/**
* Attempt to regenerate the current security token.
*/
public function regenerateToken()
{
// Restrict this functionality to administrators.
$user = Member::currentUserID();
if (Permission::checkMember($user, 'ADMIN')) {
// Attempt to create a random hash.
$regeneration = $this->service->generateHash();
if ($regeneration) {
// Instantiate the new security token.
$token = APIwesomeToken::create();
$token->Hash = $regeneration['hash'];
$token->AdministratorID = $user;
$token->write();
// Temporarily use the session to display the new security token key.
Session::set('APIwesomeToken', "{$regeneration['key']}:{$regeneration['salt']}");
} else {
// Log the failed security token regeneration.
SS_Log::log('APIwesome security token regeneration failed.', SS_Log::ERR);
Session::set('APIwesomeToken', -1);
}
// Determine where the request came from.
$from = $this->getRequest()->getVar('from');
$redirect = $from ? $from : 'admin/json-xml/';
return $this->redirect($redirect);
} else {
return $this->httpError(404);
}
}
/**
* Render the current security token and button for regeneration.
*/
public function getHTMLFragments($gridfield)
{
$existingTokens = APIwesomeToken::get()->exists();
// Temporarily retrieve the session value, preventing storage vulnerabilities.
$currentToken = Session::get('APIwesomeToken');
// Determine the state of the current security token.
$token = "<div class='token'>";
if ($currentToken === -1) {
$status = 'error';
$token .= strtoupper($status);
} else {
if (!$existingTokens) {
$status = 'invalid';
$token .= strtoupper($status);
} else {
$status = 'valid';
$token .= $currentToken ? $currentToken : strtoupper($status);
}
}
$token .= '</div>';
// Determine the current controller.
$regenerateURL = 'apiwesome/regenerateToken';
$controller = Controller::curr();
if (!$controller instanceof APIwesomeAdmin) {
$regenerateURL .= '?from=' . $controller->Link();
}
return array('before' => "<div class='apiwesome wrapper'>\n\t\t\t\t<div class='apiwesome admin {$status}'>\n\t\t\t\t\t<div><strong>Security Token</strong></div>\n\t\t\t\t\t{$token}\n\t\t\t\t\t<a href='{$regenerateURL}' class='regenerate ss-ui-action-constructive ss-ui-button ui-button ui-widget ui-state-default ui-corner-all ui-button-text-icon-primary' data-icon='arrow-circle-double'>Regenerate »</a>\n\t\t\t\t</div>\n\t\t\t</div>");
}
public function validateToken($token)
{
// Compare the token against the current security token.
$token = explode(':', $token);
$currentToken = APIwesomeToken::get()->sort('Created', 'DESC')->first();
if (count($token) === 2 && ($generation = $this->generateHash($token[0], $token[1])) && $currentToken) {
$hash = $generation['hash'];
if ($hash === $currentToken->Hash) {
// The token matches the current security token.
return self::VALID;
} else {
$tokens = APIwesomeToken::get()->sort('Created', 'DESC');
foreach ($tokens as $token) {
if ($hash === $token->Hash) {
// The token matches a previous security token.
return self::EXPIRED;
}
}
}
}
// The token does not match a security token.
return self::INVALID;
}
