Example #1
0
 /**
  * Convert string values to PHP integers
  *
  * @param mixed $value The value to convert.
  * @param Driver $driver The driver instance to convert with.
  * @return string|null
  */
 public function toPHP($value, Driver $driver)
 {
     if ($value === null || empty($value)) {
         return null;
     }
     return Security::decrypt(base64_decode($value), Configure::read('Security.key'));
 }
Example #2
0
 /**
  * Test marshalling
  *
  * @return void
  */
 public function testMarshal()
 {
     $this->assertNull($this->type->marshal(null));
     $encrypted = $this->type->marshal('string');
     $this->assertSame(128, strlen($encrypted));
     $decrypted = Security::decrypt(base64_decode($encrypted), Configure::read('Security.key'));
     $this->assertSame('string', $decrypted);
 }
Example #3
0
 /**
  * Tries to decode, decrypt and unserialize the given token and return the data as an
  * array
  *
  * @param string $token The string token
  * @return array|false
  */
 public function decryptToken($token)
 {
     $tokenData = false;
     $encrypted = base64_decode($token);
     if ($encrypted) {
         $serialized = Security::decrypt($encrypted, Configure::read('Security.cryptKey'));
         $tokenData = unserialize($serialized);
     }
     return $tokenData;
 }
 public function testValueIsAddedToDatabaseWithEncryption()
 {
     $value = '555';
     $store = MapStore::load('2');
     $store->set('access_token', $value);
     $entity = $this->Model->get(['2', 'access_token']);
     $dbValue = stream_get_contents($entity->value);
     $dbValueDecrypted = Security::decrypt($dbValue, Configure::read('Security.key'), Configure::read('Security.salt'));
     $this->assertNotEquals($value, $dbValue);
     $this->assertEquals($value, $dbValueDecrypted);
 }
Example #5
0
 /**
  * Decodes and decrypts a single value.
  *
  * @param string $value The value to decode & decrypt.
  * @param string|false $encrypt The encryption cipher to use.
  * @return string Decoded value.
  */
 protected function _decode($value, $encrypt)
 {
     if (!$encrypt) {
         return $this->_explode($value);
     }
     $this->_checkCipher($encrypt);
     $prefix = 'Q2FrZQ==.';
     $value = base64_decode(substr($value, strlen($prefix)));
     if ($encrypt === 'rijndael') {
         $value = Security::rijndael($value, $this->_config['key'], 'decrypt');
     }
     if ($encrypt === 'aes') {
         $value = Security::decrypt($value, $this->_config['key']);
     }
     return $this->_explode($value);
 }
Example #6
0
 /**
  * Test writing with a custom encryption key using ConfigKey
  *
  * @return void
  */
 public function testWriteConfigKeyWithCustomEncryptionKey()
 {
     $name = 'sampleCookieTest';
     $value = 'some data';
     $encryption = 'aes';
     $prefix = "Q2FrZQ==.";
     $key = 'justanotherencryptionkeyjustanotherencryptionkey';
     $this->Cookie->configKey($name, compact('key', 'encryption'));
     $this->Cookie->write($name, $value);
     $cookie = $this->Controller->response->cookie($name);
     $this->assertEquals($value, Security::decrypt(base64_decode(substr($cookie['value'], strlen($prefix))), $key));
 }
 /**
  * Decrypt an encrypted value
  * @param type $cryptedValue Value to be decrypted
  * @return type Decrypted value
  */
 public function decrypt($cryptedValue)
 {
     if (is_resource($cryptedValue)) {
         $cryptedValue = stream_get_contents($cryptedValue);
     }
     return Security::decrypt($cryptedValue, $this->config('key'), $this->config('salt'));
 }
 /**
  * Decrypt a base64 encoded string
  *
  * @param string $value string to decrypt
  * @return bool|string
  */
 protected function _decrypt($value)
 {
     if (empty($value)) {
         return false;
     }
     return Security::decrypt(base64_decode($value), $this->_encryptionKey());
 }
Example #9
0
 /**
  * Test that values encrypted with open ssl can be decrypted with mcrypt and the reverse.
  *
  * @return void
  */
 public function testEngineEquivalence()
 {
     $this->skipIf(!defined('MCRYPT_RIJNDAEL_128'), 'This needs mcrypt extension to be loaded.');
     $restore = Security::engine();
     $txt = "Obi-wan you're our only hope";
     $key = 'This is my secret key phrase it is quite long.';
     $salt = 'A tasty salt that is delicious';
     Security::engine(new Mcrypt());
     $cipher = Security::encrypt($txt, $key, $salt);
     $this->assertEquals($txt, Security::decrypt($cipher, $key, $salt));
     Security::engine(new OpenSsl());
     $this->assertEquals($txt, Security::decrypt($cipher, $key, $salt));
     Security::engine(new OpenSsl());
     $cipher = Security::encrypt($txt, $key, $salt);
     $this->assertEquals($txt, Security::decrypt($cipher, $key, $salt));
     Security::engine(new Mcrypt());
     $this->assertEquals($txt, Security::decrypt($cipher, $key, $salt));
 }
Example #10
0
 /**
  * Test that values encrypted with open ssl can be decrypted with mcrypt and the reverse.
  *
  * @return void
  */
 public function testEngineEquivalence()
 {
     $restore = Security::engine();
     $txt = "Obi-wan you're our only hope";
     $key = 'This is my secret key phrase it is quite long.';
     $salt = 'A tasty salt that is delicious';
     Security::engine(new Mcrypt());
     $cipher = Security::encrypt($txt, $key, $salt);
     $this->assertEquals($txt, Security::decrypt($cipher, $key, $salt));
     Security::engine(new OpenSsl());
     $this->assertEquals($txt, Security::decrypt($cipher, $key, $salt));
     Security::engine(new OpenSsl());
     $cipher = Security::encrypt($txt, $key, $salt);
     $this->assertEquals($txt, Security::decrypt($cipher, $key, $salt));
     Security::engine(new Mcrypt());
     $this->assertEquals($txt, Security::decrypt($cipher, $key, $salt));
 }
 /**
  * Decodes and decrypts a single value.
  *
  * @param string $value The value to decode & decrypt.
  * @return string Decoded value.
  */
 protected function _decode($value)
 {
     $prefix = 'Q2FrZQ==.';
     $pos = strpos($value, $prefix);
     if ($pos === false) {
         return $this->_explode($value);
     }
     $value = base64_decode(substr($value, strlen($prefix)));
     if ($this->_config['encryption'] === 'rijndael') {
         $plain = Security::rijndael($value, $this->_config['key'], 'decrypt');
     }
     if ($this->_config['encryption'] === 'aes') {
         $plain = Security::decrypt($value, $this->_config['key']);
     }
     return $this->_explode($plain);
 }
Example #12
0
 /**
  * {@inheritdoc}
  */
 public function decrypt($cipher)
 {
     return Security::decrypt($cipher, $this->__key);
 }
Example #13
0
 /**
  * Decodes and decrypts a single value.
  *
  * @param string $value The value to decode & decrypt.
  * @param string|false $encrypt The encryption cipher to use.
  * @param string|null $key Used as the security salt if specified.
  * @return string Decoded value.
  */
 protected function _decode($value, $encrypt, $key)
 {
     if (!$encrypt) {
         return $this->_explode($value);
     }
     $this->_checkCipher($encrypt);
     $prefix = 'Q2FrZQ==.';
     $value = base64_decode(substr($value, strlen($prefix)));
     if ($key === null) {
         $key = $this->_getCookieEncryptionKey();
     }
     if ($encrypt === 'rijndael') {
         $value = Security::rijndael($value, $key, 'decrypt');
     }
     if ($encrypt === 'aes') {
         $value = Security::decrypt($value, $key);
     }
     return $this->_explode($value);
 }
Example #14
0
 /**
  * Test that empty data cause errors
  *
  * @expectedException \Cake\Error\Exception
  * @expectedExceptionMessage The data to decrypt cannot be empty.
  * @return void
  */
 public function testDecryptInvalidData()
 {
     $txt = '';
     $key = 'This is a key that is long enough to be ok.';
     Security::decrypt($txt, $key);
 }
Example #15
0
 /**
  * Ask to the user the 2FA code and verify it.
  *
  * @return \Cake\Network\Response|void
  */
 public function tfa()
 {
     if ($this->Auth->user()) {
         return $this->redirect($this->Auth->redirectUrl());
     }
     if ($this->request->is('post')) {
         $this->loadModel('UsersTwoFactorAuth');
         $id = $this->Cookie->read('CookieTfa');
         if (empty($id) || $id == false) {
             $this->Cookie->delete('CookieTfa');
             return $this->redirect($this->Auth->config('loginAction'));
         }
         try {
             $id = Security::decrypt(base64_decode($id), Configure::read('Security.key'));
         } catch (\Exception $e) {
             $this->Flash->error(__('The link used for the Two-factor Authentication is incorrect.'));
             return $this->redirect($this->Auth->config('loginAction'));
         }
         $userTfa = $this->UsersTwoFactorAuth->find()->where(['user_id' => $id])->first();
         $tfa = new TwoFactorAuth('Xeta');
         $isAuthorized = false;
         $recoveryCodeUsed = false;
         if ($tfa->verifyCode($userTfa->secret, $this->request->data['code']) === true && $this->request->data['code'] !== $userTfa->current_code) {
             $isAuthorized = true;
             //Check recovery code and verify if the recovery code is not already used.
         } elseif ($userTfa->recovery_code === $this->request->data['code'] && $userTfa->recovery_code_used == false && $this->request->data['code'] !== $userTfa->current_code) {
             $isAuthorized = true;
             $recoveryCodeUsed = true;
         }
         if ($isAuthorized === true) {
             $data = ['session' => $this->request->clientIp() . $this->request->header('User-Agent') . gethostbyaddr($this->request->clientIp()), 'current_code' => $recoveryCodeUsed === true ? 'recovery' : $this->request->data['code'], 'recovery_code_used' => $recoveryCodeUsed === true ? 1 : $userTfa->recovery_code_used];
             $this->UsersTwoFactorAuth->patchEntity($userTfa, $data);
             $this->UsersTwoFactorAuth->save($userTfa);
             //Login the user.
             $userLogin = $this->Users->find()->where(['id' => $id])->hydrate(false)->first();
             unset($userLogin['password']);
             $this->_handleLogin($userLogin);
             $this->Cookie->delete('CookieTfa');
             //Logs Event.
             $this->eventManager()->attach(new Logs());
             $event = new Event('Log.User', $this, ['user_id' => $userLogin['id'], 'username' => $userLogin['username'], 'user_ip' => $this->request->clientIp(), 'user_agent' => $this->request->header('User-Agent'), 'action' => '2FA.recovery_code.used']);
             $this->eventManager()->dispatch($event);
             return $this->redirect(['controller' => 'pages', 'action' => 'home']);
         } else {
             $this->Flash->error(__('Two-factor secret verification failed. Please verify your code and try again.'));
         }
     }
     $id = $this->Cookie->read('CookieTfa');
     if (empty($id) || $id == false) {
         $this->Cookie->delete('CookieTfa');
         return $this->redirect($this->Auth->config('loginAction'));
     }
 }
 /**
  * Decrypt an encrypted value
  *
  * @param type $encryptedValue Value to be decrypted
  * @return type Decrypted value
  */
 protected function _decrypt($encryptedValue)
 {
     return Security::decrypt($encryptedValue, $this->options['key'], $this->options['salt']);
 }