/** * Allows for easy swapping out of nonce generator. * @return string One unique nonce */ private function makeNonce() { do { $nonce = StringUtils::randomString(); } while ($this->nonceExists($nonce)); return $nonce; }
protected function createDriver($parameters) { $driver = parent::createDriver($parameters); $driverName = strtolower($parameters['driver']); if (StringUtils::startsWith($driverName, 'pdo_')) { $driverName = substr($driverName, 4); } $this->driverName = $driverName; return $driver; }
/** * Change the password of a user given their e-mail address * * The function will change the password of a user given their e-mail * address. If there are multiple users with the same e-mail address, and * this should never be the case, all of their passwords would be changed. * * The function will generate a new salt for every password change. * * @param string $email The e-mail of the user whose password is being * changed. * @param string $password The new password. * * @return void * * @throws PasswordChangeException Thrown when password change has failed. * */ public function changePassword($email, $password) { $salt = StringUtils::random(); $hash = Provider::hashPassword($password, $salt); $user = $this->usersTableGateway->select(['email' => $email])->current(); if (!$user) { throw new \InvalidArgumentException(__t('User not found')); } try { $update = ['password' => $hash, 'salt' => $salt, 'access_token' => sha1($user->id . StringUtils::random())]; $changed = $this->usersTableGateway->update($update, ['email' => $email]); if ($changed == 0) { throw new PasswordChangeException(__t('Could not change password for ') . $email . ': ' . __t('e-mail not found.')); } } catch (\PDOException $ex) { throw new PasswordChangeException(__t('Failed to change password') . ': ' . str($ex)); } }
/** * Add Directus default user * * @param array $data * @return array */ public static function addDefaultUser($data) { $db = Bootstrap::get('ZendDb'); $tableGateway = new TableGateway('directus_users', $db); $hash = password_hash($data['directus_password'], PASSWORD_DEFAULT, ['cost' => 12]); $data['user_salt'] = StringUtils::randomString(); $data['user_token'] = StringUtils::randomString(32); $data['avatar'] = get_gravatar($data['directus_email']); $tableGateway->insert(['active' => 1, 'first_name' => 'Admin', 'last_name' => 'User', 'email' => $data['directus_email'], 'password' => $hash, 'salt' => $data['user_salt'], 'avatar' => $data['avatar'], 'group' => 1, 'token' => $data['user_token'], 'language' => ArrayUtils::get($data, 'default_language', 'en')]); return $data; }
public function testReplacePlaceholder() { $string = 'I went to {{place}}'; $data = ['place' => 'Portland']; $expected = 'I went to Portland'; $this->assertEquals($expected, StringUtils::replacePlaceholder($string, $data)); $this->assertEquals($expected, StringUtils::replacePlaceholder($string, $data, StringUtils::PLACEHOLDER_DOUBLE_MUSTACHE)); $string = 'I went to %{place}'; $this->assertEquals($expected, StringUtils::replacePlaceholder($string, $data, StringUtils::PLACEHOLDER_PERCENTAGE_MUSTACHE)); $string = 'Took a flight from {{from_airport}} to {{to_airport}}'; $data = ['from_airport' => 'SFO', 'to_airport' => 'PDX']; $expected = 'Took a flight from SFO to PDX'; $this->assertEquals($expected, StringUtils::replacePlaceholder($string, $data)); $this->assertEquals($expected, StringUtils::replacePlaceholder($string, $data, StringUtils::PLACEHOLDER_DOUBLE_MUSTACHE)); $string = 'Took a flight from %{from_airport} to %{to_airport}'; $this->assertEquals($expected, StringUtils::replacePlaceholder($string, $data, StringUtils::PLACEHOLDER_PERCENTAGE_MUSTACHE)); }
})->name('auth_permissions'); $app->post("/{$v}/hash/?", function () use($app) { if (!(isset($_POST['password']) && !empty($_POST['password']))) { return JsonView::render(['success' => false, 'message' => __t('hash_must_provide_string')]); } $salt = isset($_POST['salt']) && !empty($_POST['salt']) ? $_POST['salt'] : ''; $hashedPassword = Auth::hashPassword($_POST['password'], $salt); return JsonView::render(['success' => true, 'password' => $hashedPassword]); }); $app->post("/{$v}/random/?", function () use($app) { // default random string length $length = 32; if (array_key_exists('length', $_POST)) { $length = (int) $_POST['length']; } $randomString = StringUtils::randomString($length); return JsonView::render(['random' => $randomString]); }); $app->get("/{$v}/privileges/:groupId(/:tableName)/?", function ($groupId, $tableName = null) use($acl, $ZendDb, $params, $requestPayload, $app) { $currentUser = Auth::getUserRecord(); $myGroupId = $currentUser['group']; if ($myGroupId != 1) { throw new Exception(__t('permission_denied')); } $privileges = new DirectusPrivilegesTableGateway($acl, $ZendDb); $response = $privileges->fetchPerTable($groupId, $tableName); if (!$response) { $app->response()->setStatus(404); $response = ['message' => __t('unable_to_find_privileges_for_x_in_group_x', ['table' => $tableName, 'group_id' => $groupId]), 'success' => false]; } return JsonView::render($response);
/** * After a successful login attempt, registers the user in the session. * @param int $uid The User account's ID. * @return null * @throws \Directus\Auth\UserAlreadyLoggedInException */ private static function completeLogin($uid) { self::prependSessionKey(); if (self::loggedIn()) { throw new UserAlreadyLoggedInException(__t('attempting_to_authenticate_a_user_when_a_user_is_already_authenticated')); } $user = ['id' => $uid, 'access_token' => sha1($uid . StringUtils::randomString())]; $_SESSION[self::$SESSION_KEY] = $user; self::$authenticated = true; }
/** * @inheritDoc */ public function getCode($data) { return StringUtils::replacePlaceholder($this->getFormatTemplate(), $data); }
function __t($key, $data = []) { static $phrases; if (!$phrases) { $phrases = get_phrases(get_user_locale()); } $phrase = isset($phrases[$key]) ? $phrases[$key] : $key; $phrase = \Directus\Util\StringUtils::replacePlaceholder($phrase, $data, \Directus\Util\StringUtils::PLACEHOLDER_PERCENTAGE_MUSTACHE); return $phrase; }
private function updatePassword() { $data = []; $options = $this->options; foreach ($options as $key => $value) { switch ($key) { case 'uid': case 'u': $data['id'] = $value; unset($options[$key]); break; case 'upass': case 'p': $data['password'] = $value; unset($options[$key]); break; } } if (!isset($data['password']) || !isset($data['id'])) { echo PHP_EOL . __t('Missing User ID or Password') . PHP_EOL; exit; } $zendDb = Bootstrap::get('zendDb'); $userTableGateway = new TableGateway('directus_users', $zendDb); $result = $userTableGateway->update(['password' => \Directus\Auth\Provider::hashPassword($data['password']), 'access_token' => sha1($data['id'] . \Directus\Util\StringUtils::random())], ['id' => $data['id']]); $message = 'Error trying to update the password.'; if ($result) { $message = 'Password updated successfully'; } echo PHP_EOL . __t($message) . PHP_EOL; }