diff options
| author |  Marien Fressinaud <dev@marienfressinaud.fr>
| 2019-12-03 23:11:06 +0100 |
|---|---|---|
| committer |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2019-12-03 23:11:06 +0100 |
| commit | d0f1f9f141a58e090d210c221a7c1745378b96a3 (patch) | |
| tree | 5d538ee048a14d29f8091d9e85cf391ada48ae83 /app/Utils | |
| parent | 15b8ef8f40f249ace343696df216f2d61f8249d0 (diff) | |
Separate the update API password endpoint (#2675)
* Extract hashPassword method from userController
* Extract and refactor fever key-related methods
* Move update of API password to dedicated action
* Simplify the controller by refactoring feverUtil
* Add locales
Diffstat (limited to 'app/Utils')
| -rw-r--r-- | app/Utils/feverUtil.php | 80 | ||||
| -rw-r--r-- | app/Utils/passwordUtil.php | 27 |
2 files changed, 107 insertions, 0 deletions
diff --git a/app/Utils/feverUtil.php b/app/Utils/feverUtil.php new file mode 100644 index 000000000..83921943c --- /dev/null +++ b/app/Utils/feverUtil.php @@ -0,0 +1,80 @@ +<?php + +class FreshRSS_fever_Util { + const FEVER_PATH = DATA_PATH . '/fever'; + + /** + * Make sure the fever path exists and is writable. + * + * @return boolean true if the path is writable, else false. + */ + public static function checkFeverPath() { + if (!file_exists(self::FEVER_PATH)) { + @mkdir(self::FEVER_PATH, 0770, true); + } + + $ok = is_writable(self::FEVER_PATH); + if (!$ok) { + Minz_Log::error("Could not save Fever API credentials. The directory does not have write access."); + } + return $ok; + } + + /** + * Return the corresponding path for a fever key. + * + * @param string + * @return string + */ + public static function getKeyPath($feverKey) { + $salt = sha1(FreshRSS_Context::$system_conf->salt); + return self::FEVER_PATH . '/.key-' . $salt . '-' . $feverKey . '.txt'; + } + + /** + * Update the fever key of a user. + * + * @param string + * @param string + * @return string the Fever key, or false if the update failed + */ + public static function updateKey($username, $passwordPlain) { + $ok = self::checkFeverPath(); + if (!$ok) { + return false; + } + + self::deleteKey($username); + + $feverKey = strtolower(md5("{$username}:{$passwordPlain}")); + $feverKeyPath = self::getKeyPath($feverKey); + $res = file_put_contents($feverKeyPath, $username); + if ($res !== false) { + return $feverKey; + } else { + Minz_Log::warning('Could not save Fever API credentials. Unknown error.', ADMIN_LOG); + return false; + } + } + + /** + * Delete the Fever key of a user. + * + * @param string + * @return boolean true if the deletion succeeded, else false. + */ + public static function deleteKey($username) { + $userConfig = get_user_configuration($username); + if ($userConfig === null) { + return false; + } + + $feverKey = $userConfig->feverKey; + if (!ctype_xdigit($feverKey)) { + return false; + } + + $feverKeyPath = self::getKeyPath($feverKey); + return @unlink($feverKeyPath); + } +} diff --git a/app/Utils/passwordUtil.php b/app/Utils/passwordUtil.php new file mode 100644 index 000000000..fd71d4b72 --- /dev/null +++ b/app/Utils/passwordUtil.php @@ -0,0 +1,27 @@ +<?php + +class FreshRSS_password_Util { + // Will also have to be computed client side on mobile devices, + // so do not use a too high cost + const BCRYPT_COST = 9; + + /** + * Return a hash of a plain password, using BCRYPT + * + * @param string + * @return string + */ + public static function hash($passwordPlain) { + $passwordHash = password_hash( + $passwordPlain, + PASSWORD_BCRYPT, + array('cost' => self::BCRYPT_COST) + ); + $passwordPlain = ''; + + // Compatibility with bcrypt.js + $passwordHash = preg_replace('/^\$2[xy]\$/', '\$2a\$', $passwordHash); + + return $passwordHash == '' ? '' : $passwordHash; + } +} |