diff options
| author |  Alexis Degrugillier <aledeg@users.noreply.github.com>
| 2020-12-28 10:44:32 -0500 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2020-12-28 16:44:32 +0100 |
| commit | 465b40f52d758a959747d4d6d6671cb776784e2c (patch) | |
| tree | e63dbe668d51f863bf56f8d1219454145a315f49 /app/Models/FormAuth.php | |
| parent | e1ee58816ba76734e4115fc12898b13de665b220 (diff) | |
Add a file for each Auth class (#3298)
It's a follow-up of what was started in #3297.
Diffstat (limited to 'app/Models/FormAuth.php')
| -rw-r--r-- | app/Models/FormAuth.php | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/app/Models/FormAuth.php b/app/Models/FormAuth.php new file mode 100644 index 000000000..86742e2f2 --- /dev/null +++ b/app/Models/FormAuth.php @@ -0,0 +1,94 @@ +<?php + +class FreshRSS_FormAuth { + public static function checkCredentials($username, $hash, $nonce, $challenge) { + if (!FreshRSS_user_Controller::checkUsername($username) || + !ctype_graph($hash) || + !ctype_graph($challenge) || + !ctype_alnum($nonce)) { + Minz_Log::debug('Invalid credential parameters:' . + ' user=' . $username . + ' challenge=' . $challenge . + ' nonce=' . $nonce); + return false; + } + + return password_verify($nonce . $hash, $challenge); + } + + public static function getCredentialsFromCookie() { + $token = Minz_Session::getLongTermCookie('FreshRSS_login'); + if (!ctype_alnum($token)) { + return array(); + } + + $token_file = DATA_PATH . '/tokens/' . $token . '.txt'; + $mtime = @filemtime($token_file); + $conf = Minz_Configuration::get('system'); + $limits = $conf->limits; + $cookie_duration = empty($limits['cookie_duration']) ? FreshRSS_Auth::DEFAULT_COOKIE_DURATION : $limits['cookie_duration']; + if ($mtime + $cookie_duration < time()) { + // Token has expired (> cookie_duration) or does not exist. + @unlink($token_file); + return array(); + } + + $credentials = @file_get_contents($token_file); + if ($credentials !== false && self::renewCookie($token)) { + return explode("\t", $credentials, 2); + } + return []; + } + + private static function renewCookie($token) { + $token_file = DATA_PATH . '/tokens/' . $token . '.txt'; + if (touch($token_file)) { + $conf = Minz_Configuration::get('system'); + $limits = $conf->limits; + $cookie_duration = empty($limits['cookie_duration']) ? FreshRSS_Auth::DEFAULT_COOKIE_DURATION : $limits['cookie_duration']; + $expire = time() + $cookie_duration; + Minz_Session::setLongTermCookie('FreshRSS_login', $token, $expire); + return $token; + } + return false; + } + + public static function makeCookie($username, $password_hash) { + $conf = Minz_Configuration::get('system'); + do { + $token = sha1($conf->salt . $username . uniqid(mt_rand(), true)); + $token_file = DATA_PATH . '/tokens/' . $token . '.txt'; + } while (file_exists($token_file)); + + if (@file_put_contents($token_file, $username . "\t" . $password_hash) === false) { + return false; + } + + return self::renewCookie($token); + } + + public static function deleteCookie() { + $token = Minz_Session::getLongTermCookie('FreshRSS_login'); + if (ctype_alnum($token)) { + Minz_Session::deleteLongTermCookie('FreshRSS_login'); + @unlink(DATA_PATH . '/tokens/' . $token . '.txt'); + } + + if (rand(0, 10) === 1) { + self::purgeTokens(); + } + } + + public static function purgeTokens() { + $conf = Minz_Configuration::get('system'); + $limits = $conf->limits; + $cookie_duration = empty($limits['cookie_duration']) ? FreshRSS_Auth::DEFAULT_COOKIE_DURATION : $limits['cookie_duration']; + $oldest = time() - $cookie_duration; + foreach (new DirectoryIterator(DATA_PATH . '/tokens/') as $file_info) { + $extension = $file_info->getExtension(); + if ($extension === 'txt' && $file_info->getMTime() < $oldest) { + @unlink($file_info->getPathname()); + } + } + } +} |