Beispiel #1
0
 public function decrypt($text, $key = null)
 {
     return parent::decrypt($text, $key);
 }
Beispiel #2
0
 /**
  * Decrypts an encrypted text
  *
  *<code>
  *    echo $crypt->decrypt($encrypted, "decrypt password");
  *</code>
  *
  * @param string $text
  * @param string $key
  * @return string
  */
 public function decrypt($text, $key = null)
 {
     if ($key != null) {
         return parent::decrypt(base64_decode($text), $key);
     }
     return parent::decrypt(base64_decode($text), $this->encryptKey);
 }
Beispiel #3
0
 /**
  * Tests the padding
  *
  * @author Nikolaos Dimopoulos <*****@*****.**>
  * @since  2014-10-17
  */
 public function testCryptPadding()
 {
     $this->specify("padding not return correct results", function () {
         $texts = [''];
         $key = '0123456789ABCDEF0123456789ABCDEF';
         $modes = ['ecb', 'cbc', 'cfb'];
         $pads = [PhTCrypt::PADDING_ANSI_X_923, PhTCrypt::PADDING_PKCS7, PhTCrypt::PADDING_ISO_10126, PhTCrypt::PADDING_ISO_IEC_7816_4, PhTCrypt::PADDING_ZERO, PhTCrypt::PADDING_SPACE];
         for ($i = 1; $i < 128; ++$i) {
             $texts[] = str_repeat('A', $i);
         }
         $crypt = new PhTCrypt();
         $crypt->setCipher(MCRYPT_RIJNDAEL_256)->setKey(substr($key, 0, 16));
         foreach ($pads as $padding) {
             $crypt->setPadding($padding);
             foreach ($modes as $mode) {
                 $crypt->setMode($mode);
                 foreach ($texts as $text) {
                     $encrypted = $crypt->encrypt($text);
                     $actual = $crypt->decrypt($encrypted);
                     expect($actual)->equals($text);
                 }
             }
         }
     });
 }
 /**
  * Parse and get username from access token.
  *
  * @access protected
  * @param string $accessToken
  * @throws \Modules\Core\Exceptions\HTTPException
  * @return array tokens (Parts of access token)
  */
 protected static function parseToken($accessToken = '')
 {
     $crypt = new Crypt();
     $di = DI::getDefault();
     set_error_handler(function () {
         $msg = 'Invalid access token';
         throw new \Modules\Core\Exceptions\HTTPException($msg, 401);
     });
     $accessToken = pack('H*', $accessToken);
     $accessToken = $crypt->decrypt($accessToken, $di->get('config')->app->crypkey);
     $parts = explode('|', $accessToken);
     if (!is_array($parts) || count($parts) != 5) {
         $msg = 'Invalid access token, tokens do not match';
         throw new \Modules\Core\Exceptions\HTTPException($msg, 401);
     }
     $tokens = array();
     $tokens['uid'] = $parts[0];
     $tokens['username'] = $parts[1];
     $tokens['address'] = $parts[2];
     $tokens['agent'] = $parts[3];
     $tokens['expiry'] = $parts[4];
     return $tokens;
 }
 /**
  * Register cache, database, auth object and global requestBody (For HTTP body)
  * @param  Phalcon\DI $di
  * @throws \Modules\Core\Exceptions\HTTPException
  * @return void
  */
 private function registerServices($di)
 {
     /**
      * Starting cache (Memcached)
      */
     $di->set('cache', function () {
         $di = DI::getDefault();
         $frontCache = new \Phalcon\Cache\Frontend\Data(array('lifetime' => $di->get('config')->memcached->lifetime));
         $cache = new \Phalcon\Cache\Backend\Libmemcached($frontCache, array('servers' => array('host' => $di->get('config')->memcached->host, 'port' => $di->get('config')->memcached->port, 'weight' => $di->get('config')->memcached->weight)));
         return $cache;
     });
     /**
      * Initialize database object
      */
     $di->set('db', function () {
         $di = DI::getDefault();
         $adapter = new Database(array('host' => $di->get('config')->db->host, 'username' => $di->get('config')->db->username, 'password' => $di->get('config')->db->password, 'dbname' => $di->get('config')->db->dbname));
         // Added to log and debug sql queries
         $eventsManager = new \Phalcon\Events\Manager();
         $eventsManager->attach('db', new Listener());
         $adapter->setEventsManager($eventsManager);
         return $adapter;
     });
     /**
      * Service to read HTTP body from requests
      */
     $di->setShared('requestBody', function () {
         $in = file_get_contents('php://input');
         $in = json_decode($in, false);
         if ($in === null) {
             throw new \Modules\Core\Exceptions\HTTPException('There was a problem understanding the data sent to the server by the application.', 409, array('dev' => 'The JSON body sent to the server was unable to be parsed.', 'appCode' => 'REQ1000', 'more' => ''));
         }
         return $in;
     });
     /**
      * Service to use authin a global way
      */
     $di->setShared('auth', function () {
         $di = DI::getDefault();
         $crypt = new Crypt();
         //This method probably is not available if you use php-fpm
         //@todo, implement it
         $headers = getallheaders();
         if (!isset($headers['Authorization'])) {
             $msg = 'Token not provided';
             throw new \Modules\Core\Exceptions\HTTPException($msg, 401);
         }
         set_error_handler(function () {
             $msg = 'Invalid access token';
             throw new \Modules\Core\Exceptions\HTTPException($msg, 401);
         });
         $token = pack('H*', $headers['Authorization']);
         if (!$token) {
             $msg = 'Wrong access token';
             throw new \Modules\Core\Exceptions\HTTPException($msg, 401);
         }
         $token = $crypt->decrypt($token, $di->get('config')->app->crypkey);
         $tokens = explode('|', $token);
         if ($tokens[2] != $_SERVER['REMOTE_ADDR']) {
             $msg = 'Wrong token (Ip address)';
             throw new \Modules\Core\Exceptions\HTTPException($msg, 401);
         }
         if ($tokens[3] != $_SERVER['HTTP_USER_AGENT']) {
             $msg = 'Wrong access token (User agent)';
             throw new \Modules\Core\Exceptions\HTTPException($msg, 401);
         }
         if ($tokens[4] < time()) {
             $msg = 'Token has expiried';
             throw new \Modules\Core\Exceptions\HTTPException($msg, 401);
         }
         return true;
     });
 }