public function testHash() { $input = 'random string'; $timestamp = date('c'); $iteration = 250; $salt = 'sodium chrloride'; $control = OpauthStrategy::hash($input, $timestamp, $iteration, $salt); $this->assertFalse(empty($control)); // Ensure iteration is taken into account and producing different hash $diffIteration = OpauthStrategy::hash($input, $timestamp, 888, $salt); $this->assertFalse(empty($diffIteration)); $this->assertFalse($diffIteration == $control); $diffIteration2 = OpauthStrategy::hash($input, $timestamp, 99999, $salt); $this->assertFalse(empty($diffIteration2)); $this->assertFalse($diffIteration2 == $control); $this->assertFalse($diffIteration2 == $diffIteration); $diffIteration3 = OpauthStrategy::hash($input, $timestamp, 0, $salt); $this->assertFalse($diffIteration3); // Ensure salt is taken into account and producing different hash $diffSalt = OpauthStrategy::hash($input, $timestamp, $iteration, 'a98woj34 89789&SFDIU(@&*#(*@$'); $this->assertFalse(empty($diffSalt)); $this->assertFalse($diffSalt == $control); $diffSalt2 = OpauthStrategy::hash($input, $timestamp, $iteration, null); $this->assertFalse(empty($diffSalt2)); $this->assertFalse($diffSalt2 == $control); $this->assertFalse($diffSalt2 == $diffSalt); }
/** * Validate $auth response * Accepts either function call or HTTP-based call * * @param string $input = sha1(print_r($auth, true)) * @param string $timestamp = $_REQUEST['timestamp']) * @param string $signature = $_REQUEST['signature'] * @param string $reason Sets reason for failure if validation fails * @return boolean true: valid; false: not valid. */ public function validate($input = null, $timestamp = null, $signature = null, &$reason = null) { $functionCall = true; if (!empty($_REQUEST['input']) && !empty($_REQUEST['timestamp']) && !empty($_REQUEST['signature'])) { $functionCall = false; $provider = $_REQUEST['input']; $timestamp = $_REQUEST['timestamp']; $signature = $_REQUEST['signature']; } $timestamp_int = strtotime($timestamp); if ($timestamp_int < strtotime('-' . $this->env['security_timeout']) || $timestamp_int > time()) { $reason = "Auth response expired"; return false; } $hash = OpauthStrategy::hash($input, $timestamp, $this->env['security_iteration'], $this->env['security_salt']); if (strcasecmp($hash, $signature) !== 0) { $reason = "Signature does not validate"; return false; } return true; }
/** * @depends testValidate */ public function testValidateTimeout(array $response) { $config = array('security_salt' => 'k9QVRc7R3woOOVyJgOFBv2Rp9bxQsGtRbaOraP7ePXuyzh0GkrNckKjI4MV1KOy', 'security_iteration' => 919, 'security_timeout' => '1 minute'); $response['timestamp'] = date('c', time() - 90); $response['signature'] = OpauthStrategy::hash(sha1(print_r($response['auth'], true)), $response['timestamp'], $config['security_iteration'], $config['security_salt']); $Opauth = self::instantiateOpauthForTesting($config); $this->assertFalse($Opauth->validate(sha1(print_r($response['auth'], true)), $response['timestamp'], $response['signature'], $reason)); $this->assertEquals($reason, 'Auth response expired'); }