/** * Complete password reset * * @param string $hash Identification hash of a password reset token * @param string $password New password of the user * @param string $passwordRepeat Confirmation of the new password * @return void * * @validate $password NotEmpty * @validate $passwordRepeat NotEmpty */ public function completePasswordResetAction($hash, $password, $passwordRepeat) { $token = $this->tokenCache->get($hash); if ($token !== FALSE) { $user = $this->frontendUserRepository->findByIdentifier($token['uid']); if ($user !== NULL) { if ($this->hashService->validateHmac($user->getPassword(), $token['hmac'])) { $user->setPassword($this->passwordService->applyTransformations($password)); $this->frontendUserRepository->update($user); $this->tokenCache->remove($hash); if ($this->getSettingValue('passwordReset.loginOnSuccess')) { $this->authenticationService->authenticateUser($user); $this->addLocalizedFlashMessage('resetPassword.completed.login', NULL, FlashMessage::OK); } else { $this->addLocalizedFlashMessage('resetPassword.completed', NULL, FlashMessage::OK); } } else { $this->addLocalizedFlashMessage('resetPassword.failed.expired', NULL, FlashMessage::ERROR); } } else { $this->addLocalizedFlashMessage('resetPassword.failed.invalid', NULL, FlashMessage::ERROR); } } else { $this->addLocalizedFlashMessage('resetPassword.failed.expired', NULL, FlashMessage::ERROR); } $loginPageUid = $this->getSettingValue('login.page'); $this->redirect('showLoginForm', NULL, NULL, NULL, $loginPageUid); }
/** * Checks if the registration can be cancelled and returns an array of variables * * @param int $reguid UID of registration * @param string $hmac HMAC for parameters * * @return array */ public function checkCancelRegistration($reguid, $hmac) { /* @var $registration Registration */ $registration = NULL; $failed = FALSE; $messageKey = 'event.message.cancel_successful'; $titleKey = 'cancelRegistration.title.successful'; if (!$this->hashService->validateHmac('reg-' . $reguid, $hmac)) { $failed = TRUE; $messageKey = 'event.message.cancel_failed_wrong_hmac'; $titleKey = 'cancelRegistration.title.failed'; } else { $registration = $this->registrationRepository->findByUid($reguid); } if (!$failed && is_null($registration)) { $failed = TRUE; $messageKey = 'event.message.cancel_failed_registration_not_found_or_cancelled'; $titleKey = 'cancelRegistration.title.failed'; } if (!$failed && $registration->getEvent()->getEnableCancel() === FALSE) { $failed = TRUE; $messageKey = 'event.message.confirmation_failed_cancel_disabled'; $titleKey = 'cancelRegistration.title.failed'; } if (!$failed && $registration->getEvent()->getCancelDeadline() > 0 && $registration->getEvent()->getCancelDeadline() < new \DateTime()) { $failed = TRUE; $messageKey = 'event.message.cancel_failed_deadline_expired'; $titleKey = 'cancelRegistration.title.failed'; } return array($failed, $registration, $messageKey, $titleKey); }
/** * Returns banners for the given parameters if given Hmac validation succeeds * * @param string $categories * @param string $startingPoint * @param string $displayMode * @param int $currentPageUid * @param string $hmac * @return string */ public function getBannersAction($categories = '', $startingPoint = '', $displayMode = 'all', $currentPageUid = 0, $hmac = '') { $compareString = $currentPageUid . $categories . $startingPoint . $displayMode; if ($this->hashService->validateHmac($compareString, $hmac)) { /** @var \DERHANSEN\SfBanners\Domain\Model\BannerDemand $demand */ $demand = $this->objectManager->get('DERHANSEN\\SfBanners\\Domain\\Model\\BannerDemand'); $demand->setCategories($categories); $demand->setStartingPoint($startingPoint); $demand->setDisplayMode($displayMode); $demand->setCurrentPageUid($currentPageUid); /* Get banners */ $banners = $this->bannerRepository->findDemanded($demand); /* Update Impressions */ $this->bannerRepository->updateImpressions($banners); /* Collect identifier based on uids for all banners */ $ident = $GLOBALS['TSFE']->id . $GLOBALS['TSFE']->sys_language_uid; foreach ($banners as $banner) { $ident .= $banner->getUid(); } $ret = $this->cacheInstance->get(sha1($ident)); if ($ret === false || $ret === null) { $this->view->assign('banners', $banners); $this->view->assign('settings', $this->settings); $ret = $this->view->render(); // Save value in cache $this->cacheInstance->set(sha1($ident), $ret, array('sf_banners'), $this->settings['cacheLifetime']); } } else { $ret = LocalizationUtility::translate('wrong_hmac', 'SfBanners'); } return $ret; }
/** * Verify the request. Checks if there is an __hmac argument, and if yes, tries to validate and verify it. * * In the end, $request->setHmacVerified is set depending on the value. * * @param \TYPO3\CMS\Extbase\Mvc\Web\Request $request The request to verify * @throws \TYPO3\CMS\Extbase\Security\Exception\SyntacticallyWrongRequestHashException * @return void */ public function verifyRequest(\TYPO3\CMS\Extbase\Mvc\Web\Request $request) { if (!$request->getInternalArgument('__hmac')) { $request->setHmacVerified(FALSE); return; } $hmac = $request->getInternalArgument('__hmac'); if (strlen($hmac) < 40) { throw new \TYPO3\CMS\Extbase\Security\Exception\SyntacticallyWrongRequestHashException('Request hash too short. This is a probably manipulation attempt!', 1255089361); } $serializedFieldNames = substr($hmac, 0, -40); // TODO: Constant for hash length needs to be introduced $hash = substr($hmac, -40); if ($this->hashService->validateHmac($serializedFieldNames, $hash)) { $requestArguments = $request->getArguments(); // Unset framework arguments unset($requestArguments['__referrer']); unset($requestArguments['__hmac']); if ($this->checkFieldNameInclusion($requestArguments, unserialize($serializedFieldNames))) { $request->setHmacVerified(TRUE); } else { $request->setHmacVerified(FALSE); } } else { $request->setHmacVerified(FALSE); } }
/** * Checks the HMAC for the given action and registration * * @param \DERHANSEN\SfEventMgt\Domain\Model\Registration $registration * @param string $hmac * @param string $action * @throws InvalidHashException */ protected function validateHmacForAction($registration, $hmac, $action) { $result = $this->hashService->validateHmac($action . '-' . $registration->getUid(), $hmac); if (!$result) { $message = LocalizationUtility::translate('payment.messages.invalidHmac', 'sf_event_mgt'); throw new InvalidHashException($message, 1899934890); } }
/** * @param ElectionInvitation $electionInvitation * @param string $hmac * @return string */ public function voteAction(ElectionInvitation $electionInvitation = null, $hmac = '') { if (null !== $electionInvitation && '' !== $hmac) { $saltedEmail = $electionInvitation->getSecret() . $electionInvitation->getElector()->getEmail(); if ($this->hashService->validateHmac($saltedEmail, $hmac)) { if ($electionInvitation->isVoted()) { $this->addFlashMessage(LocalizationUtility::translate('controller.fe.election.vote.already_voted', 'election'), LocalizationUtility::translate('controller.fe.election.vote.request_failed', 'election'), AbstractMessage::ERROR); $this->redirect(FeDashboardController::ACTION_INDEX, FeDashboardController::CONTROLLER_NAME); } elseif ($electionInvitation->getElectionEndDateAsTimestamp() < time()) { $this->addFlashMessage(LocalizationUtility::translate('controller.fe.election.vote.election_finished', 'election'), LocalizationUtility::translate('controller.fe.election.vote.request_failed', 'election'), AbstractMessage::ERROR); $this->redirect(FeDashboardController::ACTION_INDEX, FeDashboardController::CONTROLLER_NAME); } else { $this->view->assign('electionInvitation', $electionInvitation); $this->view->assign('electionVoting', new ElectionVoting()); } } else { $this->addFlashMessage(LocalizationUtility::translate('controller.fe.election.vote.hmac_invalid', 'election'), LocalizationUtility::translate('controller.fe.election.vote.request_failed', 'election'), AbstractMessage::ERROR); $this->redirect(FeDashboardController::ACTION_INDEX, FeDashboardController::CONTROLLER_NAME); } } else { $this->addFlashMessage(LocalizationUtility::translate('controller.fe.election.vote.no_election_or_hmac', 'election'), LocalizationUtility::translate('controller.fe.election.vote.request_failed', 'election'), AbstractMessage::ERROR); $this->redirect(FeDashboardController::ACTION_INDEX, FeDashboardController::CONTROLLER_NAME); } }
/** * @test */ public function generatedHmacWillNotBeValidatedIfHashHasBeenChanged() { $string = 'asdf'; $hash = 'myhash'; $this->assertFalse($this->hashService->validateHmac($string, $hash)); }
/** * Confirms the registration if possible and sends e-mails to admin and user * * @param int $reguid UID of registration * @param string $hmac HMAC for parameters * * @return void */ public function confirmRegistrationAction($reguid, $hmac) { /* @var $registration Registration */ $registration = NULL; $failed = FALSE; $messageKey = 'event.message.confirmation_successful'; $titleKey = 'confirmRegistration.title.successful'; if (!$this->hashService->validateHmac('reg-' . $reguid, $hmac)) { $failed = TRUE; $messageKey = 'event.message.confirmation_failed_wrong_hmac'; $titleKey = 'confirmRegistration.title.failed'; } else { $registration = $this->registrationRepository->findByUid($reguid); } if (!$failed && is_null($registration)) { $failed = TRUE; $messageKey = 'event.message.confirmation_failed_registration_not_found'; $titleKey = 'confirmRegistration.title.failed'; } if (!$failed && $registration->getConfirmationUntil() < new \DateTime()) { $failed = TRUE; $messageKey = 'event.message.confirmation_failed_confirmation_until_expired'; $titleKey = 'confirmRegistration.title.failed'; } if (!$failed && $registration->getConfirmed() === TRUE) { $failed = TRUE; $messageKey = 'event.message.confirmation_failed_already_confirmed'; $titleKey = 'confirmRegistration.title.failed'; } if ($failed === FALSE) { $registration->setConfirmed(TRUE); $this->registrationRepository->update($registration); // Send notifications to user and admin $this->notificationService->sendUserMessage($registration->getEvent(), $registration, $this->settings, MessageType::REGISTRATION_CONFIRMED); $this->notificationService->sendAdminMessage($registration->getEvent(), $registration, $this->settings, MessageType::REGISTRATION_CONFIRMED); // Confirm registrations depending on main registration if necessary if ($registration->getAmountOfRegistrations() > 1) { $this->registrationService->confirmDependingRegistrations($registration); } } $this->view->assign('messageKey', $messageKey); $this->view->assign('titleKey', $titleKey); }