From 465b40f52d758a959747d4d6d6671cb776784e2c Mon Sep 17 00:00:00 2001
From: Alexis Degrugillier <aledeg@users.noreply.github.com>
Date: Mon, 28 Dec 2020 10:44:32 -0500
Subject: Add a file for each Auth class (#3298)

It's a follow-up of what was started in #3297.
---
 app/Models/FormAuth.php | 94 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 94 insertions(+)
 create mode 100644 app/Models/FormAuth.php

(limited to 'app/Models/FormAuth.php')

diff --git a/app/Models/FormAuth.php b/app/Models/FormAuth.php
new file mode 100644
index 000000000..86742e2f2
--- /dev/null
+++ b/app/Models/FormAuth.php
@@ -0,0 +1,94 @@
+<?php
+
+class FreshRSS_FormAuth {
+	public static function checkCredentials($username, $hash, $nonce, $challenge) {
+		if (!FreshRSS_user_Controller::checkUsername($username) ||
+				!ctype_graph($hash) ||
+				!ctype_graph($challenge) ||
+				!ctype_alnum($nonce)) {
+			Minz_Log::debug('Invalid credential parameters:' .
+			                ' user=' . $username .
+			                ' challenge=' . $challenge .
+			                ' nonce=' . $nonce);
+			return false;
+		}
+
+		return password_verify($nonce . $hash, $challenge);
+	}
+
+	public static function getCredentialsFromCookie() {
+		$token = Minz_Session::getLongTermCookie('FreshRSS_login');
+		if (!ctype_alnum($token)) {
+			return array();
+		}
+
+		$token_file = DATA_PATH . '/tokens/' . $token . '.txt';
+		$mtime = @filemtime($token_file);
+		$conf = Minz_Configuration::get('system');
+		$limits = $conf->limits;
+		$cookie_duration = empty($limits['cookie_duration']) ? FreshRSS_Auth::DEFAULT_COOKIE_DURATION : $limits['cookie_duration'];
+		if ($mtime + $cookie_duration < time()) {
+			// Token has expired (> cookie_duration) or does not exist.
+			@unlink($token_file);
+			return array();
+		}
+
+		$credentials = @file_get_contents($token_file);
+		if ($credentials !== false && self::renewCookie($token)) {
+			return explode("\t", $credentials, 2);
+		}
+		return [];
+	}
+
+	private static function renewCookie($token) {
+		$token_file = DATA_PATH . '/tokens/' . $token . '.txt';
+		if (touch($token_file)) {
+			$conf = Minz_Configuration::get('system');
+			$limits = $conf->limits;
+			$cookie_duration = empty($limits['cookie_duration']) ? FreshRSS_Auth::DEFAULT_COOKIE_DURATION : $limits['cookie_duration'];
+			$expire = time() + $cookie_duration;
+			Minz_Session::setLongTermCookie('FreshRSS_login', $token, $expire);
+			return $token;
+		}
+		return false;
+	}
+
+	public static function makeCookie($username, $password_hash) {
+		$conf = Minz_Configuration::get('system');
+		do {
+			$token = sha1($conf->salt . $username . uniqid(mt_rand(), true));
+			$token_file = DATA_PATH . '/tokens/' . $token . '.txt';
+		} while (file_exists($token_file));
+
+		if (@file_put_contents($token_file, $username . "\t" . $password_hash) === false) {
+			return false;
+		}
+
+		return self::renewCookie($token);
+	}
+
+	public static function deleteCookie() {
+		$token = Minz_Session::getLongTermCookie('FreshRSS_login');
+		if (ctype_alnum($token)) {
+			Minz_Session::deleteLongTermCookie('FreshRSS_login');
+			@unlink(DATA_PATH . '/tokens/' . $token . '.txt');
+		}
+
+		if (rand(0, 10) === 1) {
+			self::purgeTokens();
+		}
+	}
+
+	public static function purgeTokens() {
+		$conf = Minz_Configuration::get('system');
+		$limits = $conf->limits;
+		$cookie_duration = empty($limits['cookie_duration']) ? FreshRSS_Auth::DEFAULT_COOKIE_DURATION : $limits['cookie_duration'];
+		$oldest = time() - $cookie_duration;
+		foreach (new DirectoryIterator(DATA_PATH . '/tokens/') as $file_info) {
+			$extension = $file_info->getExtension();
+			if ($extension === 'txt' && $file_info->getMTime() < $oldest) {
+				@unlink($file_info->getPathname());
+			}
+		}
+	}
+}
-- 
cgit v1.2.3