') || \defined('PASSWORD_ARGON2I')) { |
|
| 68 | - // password_hash fails, when the minimum values are undershot. |
|
| 69 | - // In this case, apply minimum. |
|
| 70 | - $this->options['threads'] = max($this->config->getSystemValueInt('hashingThreads', PASSWORD_ARGON2_DEFAULT_THREADS), 1); |
|
| 71 | - // The minimum memory cost is 8 KiB per thread. |
|
| 72 | - $this->options['memory_cost'] = max($this->config->getSystemValueInt('hashingMemoryCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST), $this->options['threads'] * 8); |
|
| 73 | - $this->options['time_cost'] = max($this->config->getSystemValueInt('hashingTimeCost', PASSWORD_ARGON2_DEFAULT_TIME_COST), 1); |
|
| 74 | - } |
|
| 75 | - |
|
| 76 | - $hashingCost = $this->config->getSystemValue('hashingCost', null); |
|
| 77 | - if (!\is_null($hashingCost)) { |
|
| 78 | - $this->options['cost'] = $hashingCost; |
|
| 79 | - } |
|
| 80 | - } |
|
| 81 | - |
|
| 82 | - /** |
|
| 83 | - * Hashes a message using PHP's `password_hash` functionality. |
|
| 84 | - * Please note that the size of the returned string is not guaranteed |
|
| 85 | - * and can be up to 255 characters. |
|
| 86 | - * |
|
| 87 | - * @param string $message Message to generate hash from |
|
| 88 | - * @return string Hash of the message with appended version parameter |
|
| 89 | - */ |
|
| 90 | - public function hash(string $message): string { |
|
| 91 | - $alg = $this->getPrefferedAlgorithm(); |
|
| 92 | - |
|
| 93 | - if (\defined('PASSWORD_ARGON2ID') && $alg === PASSWORD_ARGON2ID) { |
|
| 94 | - return 3 . '|' . password_hash($message, PASSWORD_ARGON2ID, $this->options); |
|
| 95 | - } |
|
| 96 | - |
|
| 97 | - if (\defined('PASSWORD_ARGON2I') && $alg === PASSWORD_ARGON2I) { |
|
| 98 | - return 2 . '|' . password_hash($message, PASSWORD_ARGON2I, $this->options); |
|
| 99 | - } |
|
| 100 | - |
|
| 101 | - return 1 . '|' . password_hash($message, PASSWORD_BCRYPT, $this->options); |
|
| 102 | - } |
|
| 103 | - |
|
| 104 | - /** |
|
| 105 | - * Get the version and hash from a prefixedHash |
|
| 106 | - * @param string $prefixedHash |
|
| 107 | - * @return null|array Null if the hash is not prefixed, otherwise array('version' => 1, 'hash' => 'foo') |
|
| 108 | - */ |
|
| 109 | - protected function splitHash(string $prefixedHash) { |
|
| 110 | - $explodedString = explode('|', $prefixedHash, 2); |
|
| 111 | - if (\count($explodedString) === 2) { |
|
| 112 | - if ((int)$explodedString[0] > 0) { |
|
| 113 | - return ['version' => (int)$explodedString[0], 'hash' => $explodedString[1]]; |
|
| 114 | - } |
|
| 115 | - } |
|
| 116 | - |
|
| 117 | - return null; |
|
| 118 | - } |
|
| 119 | - |
|
| 120 | - /** |
|
| 121 | - * Verify legacy hashes |
|
| 122 | - * @param string $message Message to verify |
|
| 123 | - * @param string $hash Assumed hash of the message |
|
| 124 | - * @param null|string &$newHash Reference will contain the updated hash |
|
| 125 | - * @return bool Whether $hash is a valid hash of $message |
|
| 126 | - */ |
|
| 127 | - protected function legacyHashVerify($message, $hash, &$newHash = null): bool { |
|
| 128 | - if (empty($this->legacySalt)) { |
|
| 129 | - $this->legacySalt = $this->config->getSystemValue('passwordsalt', ''); |
|
| 130 | - } |
|
| 131 | - |
|
| 132 | - // Verify whether it matches a legacy PHPass or SHA1 string |
|
| 133 | - $hashLength = \strlen($hash); |
|
| 134 | - if (($hashLength === 60 && password_verify($message.$this->legacySalt, $hash)) || |
|
| 135 | - ($hashLength === 40 && hash_equals($hash, sha1($message)))) { |
|
| 136 | - $newHash = $this->hash($message); |
|
| 137 | - return true; |
|
| 138 | - } |
|
| 139 | - |
|
| 140 | - // Verify whether it matches a legacy PHPass or SHA1 string |
|
| 141 | - // Retry with empty passwordsalt for cases where it was not set |
|
| 142 | - $hashLength = \strlen($hash); |
|
| 143 | - if (($hashLength === 60 && password_verify($message, $hash)) || |
|
| 144 | - ($hashLength === 40 && hash_equals($hash, sha1($message)))) { |
|
| 145 | - $newHash = $this->hash($message); |
|
| 146 | - return true; |
|
| 147 | - } |
|
| 148 | - |
|
| 149 | - return false; |
|
| 150 | - } |
|
| 151 | - |
|
| 152 | - /** |
|
| 153 | - * Verify V1 (blowfish) hashes |
|
| 154 | - * Verify V2 (argon2i) hashes |
|
| 155 | - * Verify V3 (argon2id) hashes |
|
| 156 | - * @param string $message Message to verify |
|
| 157 | - * @param string $hash Assumed hash of the message |
|
| 158 | - * @param null|string &$newHash Reference will contain the updated hash if necessary. Update the existing hash with this one. |
|
| 159 | - * @return bool Whether $hash is a valid hash of $message |
|
| 160 | - */ |
|
| 161 | - protected function verifyHash(string $message, string $hash, &$newHash = null): bool { |
|
| 162 | - if (password_verify($message, $hash)) { |
|
| 163 | - if ($this->needsRehash($hash)) { |
|
| 164 | - $newHash = $this->hash($message); |
|
| 165 | - } |
|
| 166 | - return true; |
|
| 167 | - } |
|
| 168 | - |
|
| 169 | - return false; |
|
| 170 | - } |
|
| 171 | - |
|
| 172 | - /** |
|
| 173 | - * @param string $message Message to verify |
|
| 174 | - * @param string $hash Assumed hash of the message |
|
| 175 | - * @param null|string &$newHash Reference will contain the updated hash if necessary. Update the existing hash with this one. |
|
| 176 | - * @return bool Whether $hash is a valid hash of $message |
|
| 177 | - */ |
|
| 178 | - public function verify(string $message, string $hash, &$newHash = null): bool { |
|
| 179 | - $splittedHash = $this->splitHash($hash); |
|
| 180 | - |
|
| 181 | - if (isset($splittedHash['version'])) { |
|
| 182 | - switch ($splittedHash['version']) { |
|
| 183 | - case 3: |
|
| 184 | - case 2: |
|
| 185 | - case 1: |
|
| 186 | - return $this->verifyHash($message, $splittedHash['hash'], $newHash); |
|
| 187 | - } |
|
| 188 | - } else { |
|
| 189 | - return $this->legacyHashVerify($message, $hash, $newHash); |
|
| 190 | - } |
|
| 191 | - |
|
| 192 | - return false; |
|
| 193 | - } |
|
| 194 | - |
|
| 195 | - private function needsRehash(string $hash): bool { |
|
| 196 | - $algorithm = $this->getPrefferedAlgorithm(); |
|
| 197 | - |
|
| 198 | - return password_needs_rehash($hash, $algorithm, $this->options); |
|
| 199 | - } |
|
| 200 | - |
|
| 201 | - private function getPrefferedAlgorithm() { |
|
| 202 | - $default = PASSWORD_BCRYPT; |
|
| 203 | - if (\defined('PASSWORD_ARGON2I')) { |
|
| 204 | - $default = PASSWORD_ARGON2I; |
|
| 205 | - } |
|
| 206 | - |
|
| 207 | - if (\defined('PASSWORD_ARGON2ID')) { |
|
| 208 | - $default = PASSWORD_ARGON2ID; |
|
| 209 | - } |
|
| 210 | - |
|
| 211 | - // Check if we should use PASSWORD_DEFAULT |
|
| 212 | - if ($this->config->getSystemValue('hashing_default_password', false) === true) { |
|
| 213 | - $default = PASSWORD_DEFAULT; |
|
| 214 | - } |
|
| 215 | - |
|
| 216 | - return $default; |
|
| 217 | - } |
|
| 54 | + /** @var IConfig */ |
|
| 55 | + private $config; |
|
| 56 | + /** @var array Options passed to password_hash and password_needs_rehash */ |
|
| 57 | + private $options = []; |
|
| 58 | + /** @var string Salt used for legacy passwords */ |
|
| 59 | + private $legacySalt = null; |
|
| 60 | + |
|
| 61 | + /** |
|
| 62 | + * @param IConfig $config |
|
| 63 | + */ |
|
| 64 | + public function __construct(IConfig $config) { |
|
| 65 | + $this->config = $config; |
|
| 66 | + |
|
| 67 | + if (\defined('PASSWORD_ARGON2ID') || \defined('PASSWORD_ARGON2I')) { |
|
| 68 | + // password_hash fails, when the minimum values are undershot. |
|
| 69 | + // In this case, apply minimum. |
|
| 70 | + $this->options['threads'] = max($this->config->getSystemValueInt('hashingThreads', PASSWORD_ARGON2_DEFAULT_THREADS), 1); |
|
| 71 | + // The minimum memory cost is 8 KiB per thread. |
|
| 72 | + $this->options['memory_cost'] = max($this->config->getSystemValueInt('hashingMemoryCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST), $this->options['threads'] * 8); |
|
| 73 | + $this->options['time_cost'] = max($this->config->getSystemValueInt('hashingTimeCost', PASSWORD_ARGON2_DEFAULT_TIME_COST), 1); |
|
| 74 | + } |
|
| 75 | + |
|
| 76 | + $hashingCost = $this->config->getSystemValue('hashingCost', null); |
|
| 77 | + if (!\is_null($hashingCost)) { |
|
| 78 | + $this->options['cost'] = $hashingCost; |
|
| 79 | + } |
|
| 80 | + } |
|
| 81 | + |
|
| 82 | + /** |
|
| 83 | + * Hashes a message using PHP's `password_hash` functionality. |
|
| 84 | + * Please note that the size of the returned string is not guaranteed |
|
| 85 | + * and can be up to 255 characters. |
|
| 86 | + * |
|
| 87 | + * @param string $message Message to generate hash from |
|
| 88 | + * @return string Hash of the message with appended version parameter |
|
| 89 | + */ |
|
| 90 | + public function hash(string $message): string { |
|
| 91 | + $alg = $this->getPrefferedAlgorithm(); |
|
| 92 | + |
|
| 93 | + if (\defined('PASSWORD_ARGON2ID') && $alg === PASSWORD_ARGON2ID) { |
|
| 94 | + return 3 . '|' . password_hash($message, PASSWORD_ARGON2ID, $this->options); |
|
| 95 | + } |
|
| 96 | + |
|
| 97 | + if (\defined('PASSWORD_ARGON2I') && $alg === PASSWORD_ARGON2I) { |
|
| 98 | + return 2 . '|' . password_hash($message, PASSWORD_ARGON2I, $this->options); |
|
| 99 | + } |
|
| 100 | + |
|
| 101 | + return 1 . '|' . password_hash($message, PASSWORD_BCRYPT, $this->options); |
|
| 102 | + } |
|
| 103 | + |
|
| 104 | + /** |
|
| 105 | + * Get the version and hash from a prefixedHash |
|
| 106 | + * @param string $prefixedHash |
|
| 107 | + * @return null|array Null if the hash is not prefixed, otherwise array('version' => 1, 'hash' => 'foo') |
|
| 108 | + */ |
|
| 109 | + protected function splitHash(string $prefixedHash) { |
|
| 110 | + $explodedString = explode('|', $prefixedHash, 2); |
|
| 111 | + if (\count($explodedString) === 2) { |
|
| 112 | + if ((int)$explodedString[0] > 0) { |
|
| 113 | + return ['version' => (int)$explodedString[0], 'hash' => $explodedString[1]]; |
|
| 114 | + } |
|
| 115 | + } |
|
| 116 | + |
|
| 117 | + return null; |
|
| 118 | + } |
|
| 119 | + |
|
| 120 | + /** |
|
| 121 | + * Verify legacy hashes |
|
| 122 | + * @param string $message Message to verify |
|
| 123 | + * @param string $hash Assumed hash of the message |
|
| 124 | + * @param null|string &$newHash Reference will contain the updated hash |
|
| 125 | + * @return bool Whether $hash is a valid hash of $message |
|
| 126 | + */ |
|
| 127 | + protected function legacyHashVerify($message, $hash, &$newHash = null): bool { |
|
| 128 | + if (empty($this->legacySalt)) { |
|
| 129 | + $this->legacySalt = $this->config->getSystemValue('passwordsalt', ''); |
|
| 130 | + } |
|
| 131 | + |
|
| 132 | + // Verify whether it matches a legacy PHPass or SHA1 string |
|
| 133 | + $hashLength = \strlen($hash); |
|
| 134 | + if (($hashLength === 60 && password_verify($message.$this->legacySalt, $hash)) || |
|
| 135 | + ($hashLength === 40 && hash_equals($hash, sha1($message)))) { |
|
| 136 | + $newHash = $this->hash($message); |
|
| 137 | + return true; |
|
| 138 | + } |
|
| 139 | + |
|
| 140 | + // Verify whether it matches a legacy PHPass or SHA1 string |
|
| 141 | + // Retry with empty passwordsalt for cases where it was not set |
|
| 142 | + $hashLength = \strlen($hash); |
|
| 143 | + if (($hashLength === 60 && password_verify($message, $hash)) || |
|
| 144 | + ($hashLength === 40 && hash_equals($hash, sha1($message)))) { |
|
| 145 | + $newHash = $this->hash($message); |
|
| 146 | + return true; |
|
| 147 | + } |
|
| 148 | + |
|
| 149 | + return false; |
|
| 150 | + } |
|
| 151 | + |
|
| 152 | + /** |
|
| 153 | + * Verify V1 (blowfish) hashes |
|
| 154 | + * Verify V2 (argon2i) hashes |
|
| 155 | + * Verify V3 (argon2id) hashes |
|
| 156 | + * @param string $message Message to verify |
|
| 157 | + * @param string $hash Assumed hash of the message |
|
| 158 | + * @param null|string &$newHash Reference will contain the updated hash if necessary. Update the existing hash with this one. |
|
| 159 | + * @return bool Whether $hash is a valid hash of $message |
|
| 160 | + */ |
|
| 161 | + protected function verifyHash(string $message, string $hash, &$newHash = null): bool { |
|
| 162 | + if (password_verify($message, $hash)) { |
|
| 163 | + if ($this->needsRehash($hash)) { |
|
| 164 | + $newHash = $this->hash($message); |
|
| 165 | + } |
|
| 166 | + return true; |
|
| 167 | + } |
|
| 168 | + |
|
| 169 | + return false; |
|
| 170 | + } |
|
| 171 | + |
|
| 172 | + /** |
|
| 173 | + * @param string $message Message to verify |
|
| 174 | + * @param string $hash Assumed hash of the message |
|
| 175 | + * @param null|string &$newHash Reference will contain the updated hash if necessary. Update the existing hash with this one. |
|
| 176 | + * @return bool Whether $hash is a valid hash of $message |
|
| 177 | + */ |
|
| 178 | + public function verify(string $message, string $hash, &$newHash = null): bool { |
|
| 179 | + $splittedHash = $this->splitHash($hash); |
|
| 180 | + |
|
| 181 | + if (isset($splittedHash['version'])) { |
|
| 182 | + switch ($splittedHash['version']) { |
|
| 183 | + case 3: |
|
| 184 | + case 2: |
|
| 185 | + case 1: |
|
| 186 | + return $this->verifyHash($message, $splittedHash['hash'], $newHash); |
|
| 187 | + } |
|
| 188 | + } else { |
|
| 189 | + return $this->legacyHashVerify($message, $hash, $newHash); |
|
| 190 | + } |
|
| 191 | + |
|
| 192 | + return false; |
|
| 193 | + } |
|
| 194 | + |
|
| 195 | + private function needsRehash(string $hash): bool { |
|
| 196 | + $algorithm = $this->getPrefferedAlgorithm(); |
|
| 197 | + |
|
| 198 | + return password_needs_rehash($hash, $algorithm, $this->options); |
|
| 199 | + } |
|
| 200 | + |
|
| 201 | + private function getPrefferedAlgorithm() { |
|
| 202 | + $default = PASSWORD_BCRYPT; |
|
| 203 | + if (\defined('PASSWORD_ARGON2I')) { |
|
| 204 | + $default = PASSWORD_ARGON2I; |
|
| 205 | + } |
|
| 206 | + |
|
| 207 | + if (\defined('PASSWORD_ARGON2ID')) { |
|
| 208 | + $default = PASSWORD_ARGON2ID; |
|
| 209 | + } |
|
| 210 | + |
|
| 211 | + // Check if we should use PASSWORD_DEFAULT |
|
| 212 | + if ($this->config->getSystemValue('hashing_default_password', false) === true) { |
|
| 213 | + $default = PASSWORD_DEFAULT; |
|
| 214 | + } |
|
| 215 | + |
|
| 216 | + return $default; |
|
| 217 | + } |
|
| 218 | 218 | } |
