/** * Creates an association for OpenID versions 1 and 2. * * This function calls {@link DiffieHellman::associateAsServer()} where required, to * generate the cryptographic values required for an association response. * * @param int $mode either ASSOCIATION_SHARED or ASSOCIATION_PRIVATE * @param string $assoc_type a valid OpenID association type * @link http://openid.net/specs/openid-authentication-1_1.html#anchor14, http://openid.net/specs/openid-authentication-2_0.html#anchor20 */ function __construct($mode = self::ASSOCIATION_SHARED, $assoc_type = 'HMAC-SHA1') { $rand = new Random(); $assoc_types = self::getAssociationTypes(); $this->assoc_handle = $rand->id(); $this->assoc_type = $assoc_type; $mac_size = $assoc_types[$assoc_type]['mac_size']; $this->mac_key = base64_encode($rand->bytes($mac_size)); $this->created = time(); if ($mode == self::ASSOCIATION_PRIVATE) { $this->private = true; } }
/** * Creates a auto login cookie. The login cookie will be based on the * current log in user. * * @param string $id the ID of the series of auto login cookies, Cookies * belonging to the same user and computer have the same ID. If none is specified, * one will be generated * @param int $expires the time at which the cookie will expire. If none is specified * the time specified in {@link SIMPLEID_REMEMBERME_EXPIRES_IN} will be * used * */ protected function createCookie($id = NULL, $expires = NULL) { $user = $this->auth->getUser(); $rand = new Random(); if ($expires == NULL) { $this->logger->log(LogLevel::DEBUG, 'Automatic login token created for ' . $user['uid']); } else { $this->logger->log(LogLevel::DEBUG, 'Automatic login token renewed for ' . $user['uid']); } if ($id == NULL) { $id = $rand->id(); } if ($expires == NULL) { $expires = time() + SIMPLEID_LONG_TOKEN_EXPIRES_IN; } $data = array('typ' => 'rememberme', 'id' => $id, 'uid' => $user['uid'], 'exp' => $expires, 'uaid' => $this->auth->assignUAID()); $token = new SecurityToken(); $cookie = $token->generate($data); $this->f3->set('COOKIE.' . $this->cookie_name, $cookie, SIMPLEID_LONG_TOKEN_EXPIRES_IN); }
/** * Detects the current installed version of SimpleID, selects the individual upgrade * functions applicable to this upgrade and displays the upgrade * selection page. */ function select() { global $upgrade_access_check; $token = new SecurityToken(); if ($this->f3->exists('POST.tk') === false || !$token->verify($this->f3->get('POST.tk'), 'upgrade_info')) { $this->f3->set('message', $this->t('SimpleID detected a potential security attack. Please try again.')); $this->info(); return; } $tpl = new \Template(); $cache = \Cache::instance(); $cache->reset('.upgrade'); $list = $this->getUpgradeList(); if (count($list) == 0) { $this->f3->set('script_complete', $this->t('Your SimpleID installation is up-to-date. This script is complete.')); } else { $rand = new Random(); $upgid = $rand->id(); $cache->set($upgid . '.upgrade', array('list' => $list, 'results' => '')); $this->f3->set('upgid', $upgid); $this->f3->set('tk', $token->generate('upgrade_selection', SecurityToken::OPTION_BIND_SESSION)); $this->f3->set('click_continue', $this->t('Click <strong>Continue</strong> to proceed with the upgrade.')); $this->f3->set('continue_button', $this->t('Continue')); } $this->f3->set('original_version', $this->getVersion()); $this->f3->set('this_version', SIMPLEID_VERSION); $this->f3->set('version_detected', $this->t('The version of SimpleID you are updating from has been automatically detected.')); $this->f3->set('original_version_label', $this->t('Original version')); $this->f3->set('this_version_label', $this->t('Upgrade version')); $this->f3->set('edit_upgrade_php', $this->t('Remember to edit upgrade.php to check <code>$upgrade_access_check</code> back to <code>FALSE</code>.')); $this->f3->set('title', $this->t('Upgrade')); $this->f3->set('page_class', 'dialog-page'); $this->f3->set('layout', 'upgrade_selection.html'); print $tpl->render('page.html'); }
public function __construct($data = array()) { parent::__construct($data); $rand = new Random(); $this->cid = '_' . $rand->id() . '.oauth'; }
/** * Initialises a token. * * @param Authorization $authorization the underlying authorisation * @param array|string $scope the scope of the token * @param int $expires_in the validity of the token, in seconds, or * {@link TTL_PERPETUAL} * @param TokenSource $source the token source * @param array $additional additional data to be stored on the * server */ protected function init($authorization, $scope = array(), $expires_in = self::TTL_PERPETUAL, $source = NULL, $additional = array()) { $rand = new Random(); $this->id = $rand->id(); $this->authorization = $authorization; if (count($scope) == 0) { $this->scope = $authorization->getScope(); } else { $this->scope = $authorization->filterScope($scope); } if ($source != null) { $this->source_ref = $source->getSourceRef(); } if ($expires_in > 0) { $this->expire = time() + $expires_in; } $this->additional = $additional; }
/** * Creates an authorization code. * * Once the authorization code object has been created, the code can be retrieved using * the {@link getCode()} method. * * @param Authorization $authorization the authorization that wishes to generate * this code * @param string|null $redirect_uri the redirect_uri parameter in the authorisation request, if * present * @param array $scope the allowed scope - this should be a subset of the scope provided by the * authorization * @param array $additional additional data to be stored in the authorization code * @return Code the authorization code object */ public static function create($authorization, $redirect_uri, $scope, $additional = array()) { $code = new Code(); $rand = new Random(); $cache = \Cache::instance(); $code->cid = $rand->id(); $code->aid = $authorization->getStoreID(); $code->auth_state = $authorization->getAuthState(); $code->redirect_uri = $redirect_uri; $code->scope = !is_array($scope) ? explode(' ', $scope) : $scope; $code->additional = $additional; $code->expires = time() + SIMPLEID_INSTANT_TOKEN_EXPIRES_IN; $cache->set($code->getCode() . '.code', $code, SIMPLEID_INSTANT_TOKEN_EXPIRES_IN); $code->is_valid = true; return $code; }
/** * Resets the current authorisation state * * @param string the new authorisation state */ public function resetAuthState() { $rand = new Random(); $this->auth_state = substr($rand->id(), -9); return $this->auth_state; }
/** * Generates a token * * @param mixed $payload the payload to include in the token * @param int $options the options for generating the token * @return string the token string */ public function generate($payload, $options = self::OPTION_DEFAULT) { $rand = new Random(); $this->data = array('i' => $rand->id(), 'o' => $options, 'p' => $payload); if (($options & self::OPTION_BIND_SESSION) == self::OPTION_BIND_SESSION) { $this->data['s'] = session_id(); } $token = $this->fernet->encode(gzcompress(serialize($this->data))); if (($options & self::OPTION_NONCE) == self::OPTION_NONCE) { $cache = \Cache::instance(); $cache->set($this->data['i'] . '.token', $token, SIMPLEID_HUMAN_TOKEN_EXPIRES_IN); } return $token; }
/** * Builds the JOSE response. This will return one of the following: * * - A JSON encoded string, if {@link $signed_response_alg} and * {@link $encrypted_response_alg} are both null * - A signed JWT (JWS), if {@link $signed_response_alg} is set * - A JWE containing a nested JWT, if both {@link $signed_response_alg} * and {@link $encrypted_response_alg} are set * * @param SimpleJWT\Keys\KeySet $set the key set used to sign and/or * encrypt the token. If set to null, the default set of keys * configured for the client and the server are loaded * @return string the response body */ function buildJOSE($set = null) { $rand = new Random(); $typ = $this->getType(); if ($typ == 'json') { return json_encode($this->container); } if ($set == null) { $builder = new KeySetBuilder($client); $set = $builder->addClientSecret()->addClientPublicKeys()->addServerPrivateKeys()->toKeySet(); } $headers = array_merge($this->headers, array('alg' => $this->signed_response_alg)); $claims = array_merge($this->container, array('iss' => $this->issuer, 'aud' => $this->client->getStoreID(), 'jti' => $rand->id())); $jwt = new JWT($headers, $claims); try { $token = $jwt->encode($set); } catch (CryptException $e) { return null; } if ($typ == 'jwt') { return $token; } $headers = array('alg' => $this->encrypted_response_alg, 'enc' => $this->encrypted_response_enc, 'cty' => 'JWT'); $jwe = new JWE($headers, $token); try { return $jwe->encrypt($set); } catch (CryptException $e) { return null; } }
/** * Assigns and returns a unique login state for the current * authenticated session with user agent (UALS). * * A UALS uniquely identifies the current authenticated session with * the user agent (e.g. browser). It is reset with each successful * login and logout. The cookie associated with a UALS is only * valid for the current session. * * This function will look for a cookie sent by the user agent with * the name returned by {@link getCookieName()} with a suffix * of uals. If the cookie does not exist, it will generate a * UALS and return it to the user agent with a Set-Cookie * response header. * * @param bool $reset true to reset the UALS * @return string the UALS */ public function assignUALoginState($reset = false) { $name = $this->getCookieName('uals'); if ($this->f3->exists('COOKIE.' . $name) === true && !$reset) { $this->ua_login_state = $this->f3->get('COOKIE.' . $name); } else { $rand = new Random(); $opaque = new OpaqueIdentifier(); $this->ua_login_state = $opaque->generate($this->assignUAID() . ':' . $rand->id()); // We don't use f3->set->COOKIE, as this automatically sets the cookie to be httponly // We want this to be script readable. setcookie($this->getCookieName('uals'), $this->ua_login_state, 0, $this->f3->get('BASE'), '', true, false); } return $this->ua_login_state; }