o2system /
security
@@ -67,6 +67,6 @@ |
||
| 67 | 67 | */ |
| 68 | 68 | public static function map($algorithm) |
| 69 | 69 | { |
| 70 | - return static::$supported[ $algorithm ]; |
|
| 70 | + return static::$supported[$algorithm]; |
|
| 71 | 71 | } |
| 72 | 72 | } |
| 73 | 73 | \ No newline at end of file |
@@ -59,15 +59,15 @@ discard block |
||
| 59 | 59 | |
| 60 | 60 | if (class_exists('\O2System\Framework', false) or class_exists('\O2System\Reactor', false)) { |
| 61 | 61 | $this->options = config()->getItem('cookie')->getArrayCopy(); |
| 62 | - $this->options[ 'expire' ] = time() + $this->options[ 'lifetime' ]; |
|
| 63 | - unset($this->options[ 'lifetime' ]); |
|
| 62 | + $this->options['expire'] = time() + $this->options['lifetime']; |
|
| 63 | + unset($this->options['lifetime']); |
|
| 64 | 64 | } |
| 65 | 65 | |
| 66 | - $this->options[ 'domain' ] = empty($this->options[ 'domain' ]) |
|
| 67 | - ? isset($_SERVER[ 'HTTP_HOST' ]) |
|
| 68 | - ? $_SERVER[ 'HTTP_HOST' ] |
|
| 69 | - : $_SERVER[ 'SERVER_NAME' ] |
|
| 70 | - : $this->options[ 'domain' ]; |
|
| 66 | + $this->options['domain'] = empty($this->options['domain']) |
|
| 67 | + ? isset($_SERVER['HTTP_HOST']) |
|
| 68 | + ? $_SERVER['HTTP_HOST'] |
|
| 69 | + : $_SERVER['SERVER_NAME'] |
|
| 70 | + : $this->options['domain']; |
|
| 71 | 71 | } |
| 72 | 72 | |
| 73 | 73 | // ------------------------------------------------------------------------ |
@@ -85,7 +85,7 @@ discard block |
||
| 85 | 85 | { |
| 86 | 86 | foreach ($options as $key => $value) { |
| 87 | 87 | if (array_key_exists($key, $this->options)) { |
| 88 | - $this->options[ $key ] = $value; |
|
| 88 | + $this->options[$key] = $value; |
|
| 89 | 89 | } |
| 90 | 90 | } |
| 91 | 91 | |
@@ -110,8 +110,8 @@ discard block |
||
| 110 | 110 | ? serialize($value) |
| 111 | 111 | : $value; |
| 112 | 112 | |
| 113 | - $name = isset($this->options[ 'prefix' ]) |
|
| 114 | - ? $this->options[ 'prefix' ] . $name |
|
| 113 | + $name = isset($this->options['prefix']) |
|
| 114 | + ? $this->options['prefix'] . $name |
|
| 115 | 115 | : $name; |
| 116 | 116 | |
| 117 | 117 | $value = $this->crypt->encrypt($value); |
@@ -119,9 +119,9 @@ discard block |
||
| 119 | 119 | return setcookie( |
| 120 | 120 | $name, |
| 121 | 121 | $value, |
| 122 | - $this->options[ 'expire' ], |
|
| 123 | - $this->options[ 'path' ], |
|
| 124 | - '.' . ltrim($this->options[ 'domain' ], '.'), |
|
| 122 | + $this->options['expire'], |
|
| 123 | + $this->options['path'], |
|
| 124 | + '.' . ltrim($this->options['domain'], '.'), |
|
| 125 | 125 | false, |
| 126 | 126 | false |
| 127 | 127 | ); |
@@ -140,8 +140,8 @@ discard block |
||
| 140 | 140 | */ |
| 141 | 141 | public function decrypt($name) |
| 142 | 142 | { |
| 143 | - $name = isset($this->options[ 'prefix' ]) |
|
| 144 | - ? $this->options[ 'prefix' ] . $name |
|
| 143 | + $name = isset($this->options['prefix']) |
|
| 144 | + ? $this->options['prefix'] . $name |
|
| 145 | 145 | : $name; |
| 146 | 146 | |
| 147 | 147 | if ($value = input()->cookie($name)) { |
@@ -63,8 +63,8 @@ discard block |
||
| 63 | 63 | { |
| 64 | 64 | if (password_needs_rehash( |
| 65 | 65 | $password, |
| 66 | - $this->config[ 'password' ][ 'algorithm' ], |
|
| 67 | - $this->config[ 'password' ][ 'options' ] |
|
| 66 | + $this->config['password']['algorithm'], |
|
| 67 | + $this->config['password']['options'] |
|
| 68 | 68 | )) { |
| 69 | 69 | return $this->passwordHash($password); |
| 70 | 70 | } |
@@ -76,8 +76,8 @@ discard block |
||
| 76 | 76 | { |
| 77 | 77 | return password_hash( |
| 78 | 78 | $password, |
| 79 | - $this->config[ 'password' ][ 'algorithm' ], |
|
| 80 | - $this->config[ 'password' ][ 'options' ] |
|
| 79 | + $this->config['password']['algorithm'], |
|
| 80 | + $this->config['password']['options'] |
|
| 81 | 81 | ); |
| 82 | 82 | } |
| 83 | 83 | |
@@ -88,14 +88,14 @@ discard block |
||
| 88 | 88 | |
| 89 | 89 | public function attempt() |
| 90 | 90 | { |
| 91 | - $_SESSION[ 'userAttempts' ] = $this->getAttempts() + 1; |
|
| 91 | + $_SESSION['userAttempts'] = $this->getAttempts() + 1; |
|
| 92 | 92 | } |
| 93 | 93 | |
| 94 | 94 | public function getAttempts() |
| 95 | 95 | { |
| 96 | 96 | $currentAttempts = 0; |
| 97 | - if (isset($_SESSION[ 'userAttempts' ])) { |
|
| 98 | - $currentAttempts = (int)$_SESSION[ 'userAttempts' ]; |
|
| 97 | + if (isset($_SESSION['userAttempts'])) { |
|
| 98 | + $currentAttempts = (int)$_SESSION['userAttempts']; |
|
| 99 | 99 | } |
| 100 | 100 | |
| 101 | 101 | return (int)$currentAttempts; |
@@ -103,8 +103,8 @@ discard block |
||
| 103 | 103 | |
| 104 | 104 | public function login(array $account) |
| 105 | 105 | { |
| 106 | - $_SESSION[ 'account' ] = $account; |
|
| 107 | - unset($_SESSION[ 'userAttempts' ]); |
|
| 106 | + $_SESSION['account'] = $account; |
|
| 107 | + unset($_SESSION['userAttempts']); |
|
| 108 | 108 | } |
| 109 | 109 | |
| 110 | 110 | public function signOn(array $account) |
@@ -132,12 +132,12 @@ discard block |
||
| 132 | 132 | |
| 133 | 133 | public function loggedIn() |
| 134 | 134 | { |
| 135 | - if (isset($_SESSION[ 'account' ])) { |
|
| 135 | + if (isset($_SESSION['account'])) { |
|
| 136 | 136 | return true; |
| 137 | 137 | } elseif ($this->signedOn()) { |
| 138 | 138 | $cacheItemPool = $this->getCacheItemPool(); |
| 139 | 139 | $item = $cacheItemPool->getItem('sso-' . input()->cookie('ssid')); |
| 140 | - $_SESSION[ 'account' ] = $item->get(); |
|
| 140 | + $_SESSION['account'] = $item->get(); |
|
| 141 | 141 | |
| 142 | 142 | return true; |
| 143 | 143 | } |
@@ -159,7 +159,7 @@ discard block |
||
| 159 | 159 | public function logout() |
| 160 | 160 | { |
| 161 | 161 | $this->signOff(); |
| 162 | - unset($_SESSION[ 'account' ]); |
|
| 162 | + unset($_SESSION['account']); |
|
| 163 | 163 | } |
| 164 | 164 | |
| 165 | 165 | public function signOff() |
@@ -119,8 +119,8 @@ discard block |
||
| 119 | 119 | $tokenParts = array_map('trim', $tokenParts); |
| 120 | 120 | |
| 121 | 121 | return [ |
| 122 | - 'oauth_consumer_key' => $tokenParts[ 1 ], |
|
| 123 | - 'oauth_consumer_secret' => $tokenParts[ 0 ], |
|
| 122 | + 'oauth_consumer_key' => $tokenParts[1], |
|
| 123 | + 'oauth_consumer_secret' => $tokenParts[0], |
|
| 124 | 124 | ]; |
| 125 | 125 | } |
| 126 | 126 | |
@@ -201,8 +201,8 @@ discard block |
||
| 201 | 201 | 'oauth_consumer_key' => $this->key, |
| 202 | 202 | ]; |
| 203 | 203 | |
| 204 | - $parameters[ 'oauth_signature' ] = $oauth->generateSignature($httpMethod, $callbackUrl, $parameters); |
|
| 205 | - $parameters[ 'oauth_version' ] = $this->version; |
|
| 204 | + $parameters['oauth_signature'] = $oauth->generateSignature($httpMethod, $callbackUrl, $parameters); |
|
| 205 | + $parameters['oauth_version'] = $this->version; |
|
| 206 | 206 | |
| 207 | 207 | $parts = []; |
| 208 | 208 | foreach ($parameters as $key => $value) { |
@@ -31,10 +31,10 @@ |
||
| 31 | 31 | */ |
| 32 | 32 | public function getSecretCode(Oauth\Client\Account $client, array $options = []) |
| 33 | 33 | { |
| 34 | - $scope = $this->config[ 'scope' ]; |
|
| 35 | - if (isset($options[ 'scope' ])) { |
|
| 36 | - if (is_array($options[ 'scope' ])) { |
|
| 37 | - $scope = array_merge($scope, $options[ 'scope' ]); |
|
| 34 | + $scope = $this->config['scope']; |
|
| 35 | + if (isset($options['scope'])) { |
|
| 36 | + if (is_array($options['scope'])) { |
|
| 37 | + $scope = array_merge($scope, $options['scope']); |
|
| 38 | 38 | } |
| 39 | 39 | } |
| 40 | 40 | |
@@ -107,19 +107,19 @@ discard block |
||
| 107 | 107 | $privateKey = $client->offsetGet('private_key'); |
| 108 | 108 | } |
| 109 | 109 | |
| 110 | - $scope = $this->config[ 'token' ][ 'scope' ]; |
|
| 111 | - if (isset($options[ 'scope' ])) { |
|
| 112 | - if (is_array($options[ 'scope' ])) { |
|
| 113 | - $scope = array_merge($scope, $options[ 'scope' ]); |
|
| 110 | + $scope = $this->config['token']['scope']; |
|
| 111 | + if (isset($options['scope'])) { |
|
| 112 | + if (is_array($options['scope'])) { |
|
| 113 | + $scope = array_merge($scope, $options['scope']); |
|
| 114 | 114 | } |
| 115 | 115 | } |
| 116 | 116 | |
| 117 | - if (isset($options[ 'lifetime' ])) { |
|
| 118 | - $this->config[ 'token' ][ 'lifetime' ] = $options[ 'lifetime' ]; |
|
| 117 | + if (isset($options['lifetime'])) { |
|
| 118 | + $this->config['token']['lifetime'] = $options['lifetime']; |
|
| 119 | 119 | } |
| 120 | 120 | |
| 121 | - if (isset($options[ 'refresh_lifetime' ])) { |
|
| 122 | - $this->config[ 'token' ][ 'refresh_lifetime' ] = $options[ 'refresh_lifetime' ]; |
|
| 121 | + if (isset($options['refresh_lifetime'])) { |
|
| 122 | + $this->config['token']['refresh_lifetime'] = $options['refresh_lifetime']; |
|
| 123 | 123 | } |
| 124 | 124 | |
| 125 | 125 | $payload = $this->createPayload($client, $scope); |
@@ -129,9 +129,9 @@ discard block |
||
| 129 | 129 | |
| 130 | 130 | return [ |
| 131 | 131 | "access_token" => $accessToken, |
| 132 | - "expires_in" => $this->config[ 'token' ][ 'lifetime' ], |
|
| 133 | - "token_type" => $this->config[ 'token' ][ 'type' ], |
|
| 134 | - "scope" => $payload[ 'scope' ], |
|
| 132 | + "expires_in" => $this->config['token']['lifetime'], |
|
| 133 | + "token_type" => $this->config['token']['type'], |
|
| 134 | + "scope" => $payload['scope'], |
|
| 135 | 135 | ]; |
| 136 | 136 | } |
| 137 | 137 | |
@@ -149,7 +149,7 @@ discard block |
||
| 149 | 149 | protected function createPayload(Oauth\Client\Account $client, array $scope = []) |
| 150 | 150 | { |
| 151 | 151 | // token to encrypt |
| 152 | - $expires = time() + $this->config[ 'token' ][ 'lifetime' ]; |
|
| 152 | + $expires = time() + $this->config['token']['lifetime']; |
|
| 153 | 153 | |
| 154 | 154 | $id = Token::generate(40, Token::ALPHAHASH_STRING); |
| 155 | 155 | $payload = [ |
@@ -157,7 +157,7 @@ discard block |
||
| 157 | 157 | // the internal id of the token |
| 158 | 158 | 'jti' => $id, |
| 159 | 159 | // a unique token identifier for the token (JWT ID) |
| 160 | - 'iss' => $this->config[ 'issuer' ], |
|
| 160 | + 'iss' => $this->config['issuer'], |
|
| 161 | 161 | // the id of the server who issued the token (Issuer) |
| 162 | 162 | 'aud' => $client->id, |
| 163 | 163 | // the id of the client who requested the token (Audience) |
@@ -165,7 +165,7 @@ discard block |
||
| 165 | 165 | // the id of the user for which the token was released (Subject) |
| 166 | 166 | 'exp' => $expires, |
| 167 | 167 | 'iat' => time(), |
| 168 | - 'token_type' => $this->config[ 'token' ][ 'type' ], |
|
| 168 | + 'token_type' => $this->config['token']['type'], |
|
| 169 | 169 | 'scope' => empty($scope) ? null : implode(' ', $scope), |
| 170 | 170 | ]; |
| 171 | 171 | |
@@ -91,51 +91,51 @@ discard block |
||
| 91 | 91 | $httpAuthorization = explode(' ', $httpAuthorization); |
| 92 | 92 | $httpAuthorization = array_map('trim', $httpAuthorization); |
| 93 | 93 | |
| 94 | - switch (strtoupper($httpAuthorization[ 0 ])) { |
|
| 94 | + switch (strtoupper($httpAuthorization[0])) { |
|
| 95 | 95 | default: |
| 96 | 96 | case 'OAUTH': |
| 97 | 97 | array_shift($httpAuthorization); |
| 98 | - $httpAuthorization = array_map(function ($string) { |
|
| 98 | + $httpAuthorization = array_map(function($string) { |
|
| 99 | 99 | $string = str_replace(['"', ','], '', $string); |
| 100 | 100 | $string = explode('=', $string); |
| 101 | 101 | |
| 102 | 102 | return [ |
| 103 | - 'key' => str_replace('oauth_', '', $string[ 0 ]), |
|
| 104 | - 'value' => $string[ 1 ], |
|
| 103 | + 'key' => str_replace('oauth_', '', $string[0]), |
|
| 104 | + 'value' => $string[1], |
|
| 105 | 105 | ]; |
| 106 | 106 | }, $httpAuthorization); |
| 107 | 107 | |
| 108 | 108 | $oauthParams = []; |
| 109 | 109 | foreach ($httpAuthorization as $param) { |
| 110 | - $oauthParams[ $param[ 'key' ] ] = $param[ 'value' ]; |
|
| 110 | + $oauthParams[$param['key']] = $param['value']; |
|
| 111 | 111 | } |
| 112 | 112 | |
| 113 | - $this->oauth->signature_method = $oauthParams[ 'signature_method' ]; |
|
| 114 | - $this->oauth->nonce = $oauthParams[ 'nonce' ]; |
|
| 115 | - $this->oauth->timestamp = $oauthParams[ 'timestamp' ]; |
|
| 116 | - $this->oauth->consumer_key = $oauthParams[ 'consumer_key' ]; |
|
| 117 | - $this->oauth->version = $oauthParams[ 'version' ]; |
|
| 113 | + $this->oauth->signature_method = $oauthParams['signature_method']; |
|
| 114 | + $this->oauth->nonce = $oauthParams['nonce']; |
|
| 115 | + $this->oauth->timestamp = $oauthParams['timestamp']; |
|
| 116 | + $this->oauth->consumer_key = $oauthParams['consumer_key']; |
|
| 117 | + $this->oauth->version = $oauthParams['version']; |
|
| 118 | 118 | |
| 119 | - if (isset($oauthParams[ 'callback' ])) { |
|
| 120 | - $this->oauth->callback = urldecode($oauthParams[ 'callback' ]); |
|
| 119 | + if (isset($oauthParams['callback'])) { |
|
| 120 | + $this->oauth->callback = urldecode($oauthParams['callback']); |
|
| 121 | 121 | } |
| 122 | 122 | |
| 123 | - if (isset($oauthParams[ 'signature' ])) { |
|
| 124 | - $this->oauth->signature = $oauthParams[ 'signature' ]; |
|
| 123 | + if (isset($oauthParams['signature'])) { |
|
| 124 | + $this->oauth->signature = $oauthParams['signature']; |
|
| 125 | 125 | } |
| 126 | 126 | |
| 127 | 127 | $this->oauth->callconsumerHandler(); |
| 128 | 128 | break; |
| 129 | 129 | case 'BASIC': |
| 130 | 130 | case 'BEARER': |
| 131 | - $this->oauth->bearer = $httpAuthorization[ 1 ]; |
|
| 131 | + $this->oauth->bearer = $httpAuthorization[1]; |
|
| 132 | 132 | $bearer = base64_decode($this->oauth->bearer); |
| 133 | 133 | $bearer = explode(':', $bearer); |
| 134 | 134 | $bearer = array_map('trim', $bearer); |
| 135 | 135 | |
| 136 | 136 | if (count($bearer) == 2) { |
| 137 | - $this->oauth->consumer_key = $bearer[ 0 ]; |
|
| 138 | - $this->oauth->consumer_secret = $bearer[ 1 ]; |
|
| 137 | + $this->oauth->consumer_key = $bearer[0]; |
|
| 138 | + $this->oauth->consumer_secret = $bearer[1]; |
|
| 139 | 139 | |
| 140 | 140 | $this->oauth->callconsumerHandler(); |
| 141 | 141 | } |
@@ -149,8 +149,8 @@ discard block |
||
| 149 | 149 | $verifier = array_map('trim', $verifier); |
| 150 | 150 | |
| 151 | 151 | if (count($verifier) == 2) { |
| 152 | - $this->oauth->token = $verifier[ 0 ]; |
|
| 153 | - $this->oauth->token_secret = $verifier[ 1 ]; |
|
| 152 | + $this->oauth->token = $verifier[0]; |
|
| 153 | + $this->oauth->token_secret = $verifier[1]; |
|
| 154 | 154 | } |
| 155 | 155 | } |
| 156 | 156 | |
@@ -195,16 +195,16 @@ discard block |
||
| 195 | 195 | if ( ! empty($this->token)) { |
| 196 | 196 | if ($this->model->insertTokenNonce([ |
| 197 | 197 | 'id_consumer_token' => $this->token->id, |
| 198 | - 'nonce' => $token[ 'nonce' ] = Oauth::generateNonce(), |
|
| 199 | - 'timestamp' => $token[ 'timestamp' ] = date('Y-m-d H:m:s'), |
|
| 200 | - 'expires' => $token[ 'expires' ] = time() + 3600, |
|
| 198 | + 'nonce' => $token['nonce'] = Oauth::generateNonce(), |
|
| 199 | + 'timestamp' => $token['timestamp'] = date('Y-m-d H:m:s'), |
|
| 200 | + 'expires' => $token['expires'] = time() + 3600, |
|
| 201 | 201 | ])) { |
| 202 | 202 | return new DataStructures\Token([ |
| 203 | 203 | 'key' => $this->token->key, |
| 204 | 204 | 'secret' => $this->token->secret, |
| 205 | - 'nonce' => $token[ 'nonce' ], |
|
| 206 | - 'timestamp' => $token[ 'timestamp' ], |
|
| 207 | - 'expires' => $token[ 'expires' ], |
|
| 205 | + 'nonce' => $token['nonce'], |
|
| 206 | + 'timestamp' => $token['timestamp'], |
|
| 207 | + 'expires' => $token['expires'], |
|
| 208 | 208 | 'verifier' => (new Token($this->token->key, $this->token->secret))->getVerifier(), |
| 209 | 209 | ]); |
| 210 | 210 | } |
@@ -212,17 +212,17 @@ discard block |
||
| 212 | 212 | |
| 213 | 213 | $token = $this->generateToken('ACCESS'); |
| 214 | 214 | $token = new DataStructures\Token([ |
| 215 | - 'id' => $token[ 'id' ], |
|
| 216 | - 'key' => $token[ 'key' ], |
|
| 217 | - 'secret' => $token[ 'secret' ], |
|
| 218 | - 'verifier' => (new Token($token[ 'key' ], $token[ 'secret' ]))->getVerifier(), |
|
| 215 | + 'id' => $token['id'], |
|
| 216 | + 'key' => $token['key'], |
|
| 217 | + 'secret' => $token['secret'], |
|
| 218 | + 'verifier' => (new Token($token['key'], $token['secret']))->getVerifier(), |
|
| 219 | 219 | ]); |
| 220 | 220 | |
| 221 | 221 | if ($this->model->insertTokenNonce([ |
| 222 | - 'id_consumer_token' => $token[ 'id' ], |
|
| 223 | - 'nonce' => $token[ 'nonce' ] = Oauth::generateNonce(), |
|
| 224 | - 'timestamp' => $token[ 'timestamp' ] = date('Y-m-d H:m:s'), |
|
| 225 | - 'expires' => $token[ 'expires' ] = time() + 3600, |
|
| 222 | + 'id_consumer_token' => $token['id'], |
|
| 223 | + 'nonce' => $token['nonce'] = Oauth::generateNonce(), |
|
| 224 | + 'timestamp' => $token['timestamp'] = date('Y-m-d H:m:s'), |
|
| 225 | + 'expires' => $token['expires'] = time() + 3600, |
|
| 226 | 226 | ])) { |
| 227 | 227 | return $token; |
| 228 | 228 | } |
@@ -279,15 +279,15 @@ discard block |
||
| 279 | 279 | |
| 280 | 280 | if ($this->model->insertToken([ |
| 281 | 281 | 'id_consumer' => $this->consumer->id, |
| 282 | - 'key' => $token[ 'key' ], |
|
| 283 | - 'secret' => $token[ 'secret' ], |
|
| 282 | + 'key' => $token['key'], |
|
| 283 | + 'secret' => $token['secret'], |
|
| 284 | 284 | 'type' => $type, |
| 285 | 285 | 'callback' => $callback, |
| 286 | 286 | ])) { |
| 287 | - $token[ 'id' ] = $this->model->db->getLastInsertId(); |
|
| 287 | + $token['id'] = $this->model->db->getLastInsertId(); |
|
| 288 | 288 | |
| 289 | 289 | if ($this->model->insertTokenNonce([ |
| 290 | - 'id_consumer_token' => $token[ 'id' ], |
|
| 290 | + 'id_consumer_token' => $token['id'], |
|
| 291 | 291 | 'nonce' => $nonce, |
| 292 | 292 | 'timestamp' => date('Y-m-d H:m:s'), |
| 293 | 293 | 'expires' => time() + 3600, |
@@ -90,7 +90,7 @@ |
||
| 90 | 90 | } |
| 91 | 91 | |
| 92 | 92 | if ($payload) { |
| 93 | - $payload[ 'timestamp' ] = time(); |
|
| 93 | + $payload['timestamp'] = time(); |
|
| 94 | 94 | |
| 95 | 95 | $segments[] = Base64::encode(Json::encode($signature)); |
| 96 | 96 | $segments[] = $token = Base64::encode(Signature::generate([ |
@@ -74,7 +74,7 @@ |
||
| 74 | 74 | public function checkPrivilege($action) |
| 75 | 75 | { |
| 76 | 76 | if ($privileges = $this->get('privileges')) { |
| 77 | - return (bool)$privileges[ $action ]; |
|
| 77 | + return (bool)$privileges[$action]; |
|
| 78 | 78 | } |
| 79 | 79 | |
| 80 | 80 | return false; |
