/**
  * Generate a new random token and store it
  *
  * @return string Token name
  */
 protected function genToken()
 {
     // Generate a new random token (as random as possible)
     $rg = new RandomGenerator();
     $token = $rg->randomToken('md5');
     // Store a file in the session save path (safer than /tmp, as open_basedir might limit that)
     file_put_contents($this->pathForToken($token), $token);
     return $token;
 }
 /**
  * Creates a new random token and hashes it using the
  * member information
  * @param Member $member The logged in user
  * @return string The hash to be stored in the database
  */
 public function getNewHash(Member $member)
 {
     $generator = new RandomGenerator();
     $this->setToken($generator->randomToken('sha1'));
     return $member->encryptWithUserSettings($this->token);
 }
 /**
  * Return a string value stored in the {@link Member->Salt} property.
  *
  * @uses RandomGenerator
  *
  * @param string $password Cleartext password
  * @param Member $member (Optional)
  * @return string Maximum of 50 characters
  */
 public function salt($password, $member = null)
 {
     $generator = new RandomGenerator();
     return substr($generator->randomToken('sha1'), 0, 50);
 }
 /**
  * @uses RandomGenerator
  *
  * @return String
  */
 protected function generate()
 {
     $generator = new RandomGenerator();
     return $generator->randomToken('sha1');
 }
 /**
  * Generate an auto login token which can be used to reset the password,
  * at the same time hashing it and storing in the database.
  *
  * @param int $lifetime The lifetime of the auto login hash in days (by default 2 days)
  *
  * @returns string Token that should be passed to the client (but NOT persisted).
  *
  * @todo Make it possible to handle database errors such as a "duplicate key" error
  */
 public function generateAutologinTokenAndStoreHash($lifetime = 2)
 {
     do {
         $generator = new RandomGenerator();
         $token = $generator->randomToken();
         $hash = $this->encryptWithUserSettings($token);
     } while (DataObject::get_one('SilverStripe\\Security\\Member', array('"Member"."AutoLoginHash"' => $hash)));
     $this->AutoLoginHash = $hash;
     $this->AutoLoginExpired = date('Y-m-d H:i:s', time() + 86400 * $lifetime);
     $this->write();
     return $token;
 }
 public function testGenerateHashWithAlgorithm()
 {
     $r = new RandomGenerator();
     $this->assertNotNull($r->randomToken('md5'));
     $this->assertNotEquals($r->randomToken(), $r->randomToken('md5'));
 }
 public function testDisableSecurityTokenAcceptsSubmissionWithoutToken()
 {
     SecurityToken::enable();
     $expectedToken = SecurityToken::inst()->getValue();
     $response = $this->get('FormTest_ControllerWithSecurityToken');
     // can't use submitForm() as it'll automatically insert SecurityID into the POST data
     $response = $this->post('FormTest_ControllerWithSecurityToken/Form', array('Email' => '*****@*****.**', 'action_doSubmit' => 1));
     $this->assertEquals(400, $response->getStatusCode(), 'Submission fails without security token');
     // Generate a new token which doesn't match the current one
     $generator = new RandomGenerator();
     $invalidToken = $generator->randomToken('sha1');
     $this->assertNotEquals($invalidToken, $expectedToken);
     // Test token with request
     $response = $this->get('FormTest_ControllerWithSecurityToken');
     $response = $this->post('FormTest_ControllerWithSecurityToken/Form', array('Email' => '*****@*****.**', 'action_doSubmit' => 1, 'SecurityID' => $invalidToken));
     $this->assertEquals(200, $response->getStatusCode(), 'Submission reloads form if security token invalid');
     $this->assertTrue(stripos($response->getBody(), 'name="SecurityID" value="' . $expectedToken . '"') !== false, 'Submission reloads with correct security token after failure');
     $this->assertTrue(stripos($response->getBody(), 'name="SecurityID" value="' . $invalidToken . '"') === false, 'Submission reloads without incorrect security token after failure');
     $matched = $this->cssParser()->getBySelector('#Form_Form_Email');
     $attrs = $matched[0]->attributes();
     $this->assertEquals('*****@*****.**', (string) $attrs['value'], 'Submitted data is preserved');
     $response = $this->get('FormTest_ControllerWithSecurityToken');
     $tokenEls = $this->cssParser()->getBySelector('#Form_Form_SecurityID');
     $this->assertEquals(1, count($tokenEls), 'Token form field added for controller without disableSecurityToken()');
     $token = (string) $tokenEls[0];
     $response = $this->submitForm('Form_Form', null, array('Email' => '*****@*****.**', 'SecurityID' => $token));
     $this->assertEquals(200, $response->getStatusCode(), 'Submission suceeds with security token');
 }