/** * Generates a serialized, encrypted and base64-encoded for identifying a user, * usually for using it in an URL * * @param User $user The user Entity * @param int $validForSeconds how long the token should be valid * @param array $additionalData Optional additional data for storage in the encrypted token * @return string */ public function getTokenForUser(User $user, $validForSeconds = null, array $additionalData = []) { $tokenData = ['user_id' => $user->id, 'generated' => time(), 'validForSeconds' => $validForSeconds, 'additionalData' => $additionalData]; $tokenDataString = serialize($tokenData); $encrypted = Security::encrypt($tokenDataString, Configure::read('Security.cryptKey')); return base64_encode($encrypted); }
/** * Marshalls request data into PHP strings. * * @param mixed $value The value to convert. * @return mixed Converted value. */ public function marshal($value) { if ($value === null) { return $value; } return base64_encode(Security::encrypt($value, Configure::read('Security.key'))); }
/** * Setup * * @return void */ public function setUp() { parent::setUp(); $this->type = Type::build('encryptedsecurity'); $this->driver = $this->getMockBuilder('Cake\\Database\\Driver')->getMock(); $this->crypted = base64_encode(Security::encrypt('string', Configure::read('Security.key'))); }
/** * Encrypts $value using public $type method in Security class * * @param string $value Value to encrypt * @param string|bool $encrypt Encryption mode to use. False * disabled encryption. * @param string|null $key Used as the security salt only in this time for tests if specified. * @return string Encoded values */ protected function _encrypt($value, $encrypt, $key = null) { if (is_array($value)) { $value = $this->_implode($value); } if ($encrypt === false) { return $value; } $this->_checkCipher($encrypt); $prefix = "Q2FrZQ==."; $cipher = null; if (!isset($key)) { $key = $this->_getCookieEncryptionKey(); } if ($encrypt === 'rijndael') { $cipher = Security::rijndael($value, $key, 'encrypt'); } if ($encrypt === 'aes') { $cipher = Security::encrypt($value, $key); } return $prefix . base64_encode($cipher); }
/** * Encrypts $value using public $type method in Security class * * @param string $value Value to encrypt * @param string|bool $encrypt Encryption mode to use. False * disabled encryption. * @return string Encoded values */ protected function _encrypt($value, $encrypt) { if (is_array($value)) { $value = $this->_implode($value); } if (!$encrypt) { return $value; } $this->_checkCipher($encrypt); $prefix = "Q2FrZQ==."; if ($encrypt === 'rijndael') { $cipher = Security::rijndael($value, $this->_config['key'], 'encrypt'); } if ($encrypt === 'aes') { $cipher = Security::encrypt($value, $this->_config['key']); } return $prefix . base64_encode($cipher); }
/** * encrypt method * * @param array|string $value * @return string */ protected function _encrypt($value) { if (is_array($value)) { $value = $this->_implode($value); } return "Q2FrZQ==." . base64_encode(Security::encrypt($value, $this->Cookie->config('key'))); }
/** * Encrypt a value * @param type $value Value to be encrypted * @return type Encrypted value */ public function encrypt($value) { return Security::encrypt($value, $this->config('key'), $this->config('salt')); }
/** * Encrypt a string * * @param string $value string to encrypt * @return string */ protected function _encrypt($value) { return base64_encode(Security::encrypt($value, $this->_encryptionKey())); }
/** * Test that values encrypted with open ssl can be decrypted with mcrypt and the reverse. * * @return void */ public function testEngineEquivalence() { $this->skipIf(!defined('MCRYPT_RIJNDAEL_128'), 'This needs mcrypt extension to be loaded.'); $restore = Security::engine(); $txt = "Obi-wan you're our only hope"; $key = 'This is my secret key phrase it is quite long.'; $salt = 'A tasty salt that is delicious'; Security::engine(new Mcrypt()); $cipher = Security::encrypt($txt, $key, $salt); $this->assertEquals($txt, Security::decrypt($cipher, $key, $salt)); Security::engine(new OpenSsl()); $this->assertEquals($txt, Security::decrypt($cipher, $key, $salt)); Security::engine(new OpenSsl()); $cipher = Security::encrypt($txt, $key, $salt); $this->assertEquals($txt, Security::decrypt($cipher, $key, $salt)); Security::engine(new Mcrypt()); $this->assertEquals($txt, Security::decrypt($cipher, $key, $salt)); }
/** * Test that values encrypted with open ssl can be decrypted with mcrypt and the reverse. * * @return void */ public function testEngineEquivalence() { $restore = Security::engine(); $txt = "Obi-wan you're our only hope"; $key = 'This is my secret key phrase it is quite long.'; $salt = 'A tasty salt that is delicious'; Security::engine(new Mcrypt()); $cipher = Security::encrypt($txt, $key, $salt); $this->assertEquals($txt, Security::decrypt($cipher, $key, $salt)); Security::engine(new OpenSsl()); $this->assertEquals($txt, Security::decrypt($cipher, $key, $salt)); Security::engine(new OpenSsl()); $cipher = Security::encrypt($txt, $key, $salt); $this->assertEquals($txt, Security::decrypt($cipher, $key, $salt)); Security::engine(new Mcrypt()); $this->assertEquals($txt, Security::decrypt($cipher, $key, $salt)); }
/** * {@inheritdoc} */ public function encrypt($plain) { return Security::encrypt($plain, $this->__key); }
/** * Test encrypting falsey data * * @return void */ public function testEncryptDecryptFalseyData() { $key = 'This is a key that is long enough to be ok.'; $result = Security::encrypt('', $key); $this->assertSame('', Security::decrypt($result, $key)); $result = Security::encrypt(false, $key); $this->assertSame('', Security::decrypt($result, $key)); $result = Security::encrypt(null, $key); $this->assertSame('', Security::decrypt($result, $key)); $result = Security::encrypt(0, $key); $this->assertSame('0', Security::decrypt($result, $key)); $result = Security::encrypt('0', $key); $this->assertSame('0', Security::decrypt($result, $key)); }
/** * Login and register page. * * @return \Cake\Network\Response|void */ public function login() { //Handle Maintenances if (Configure::read('User.Login.enabled') === false) { $this->Flash->error(__("The Login action is disabled for the moment, please try again later.")); } if (Configure::read('User.Register.enabled') === false && Configure::read('Site.maintenance') === false) { $this->Flash->error(__("The Register action is disabled for the moment, please try again later.")); } if (Configure::read('Site.maintenance') === true) { $this->Flash->error(__("While the site is in maintenance, you can not register a new account.")); } if ($this->request->is('post')) { $method = $this->request->data['method'] ? $this->request->data['method'] : false; switch ($method) { case "login": if (Configure::read('User.Login.enabled') === false) { $userRegister = $userRegister = $this->Users->newEntity($this->request->data); break; } $userLogin = $this->Auth->identify(); if ($userLogin) { if ($userLogin['is_deleted'] == true) { $this->Flash->error(__("This account has been deleted.")); $userRegister = $this->Users->newEntity($this->request->data); break; } //Check the 2FA if the user has enabled it. if ($userLogin['two_factor_auth_enabled'] == true && $this->TwoFactorAuth->isAuthorized($userLogin['id']) === false) { //Write the cookie $cookie = base64_encode(Security::encrypt($userLogin['id'], Configure::read('Security.key'))); $this->Cookie->configKey('CookieTfa', ['expires' => '+1 hour', 'httpOnly' => true]); $this->Cookie->write('CookieTfa', $cookie); return $this->redirect(['action' => 'tfa']); } $this->_handleLogin($userLogin); $this->Auth->setUser($userLogin); $user = $this->Users->newEntity($userLogin, ['accessibleFields' => ['id' => true]]); $user->isNew(false); $user->last_login = new Time(); $user->last_login_ip = $this->request->clientIp(); $this->Users->save($user); //Cookies. $this->Cookie->configKey('CookieAuth', ['expires' => '+1 year', 'httpOnly' => true]); $this->Cookie->write('CookieAuth', ['username' => $this->request->data('username'), 'password' => $this->request->data('password')]); //Badge Event. $this->eventManager()->attach(new Badges($this)); $user = new Event('Model.Users.register', $this, ['user' => $user]); $this->eventManager()->dispatch($user); $url = $this->Auth->redirectUrl(); if (substr($this->Auth->redirectUrl(), -5) == 'login') { $url = ['controller' => 'pages', 'action' => 'home']; } return $this->redirect($url); } $user = $this->Users->find()->where(['username' => $this->request->data['username']])->select(['id', 'group_id', 'username', 'email'])->first(); if (!is_null($user)) { //Users Event. $this->eventManager()->attach(new Users()); $event = new Event('Users.login.failed', $this, ['user_id' => $user->id, 'username' => $user->username, 'group_id' => $user->group_id, 'user_ip' => $this->request->clientIp(), 'user_email' => $user->email, 'user_agent' => $this->request->header('User-Agent'), 'action' => 'user.connection.manual.failed']); $this->eventManager()->dispatch($event); } $this->Flash->error(__("Your username or password doesn't match.")); $userRegister = $this->Users->newEntity($this->request->data); break; case "register": $userRegister = $this->Users->newEntity($this->request->data, ['validate' => 'create']); //Handle Maintenances if (Configure::read('Site.maintenance') === true || Configure::read('User.Register.enabled') === false) { break; } $userRegister->register_ip = $this->request->clientIp(); $userRegister->last_login_ip = $this->request->clientIp(); $userRegister->last_login = new Time(); if ($this->Recaptcha->verify() || Configure::read('Recaptcha.bypass') === true) { if ($this->Users->save($userRegister)) { $user = $this->Auth->identify(); if ($user) { $this->Auth->setUser($user); } $user = $this->Users->get($user['id']); //Statistics Event. $this->eventManager()->attach(new Statistics()); $stats = new Event('Model.Users.register', $this); $this->eventManager()->dispatch($stats); //Notification Events. $this->eventManager()->attach(new Notifications()); $event = new Event('Model.Notifications.new', $this, ['user_id' => $user->id, 'type' => 'bot']); $this->eventManager()->dispatch($event); $viewVars = ['user' => $user, 'name' => $user->full_name]; $this->getMailer('User')->send('register', [$user, $viewVars]); $this->Flash->success(__("Your account has been created successfully !")); $url = $this->Auth->redirectUrl(); if (substr($this->Auth->redirectUrl(), -5) == 'login') { $url = ['controller' => 'pages', 'action' => 'home']; } return $this->redirect($url); } $this->Flash->error(__("Please, correct your mistake.")); } else { $this->Flash->error(__("Please, correct your Captcha.")); } break; } } else { //Save the referer URL before the user send the login/register request else it will delete the referer. $this->request->session()->write('Auth.redirect', $this->referer()); $userRegister = $this->Users->newEntity($this->request->data, ['validate' => 'create']); } if ($this->Auth->user()) { return $this->redirect($this->Auth->redirectUrl()); } $this->set(compact('userRegister')); }
/** * Encrypt a value * * @param type $value Value to be encrypted * @return type Encrypted value */ protected function _encrypt($value) { return Security::encrypt($value, $this->options['key'], $this->options['salt']); }