/**
* Determine if the session and input CSRF tokens match.
*
* @param \Illuminate\Http\Request $request
* @return bool
*/
protected function tokensMatch($request)
{
$token = $request->input('_token') ?: $request->header('X-CSRF-TOKEN');
if (!$token && ($header = $request->header('X-XSRF-TOKEN'))) {
$token = $this->encrypter->decrypt($header);
}
return Str::equals($request->session()->token(), $token);
}
/**
* Decrypt an array based cookie.
*
* @param array $cookie
* @return array
*/
protected function decryptArray(array $cookie)
{
$decrypted = array();
foreach ($cookie as $key => $value) {
$decrypted[$key] = $this->encrypter->decrypt($value);
}
return $decrypted;
}
/**
* Prepare the raw string data from the session for unserialization.
*
* @param string $data
* @return string
*/
protected function prepareForUnserialize($data)
{
try {
return $this->encrypter->decrypt($data);
} catch (DecryptException $e) {
return json_encode([]);
}
}
/**
* Fired just before building.
*
* @param Encrypter $encrypter
* @param Request $request
*/
public function onReady(Encrypter $encrypter, Request $request)
{
if ($code = $request->get('code')) {
array_set($this->parameters, 'code', $encrypter->decrypt($code));
}
if ($email = $request->get('email')) {
array_set($this->parameters, 'email', $encrypter->decrypt($email));
}
}
/**
* Determine if the session and input CSRF tokens match.
*
* @param \Illuminate\Http\Request $request
* @return bool
*/
protected function tokensMatch($request)
{
// Get tokens from session and the request
$sessionToken = $request->session()->token();
$token = $request->input('_token') ?: $request->header('X-CSRF-TOKEN');
if (!$token && ($header = $request->header('X-XSRF-TOKEN'))) {
$token = $this->encrypter->decrypt($header);
}
if (!is_string($sessionToken) || !is_string($token)) {
return false;
}
// Validate them
return hash_equals((string) $request->session()->token(), (string) $token);
}
/**
* Handle the command.
*
* @param UserRepositoryInterface $users
* @param UserActivator $activator
* @param Encrypter $encrypter
* @param Request $request
* @return bool
*/
public function handle(UserRepositoryInterface $users, UserActivator $activator, Encrypter $encrypter, Request $request)
{
$code = $request->get('code');
$email = $request->get('email');
if (!$code || !$email) {
return false;
}
$code = $encrypter->decrypt($code);
$email = $encrypter->decrypt($email);
if (!($user = $users->findByEmail($email))) {
return false;
}
return $activator->activate($user, $code);
}
function it_fails_with_string(Encrypter $encrypter, Request $request)
{
$time = date("Y-m-d H:i:s", strtotime("30 seconds ago"));
$request->get('_guard_opened')->willReturn($time);
$encrypter->decrypt($time)->willReturn($time);
$this->validate($request)->shouldReturn(false);
}
/**
* Validate the request.
*
* @param \Illuminate\Http\Request $request
* @param array $params
* @return bool
*/
public function validate($request, $params = [])
{
$this->params = $params;
try {
$timeOpened = $this->encrypter->decrypt($request->get('_guard_opened'));
} catch (DecryptException $e) {
return false;
}
if (!is_numeric($timeOpened)) {
return false;
}
$timeElapsed = time() - $timeOpened;
$tooFast = $timeElapsed < $this->getMinTime();
$tooSlow = $timeElapsed > $this->getMaxTime();
return !$tooFast && !$tooSlow;
}
/**
* Attempt to decrypt payload.
*/
protected function decryptPayload()
{
try {
$decrypted = $this->encrypter->decrypt($this->encryptedValue);
$this->decryptedValue = json_decode($decrypted);
} catch (\Exception $e) {
throw new Exceptions\InvalidEncryptionFormat($e->getMessage());
}
}
/**
* Retrieve an item from the cache by key.
*
* @param string $key
* @return mixed
*/
public function get($key)
{
$prefixed = $this->prefix . $key;
$cache = $this->table()->where('key', '=', $prefixed)->first();
// If we have a cache record we will check the expiration time against current
// time on the system and see if the record has expired. If it has, we will
// remove the records from the database table so it isn't returned again.
if (!is_null($cache)) {
if (is_array($cache)) {
$cache = (object) $cache;
}
if (time() >= $cache->expiration) {
$this->forget($key);
return;
}
return $this->encrypter->decrypt($cache->value);
}
}
/**
* Decrypt an array based cookie.
*
* @param array $cookie
* @return array
*/
protected function decryptArray(array $cookie)
{
$decrypted = [];
foreach ($cookie as $key => $value) {
if (is_string($value)) {
$decrypted[$key] = $this->encrypter->decrypt($value);
}
}
return $decrypted;
}
/**
* Increment or decrement an item in the cache.
*
* @param string $key
* @param mixed $value
* @param \Closure $callback
* @return void
*/
protected function incrementOrDecrement($key, $value, Closure $callback)
{
$prefixed = $this->prefix . $key;
$cache = $this->table()->where('key', $prefixed)->lockForUpdate()->first();
if (!is_null($cache)) {
$current = $this->encrypter->decrypt($cache->value);
if (is_numeric($current)) {
$this->table()->where('key', $prefixed)->update(['value' => $this->encrypter->encrypt($callback($current))]);
}
}
}
/**
* @param \Illuminate\Http\Request $request
*
* @return bool
*/
protected function tokensMatch($request)
{
$sessionToken = $request->session()->token();
$token = $request->input('_token') ?: $request->header('X-CSRF-TOKEN');
if (!$token && ($header = $request->header('X-XSRF-TOKEN'))) {
$token = $this->encrypter->decrypt($header);
}
if (!is_string($sessionToken) || !is_string($token)) {
return false;
}
return hash_equals($sessionToken, $token);
}
/**
* Activate a user by token
* @param string $token
* @param Request $request
* @param Events $events
* @return Illuminate\Http\Response
*/
public function getActivate(Encrypter $encrypter, Request $request, Events $events, $token)
{
try {
$data = json_decode($encrypter->decrypt($token));
if (is_object($data) && isset($data->id) && is_numeric($data->id) && isset($data->expires) && with(new Carbon(date('Y-m-d H:i:s', $data->expires)))->gt(Carbon::now())) {
$user = $this->activateUser($data->id);
$events->fire(new UserActivated($user));
return $this->userWasActivated($data->id);
} else {
throw new Exception("Invalid token");
}
} catch (Exception $e) {
return $this->userWasNotActivated();
}
}
/**
* Increment or decrement an item in the cache.
*
* @param string $key
* @param mixed $value
* @param \Closure $callback
* @return int|bool
*/
protected function incrementOrDecrement($key, $value, Closure $callback)
{
return $this->connection->transaction(function () use($key, $value, $callback) {
$prefixed = $this->prefix . $key;
$cache = $this->table()->where('key', $prefixed)->lockForUpdate()->first();
if (is_null($cache)) {
return false;
}
$current = $this->encrypter->decrypt($cache->value);
$new = $callback($current, $value);
if (!is_numeric($current)) {
return false;
}
$this->table()->where('key', $prefixed)->update(['value' => $this->encrypter->encrypt($new)]);
return $new;
});
}
/**
* Display a listing of the resource.
*
* @param Encrypter $encrypter
* @param $hash
* @return Response
* @throws Exception
*/
public function index(Encrypter $encrypter, $hash)
{
try {
$params = $encrypter->decrypt($hash);
$project = $this->projectRepository->find($params['project']);
$user = $project->users->find($params['user']);
if (is_null($user)) {
throw new Exception('the user was not found');
}
$sourceClass = app()->make('Knoters\\Services\\Sources\\' . ucfirst($project->type->name) . 'Service');
$video = $sourceClass->getVideo($project->video_id);
$this->fractal->setSerializer(new ArraySerializer());
JavaScriptFacade::put(['user' => $this->fractal->createData(new Item($user, new UserTransformer()))->toArray(), 'project' => $this->fractal->createData(new Item($project, new ProjectTransformer()))->toArray()]);
return view('editor', ['video' => $video, 'project' => $project]);
} catch (Exception $e) {
throw $e;
$this->errorResponse($e);
}
}
/**
* Get the specified setting value.
*
* @param string $key
* @param mixed $default
* @return mixed
*/
public function get($key, $default = null)
{
$this->fire('getting', $key, [$key, $default]);
$generatedKey = $this->getKey($key);
if ($this->isCacheEnabled()) {
$repository = $this->repository;
$value = $this->cache->rememberForever($generatedKey, function () use($repository, $generatedKey) {
return $repository->get($generatedKey);
});
} else {
$value = $this->repository->get($generatedKey, $default);
}
if (!is_null($value)) {
$value = $this->unserializeValue($this->isEncryptionEnabled() ? $this->encrypter->decrypt($value) : $value);
} else {
$value = $default;
}
$this->fire('get', $key, [$key, $value, $default]);
$this->context(null);
return $value;
}
/**
* Refresh an access_token
* @param User $user
* @return object
*/
public function refreshToken()
{
$response = $this->client->post('oauth2/token', ['body' => ['refresh_token' => $this->crypt->decrypt($this->token->refresh_token), 'client_id' => env('IMGUR_KEY'), 'client_secret' => env('IMGUR_SECRET'), 'grant_type' => 'refresh_token'], 'exceptions' => false]);
$body = $response->getBody();
return json_decode($body);
}
/**
* Determine if the session and input CSRF tokens match.
*
* @param \Illuminate\Http\Request $request
* @return bool
*/
protected function tokensMatch($request)
{
$token = $request->session()->token();
$header = $request->header('X-XSRF-TOKEN');
return StringUtils::equals($token, $request->input('_token')) || $header && StringUtils::equals($token, $this->encrypter->decrypt($header));
}
/**
* Get an item from the storage.
*
* @param string $key
*
* @return string|null
*/
public function get($key)
{
if ($data = $this->store->get($key)) {
return $this->encrypter->decrypt($data);
}
}
/**
* Fire the Closure based queue job.
*
* @param \Illuminate\Contracts\Queue\Job $job
* @param array $data
* @return void
*/
public function fire($job, $data)
{
$closure = unserialize($this->crypt->decrypt($data['closure']));
$closure($job);
}
