Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-09-07 15:25:00 +00:00
Code Issues Actions Projects Releases Wiki Activity

cs: Fix code style (safe rules only).

Browse Source
This commit is contained in:
Pol Dellaiera
2021-11-23 14:06:38 +01:00
parent 149d7ce991
commit 8f96a1121d
1223 changed files with 65199 additions and 64625 deletions
Download Patch File Download Diff File Expand all files Collapse all files

122
src/Bundle/ChillMainBundle/Security/PasswordRecover/TokenManager.php
View File

@@ -1,103 +1,99 @@
<?php
/*
* Copyright (C) 2018 Champs Libres Cooperative <info@champs-libres.coop>
/**
* Chill is a software for social workers
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace Chill\MainBundle\Security\PasswordRecover;
use Chill\MainBundle\Entity\User;
use DateTime;
use DateTimeImmutable;
use DateTimeInterface;
use Psr\Log\LoggerInterface;
use UnexpectedValueException;
use function bin2hex;
use function hash;
use function hex2bin;
use function random_bytes;
use function strlen;
use function trim;
/**
*
*
* @author Julien Fastré <julien.fastre@champs-libres.coop>
*/
class TokenManager
{
public const HASH = 'h';
public const TIMESTAMP = 'ts';
public const TOKEN = 't';
public const TOKEN_LENGTH = 24;
public const USERNAME_CANONICAL = 'u';
/**
*
* @var string
*/
protected $secret;
/**
*
* @var LoggerInterface
*/
protected $logger;
const TOKEN = 't';
const HASH = 'h';
const TIMESTAMP = 'ts';
const USERNAME_CANONICAL = 'u';
const TOKEN_LENGTH = 24;
/**
* @var string
*/
protected $secret;
public function __construct($secret, LoggerInterface $logger)
{
$this->secret = $secret;
$this->logger = $logger;
}
public function generate(User $user, \DateTimeInterface $expiration)
public function generate(User $user, DateTimeInterface $expiration)
{
$token = \random_bytes(self::TOKEN_LENGTH);
$token = random_bytes(self::TOKEN_LENGTH);
$username = $user->getUsernameCanonical();
if (empty($username)) {
throw new \UnexpectedValueException("username should not be empty to generate a token");
throw new UnexpectedValueException('username should not be empty to generate a token');
}
$timestamp = $expiration->getTimestamp();
$hash = \hash('sha1', $token.$username.$timestamp.$this->secret);
return [
self::HASH => $hash,
self::TOKEN => \bin2hex($token),
self::TIMESTAMP => $timestamp,
self::USERNAME_CANONICAL => $username
];
$hash = hash('sha1', $token . $username . $timestamp . $this->secret);
return [
self::HASH => $hash,
self::TOKEN => bin2hex($token),
self::TIMESTAMP => $timestamp,
self::USERNAME_CANONICAL => $username,
];
}
public function verify($hash, $token, User $user, $timestamp)
{
$token = \hex2bin(\trim($token));
if (\strlen($token) !== self::TOKEN_LENGTH) {
$token = hex2bin(trim($token));
if (strlen($token) !== self::TOKEN_LENGTH) {
return false;
}
$username = $user->getUsernameCanonical();
$date = \DateTimeImmutable::createFromFormat('U', $timestamp);
if ($date < new \DateTime('now')) {
$date = DateTimeImmutable::createFromFormat('U', $timestamp);
if ($date < new DateTime('now')) {
$this->logger->info('receiving a password recover token with expired '
. 'validity');
return false;
}
$expected = \hash('sha1', $token.$username.$timestamp.$this->secret);
$expected = hash('sha1', $token . $username . $timestamp . $this->secret);
if ($expected !== $hash) {
return false;
}
return true;
}
}