Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-09-07 07:14:58 +00:00
Code Issues Actions Projects Releases Wiki Activity

cs: Fix code style (safe rules only).

Browse Source
This commit is contained in:
Pol Dellaiera
2021-11-23 14:06:38 +01:00
parent 149d7ce991
commit 8f96a1121d
1223 changed files with 65199 additions and 64625 deletions
Download Patch File Download Diff File Expand all files Collapse all files

110
src/Bundle/ChillMainBundle/Security/PasswordRecover/PasswordRecoverEvent.php
View File

@@ -1,77 +1,73 @@
<?php
/*
* Copyright (C) 2018 Champs Libres Cooperative <info@champs-libres.coop>
/**
* Chill is a software for social workers
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace Chill\MainBundle\Security\PasswordRecover;
use Chill\MainBundle\Entity\User;
use Symfony\Component\EventDispatcher\Event;
/**
*
*
* @author Julien Fastré <julien.fastre@champs-libres.coop>
*/
class PasswordRecoverEvent extends Event
{
public const ASK_TOKEN_INVALID_FORM = 'chill_main.ask_token_invalid_form';
public const ASK_TOKEN_SUCCESS = 'chill_main.ask_token_success';
public const INVALID_TOKEN = 'chill_main.password_recover_invalid_token';
/**
*
* @var User
*/
protected $user;
/**
*
* @var string
*/
protected $token;
/**
*
* @var string
*/
protected $ip;
/**
*
* @var boolean
* @var bool
*/
protected $safelyGenerated;
const ASK_TOKEN_INVALID_FORM = 'chill_main.ask_token_invalid_form';
const INVALID_TOKEN = 'chill_main.password_recover_invalid_token';
const ASK_TOKEN_SUCCESS = 'chill_main.ask_token_success';
/**
* @var string
*/
protected $token;
/**
* @var User
*/
protected $user;
/**
*
* @param type $token
* @param User $user
* @param type $ip
* @param bool $safelyGenerated true if generated safely (from console command, etc.)
*/
public function __construct($token = null, User $user = null, $ip = null, bool $safelyGenerated = false)
public function __construct($token = null, ?User $user = null, $ip = null, bool $safelyGenerated = false)
{
$this->user = $user;
$this->token = $token;
$this->ip = $ip;
$this->safelyGenerated = $safelyGenerated;
}
public function getIp()
{
return $this->ip;
}
/**
* @return string
*/
public function getToken()
{
return $this->token;
}
/**
*
* @return User|null
*/
public function getUser()
@@ -79,38 +75,16 @@ class PasswordRecoverEvent extends Event
return $this->user;
}
/**
*
* @return string
*/
public function getToken()
{
return $this->token;
}
public function getIp()
{
return $this->ip;
}
/**
*
* @return boolean
*/
public function hasIp(): bool
{
return !empty($this->ip);
}
/**
*
* @return boolean
*/
public function hasUser(): bool
{
return $this->user instanceof User;
}
public function isSafelyGenerated(): bool
{
return $this->safelyGenerated;

66
src/Bundle/ChillMainBundle/Security/PasswordRecover/PasswordRecoverEventSubscriber.php
View File

@@ -1,83 +1,67 @@
<?php
/*
* Copyright (C) 2018 Champs Libres Cooperative <info@champs-libres.coop>
/**
* Chill is a software for social workers
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace Chill\MainBundle\Security\PasswordRecover;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
/**
*
*
* @author Julien Fastré <julien.fastre@champs-libres.coop>
*/
class PasswordRecoverEventSubscriber implements EventSubscriberInterface
{
/**
*
* @var PasswordRecoverLocker
*/
protected $locker;
public function __construct(PasswordRecoverLocker $locker)
{
$this->locker = $locker;
}
public static function getSubscribedEvents(): array
{
return [
PasswordRecoverEvent::INVALID_TOKEN => [
[ 'onInvalidToken' ]
['onInvalidToken'],
],
PasswordRecoverEvent::ASK_TOKEN_INVALID_FORM => [
[ 'onAskTokenInvalidForm' ]
['onAskTokenInvalidForm'],
],
PasswordRecoverEvent::ASK_TOKEN_SUCCESS => [
[ 'onAskTokenSuccess']
]
['onAskTokenSuccess'],
],
];
}
public function onInvalidToken(PasswordRecoverEvent $event)
{
// set global lock
$this->locker->createLock('invalid_token_global', null);
// set ip lock
if ($event->hasIp()) {
$this->locker->createLock('invalid_token_by_ip', $event->getIp());
}
}
public function onAskTokenInvalidForm(PasswordRecoverEvent $event)
{
// set global lock
$this->locker->createLock('ask_token_invalid_form_global', null);
// set ip lock
if ($event->hasIp()) {
$this->locker->createLock('ask_token_invalid_form_by_ip', $event->getIp());
}
}
public function onAskTokenSuccess(PasswordRecoverEvent $event)
{
$this->locker->createLock('ask_token_success_by_user', $event->getUser());
}
public function onInvalidToken(PasswordRecoverEvent $event)
{
// set global lock
$this->locker->createLock('invalid_token_global', null);
// set ip lock
if ($event->hasIp()) {
$this->locker->createLock('invalid_token_by_ip', $event->getIp());
}
}
}

175
src/Bundle/ChillMainBundle/Security/PasswordRecover/PasswordRecoverLocker.php
View File

@@ -1,170 +1,163 @@
<?php
/*
* Copyright (C) 2018 Champs Libres Cooperative <info@champs-libres.coop>
/**
* Chill is a software for social workers
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace Chill\MainBundle\Security\PasswordRecover;
use Chill\MainBundle\Redis\ChillRedis;
use LogicException;
use Psr\Log\LoggerInterface;
use UnexpectedValueException;
/**
*
*
* @author Julien Fastré <julien.fastre@champs-libres.coop>
*/
class PasswordRecoverLocker
{
public const ASK_TOKEN_INVALID_FORM_TTL = 3600;
/**
* The maximum of invalid token globally (across all ip)
* TTL to keep invalid token recorded.
*/
const MAX_INVALID_TOKEN_GLOBAL = 50;
public const INVALID_TOKEN_TTL = 3600;
public const MAX_ASK_TOKEN_BY_USER = 10;
public const MAX_ASK_TOKEN_INVALID_FORM_BY_IP = 10;
public const MAX_ASK_TOKEN_INVALID_FORM_GLOBAL = 50;
/**
* The maximum of invalid token by ip
* The maximum of invalid token by ip.
*/
const MAX_INVALID_TOKEN_BY_IP = 10;
public const MAX_INVALID_TOKEN_BY_IP = 10;
/**
* TTL to keep invalid token recorded
* The maximum of invalid token globally (across all ip).
*/
const INVALID_TOKEN_TTL = 3600;
const MAX_ASK_TOKEN_INVALID_FORM_GLOBAL = 50;
const MAX_ASK_TOKEN_INVALID_FORM_BY_IP = 10;
const MAX_ASK_TOKEN_BY_USER = 10;
const ASK_TOKEN_INVALID_FORM_TTL = 3600;
public const MAX_INVALID_TOKEN_GLOBAL = 50;
/**
*
* @var ChillRedis
*/
protected $chillRedis;
/**
*
* @var LoggerInterface
*/
protected $logger;
public function __construct(ChillRedis $chillRedis, LoggerInterface $logger)
{
$this->chillRedis = $chillRedis;
$this->logger = $logger;
}
public function createLock($usage, $discriminator = null)
{
$max = $this->getMax($usage);
$ttl = $this->getTtl($usage);
for ($i = 0; $i < $max; $i++) {
for ($i = 0; $i < $max; ++$i) {
$key = self::generateLockKey($usage, $i, $discriminator);
if (0 === $this->chillRedis->exists($key)) {
$this->chillRedis->set($key, 1);
$this->chillRedis->setTimeout($key, $ttl);
break;
}
}
}
public function isLocked($usage, $discriminator = null)
{
$max = $this->getMax($usage);
for ($i = 0; $i < $max; $i++) {
$key = self::generateLockKey($usage, $i, $discriminator);
if ($this->chillRedis->exists($key) === 0) {
return false;
}
/**
* @param string $usage 'invalid_token_global' or ...
* @param mixed|null $discriminator
*/
public static function generateLockKey($usage, int $number, $discriminator = null)
{
switch ($usage) {
case 'invalid_token_global':
return sprintf('invalid_token_global_%d', $number);
case 'invalid_token_by_ip':
return sprintf('invalid_token_ip_%s_%d', $discriminator, $number);
case 'ask_token_invalid_form_global':
return sprintf('ask_token_invalid_form_global_%d', $number);
case 'ask_token_invalid_form_by_ip':
return sprintf('ask_token_invalid_form_by_ip_%s_%d', $discriminator, $number);
case 'ask_token_success_by_user':
return sprintf('ask_token_success_by_user_%s_%d', $discriminator->getId(), $number);
default:
throw new LogicException('this usage is not implemented');
}
$this->logger->warning("locking reaching for password recovery", [
'usage' => $usage,
'discriminator' => $discriminator
]);
return true;
}
public function getMax($usage)
{
switch ($usage) {
case 'invalid_token_global':
return self::MAX_INVALID_TOKEN_GLOBAL;
case 'invalid_token_by_ip':
return self::MAX_INVALID_TOKEN_BY_IP;
case 'ask_token_invalid_form_global':
return self::MAX_ASK_TOKEN_INVALID_FORM_GLOBAL;
case 'ask_token_invalid_form_by_ip':
return self::MAX_ASK_TOKEN_INVALID_FORM_BY_IP;
case 'ask_token_success_by_user':
return self::MAX_ASK_TOKEN_BY_USER;
default:
throw new \UnexpectedValueException("this usage '$usage' is not yet implemented");
throw new UnexpectedValueException("this usage '{$usage}' is not yet implemented");
}
}
public function getTtl($usage)
{
switch ($usage) {
case 'invalid_token_global':
case 'invalid_token_by_ip':
return self::INVALID_TOKEN_TTL;
case 'ask_token_invalid_form_global':
case 'ask_token_invalid_form_by_ip':
return self::ASK_TOKEN_INVALID_FORM_TTL;
case 'ask_token_success_by_user':
return self::ASK_TOKEN_INVALID_FORM_TTL * 24;
default:
throw new \UnexpectedValueException("this usage '$usage' is not yet implemented");
throw new UnexpectedValueException("this usage '{$usage}' is not yet implemented");
}
}
/**
*
* @param string $usage 'invalid_token_global' or ...
* @param int $number
*/
public static function generateLockKey($usage, int $number, $discriminator = null)
public function isLocked($usage, $discriminator = null)
{
switch($usage) {
case "invalid_token_global":
return sprintf('invalid_token_global_%d', $number);
case "invalid_token_by_ip":
return sprintf('invalid_token_ip_%s_%d', $discriminator, $number);
case "ask_token_invalid_form_global":
return sprintf('ask_token_invalid_form_global_%d', $number);
case "ask_token_invalid_form_by_ip":
return sprintf('ask_token_invalid_form_by_ip_%s_%d', $discriminator, $number);
case 'ask_token_success_by_user':
return sprintf('ask_token_success_by_user_%s_%d', $discriminator->getId(), $number);
default:
throw new \LogicException("this usage is not implemented");
$max = $this->getMax($usage);
for ($i = 0; $i < $max; ++$i) {
$key = self::generateLockKey($usage, $i, $discriminator);
if ($this->chillRedis->exists($key) === 0) {
return false;
}
}
$this->logger->warning('locking reaching for password recovery', [
'usage' => $usage,
'discriminator' => $discriminator,
]);
return true;
}
}

85
src/Bundle/ChillMainBundle/Security/PasswordRecover/PasswordRecoverVoter.php
View File

@@ -1,67 +1,52 @@
<?php
/*
* Copyright (C) 2018 Champs Libres Cooperative <info@champs-libres.coop>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
namespace Chill\MainBundle\Security\PasswordRecover;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Chill\MainBundle\Entity\User;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\HttpFoundation\RequestStack;
/**
*
* Chill is a software for social workers
*
* @author Julien Fastré <julien.fastre@champs-libres.coop>
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace Chill\MainBundle\Security\PasswordRecover;
use Chill\MainBundle\Entity\User;
use Symfony\Component\HttpFoundation\RequestStack;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
class PasswordRecoverVoter extends Voter
{
const TRY_TOKEN = 'CHILL_PASSWORD_TRY_TOKEN';
const ASK_TOKEN = 'CHILL_PASSWORD_ASK_TOKEN';
protected $supported = [
self::TRY_TOKEN,
self::ASK_TOKEN
];
public const ASK_TOKEN = 'CHILL_PASSWORD_ASK_TOKEN';
public const TRY_TOKEN = 'CHILL_PASSWORD_TRY_TOKEN';
/**
*
* @var PasswordRecoverLocker
*/
protected $locker;
/**
*
* @var RequestStack
*/
protected $requestStack;
protected $supported = [
self::TRY_TOKEN,
self::ASK_TOKEN,
];
public function __construct(PasswordRecoverLocker $locker, RequestStack $requestStack)
{
$this->locker = $locker;
$this->requestStack = $requestStack;
}
protected function supports($attribute, $subject): bool
{
if (!in_array($attribute, $this->supported)) {
return false;
}
return true;
}
@@ -69,34 +54,36 @@ class PasswordRecoverVoter extends Voter
{
switch ($attribute) {
case self::TRY_TOKEN:
if (TRUE === $this->locker->isLocked('invalid_token_global')) {
if (true === $this->locker->isLocked('invalid_token_global')) {
return false;
}
$ip = $this->requestStack->getCurrentRequest()->getClientIp();
if (TRUE === $this->locker->isLocked('invalid_token_by_ip', $ip)) {
if (true === $this->locker->isLocked('invalid_token_by_ip', $ip)) {
return false;
}
return true;
case self::ASK_TOKEN:
if (TRUE === $this->locker->isLocked('ask_token_invalid_form_global')) {
if (true === $this->locker->isLocked('ask_token_invalid_form_global')) {
return false;
}
$ip = $this->requestStack->getCurrentRequest()->getClientIp();
if (TRUE === $this->locker->isLocked('ask_token_invalid_form_by_ip', $ip)) {
if (true === $this->locker->isLocked('ask_token_invalid_form_by_ip', $ip)) {
return false;
}
if ($subject instanceof User) {
if (TRUE === $this->locker->isLocked('ask_token_success_by_user', $subject)) {
if (true === $this->locker->isLocked('ask_token_success_by_user', $subject)) {
return false;
}
}
return true;
}
return false;

130
src/Bundle/ChillMainBundle/Security/PasswordRecover/RecoverPasswordHelper.php
View File

@@ -1,59 +1,44 @@
<?php
/*
* Copyright (C) 2018 Champs Libres Cooperative <info@champs-libres.coop>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
namespace Chill\MainBundle\Security\PasswordRecover;
use Chill\MainBundle\Security\PasswordRecover\TokenManager;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
use Chill\MainBundle\Notification\Mailer;
use Chill\MainBundle\Entity\User;
/**
*
* Chill is a software for social workers
*
* @author Julien Fastré <julien.fastre@champs-libres.coop>
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace Chill\MainBundle\Security\PasswordRecover;
use Chill\MainBundle\Entity\User;
use Chill\MainBundle\Notification\Mailer;
use DateTimeInterface;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
use function array_merge;
class RecoverPasswordHelper
{
public const RECOVER_PASSWORD_ROUTE = 'password_recover';
/**
*
* @var TokenManager
*/
protected $tokenManager;
/**
*
* @var UrlGeneratorInterface
*/
protected $urlGenerator;
/**
*
* @var Mailer
*/
protected $mailer;
protected $routeParameters;
const RECOVER_PASSWORD_ROUTE = 'password_recover';
/**
* @var TokenManager
*/
protected $tokenManager;
/**
* @var UrlGeneratorInterface
*/
protected $urlGenerator;
public function __construct(
TokenManager $tokenManager,
UrlGeneratorInterface $urlGenerator,
TokenManager $tokenManager,
UrlGeneratorInterface $urlGenerator,
Mailer $mailer,
array $routeParameters
) {
@@ -64,64 +49,65 @@ class RecoverPasswordHelper
}
/**
*
* @param User $user
* @param \DateTimeInterface $expiration
* @param bool $absolute
* @param array $parameters additional parameters to url
*
* @return string
*/
public function generateUrl(User $user, \DateTimeInterface $expiration, $absolute = true, array $parameters = [])
public function generateUrl(User $user, DateTimeInterface $expiration, $absolute = true, array $parameters = [])
{
$context = $this->urlGenerator->getContext();
$previousHost = $context->getHost();
$previousScheme = $context->getScheme();
$context->setHost($this->routeParameters['host']);
$context->setScheme($this->routeParameters['scheme']);
$url = $this->urlGenerator->generate(
self::RECOVER_PASSWORD_ROUTE,
\array_merge(
self::RECOVER_PASSWORD_ROUTE,
array_merge(
$this->tokenManager->generate($user, $expiration),
$parameters),
$parameters
),
$absolute ? UrlGeneratorInterface::ABSOLUTE_URL : UrlGeneratorInterface::ABSOLUTE_PATH
);
);
// reset the host
$context->setHost($previousHost);
$context->setScheme($previousScheme);
return $url;
}
public function sendRecoverEmail(
User $user,
\DateTimeInterface $expiration,
$template = '@ChillMain/Password/recover_email.txt.twig',
array $templateParameters = [],
User $user,
DateTimeInterface $expiration,
$template = '@ChillMain/Password/recover_email.txt.twig',
array $templateParameters = [],
$force = false,
array $additionalUrlParameters = [],
$emailSubject = 'Recover your password'
) {
$content = $this->mailer->renderContentToUser(
$user,
$template,
\array_merge([
$user,
$template,
array_merge(
[
'user' => $user,
'url' => $this->generateUrl($user, $expiration, true, $additionalUrlParameters)
'url' => $this->generateUrl($user, $expiration, true, $additionalUrlParameters),
],
$templateParameters
));
)
);
$this->mailer->sendNotification(
$user,
[ $emailSubject ],
$user,
[$emailSubject],
[
'text/plain' => $content,
],
null,
$force);
],
null,
$force
);
}
}

122
src/Bundle/ChillMainBundle/Security/PasswordRecover/TokenManager.php
View File

@@ -1,103 +1,99 @@
<?php
/*
* Copyright (C) 2018 Champs Libres Cooperative <info@champs-libres.coop>
/**
* Chill is a software for social workers
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace Chill\MainBundle\Security\PasswordRecover;
use Chill\MainBundle\Entity\User;
use DateTime;
use DateTimeImmutable;
use DateTimeInterface;
use Psr\Log\LoggerInterface;
use UnexpectedValueException;
use function bin2hex;
use function hash;
use function hex2bin;
use function random_bytes;
use function strlen;
use function trim;
/**
*
*
* @author Julien Fastré <julien.fastre@champs-libres.coop>
*/
class TokenManager
{
public const HASH = 'h';
public const TIMESTAMP = 'ts';
public const TOKEN = 't';
public const TOKEN_LENGTH = 24;
public const USERNAME_CANONICAL = 'u';
/**
*
* @var string
*/
protected $secret;
/**
*
* @var LoggerInterface
*/
protected $logger;
const TOKEN = 't';
const HASH = 'h';
const TIMESTAMP = 'ts';
const USERNAME_CANONICAL = 'u';
const TOKEN_LENGTH = 24;
/**
* @var string
*/
protected $secret;
public function __construct($secret, LoggerInterface $logger)
{
$this->secret = $secret;
$this->logger = $logger;
}
public function generate(User $user, \DateTimeInterface $expiration)
public function generate(User $user, DateTimeInterface $expiration)
{
$token = \random_bytes(self::TOKEN_LENGTH);
$token = random_bytes(self::TOKEN_LENGTH);
$username = $user->getUsernameCanonical();
if (empty($username)) {
throw new \UnexpectedValueException("username should not be empty to generate a token");
throw new UnexpectedValueException('username should not be empty to generate a token');
}
$timestamp = $expiration->getTimestamp();
$hash = \hash('sha1', $token.$username.$timestamp.$this->secret);
return [
self::HASH => $hash,
self::TOKEN => \bin2hex($token),
self::TIMESTAMP => $timestamp,
self::USERNAME_CANONICAL => $username
];
$hash = hash('sha1', $token . $username . $timestamp . $this->secret);
return [
self::HASH => $hash,
self::TOKEN => bin2hex($token),
self::TIMESTAMP => $timestamp,
self::USERNAME_CANONICAL => $username,
];
}
public function verify($hash, $token, User $user, $timestamp)
{
$token = \hex2bin(\trim($token));
if (\strlen($token) !== self::TOKEN_LENGTH) {
$token = hex2bin(trim($token));
if (strlen($token) !== self::TOKEN_LENGTH) {
return false;
}
$username = $user->getUsernameCanonical();
$date = \DateTimeImmutable::createFromFormat('U', $timestamp);
if ($date < new \DateTime('now')) {
$date = DateTimeImmutable::createFromFormat('U', $timestamp);
if ($date < new DateTime('now')) {
$this->logger->info('receiving a password recover token with expired '
. 'validity');
return false;
}
$expected = \hash('sha1', $token.$username.$timestamp.$this->secret);
$expected = hash('sha1', $token . $username . $timestamp . $this->secret);
if ($expected !== $hash) {
return false;
}
return true;
}
}