/** * Receives auth response and does validation. * * @return void */ public function callback() { $response = $this->request->query; $user = $this->request->query('user'); $timestamp = $this->request->query('timestamp'); $auth = $this->request->query('auth'); if ($user && $timestamp && $auth && UniLoginUtil::hashEquals(UniLoginUtil::calculateFingerprint($timestamp, $user), $auth)) { $response['validated'] = true; } else { $response['validated'] = false; } $completeUrl = Configure::read('UniLogin.application.completeUrl'); $returnUrl = $this->request->query('returnUrl'); if ($returnUrl) { $completeUrl = $returnUrl; } $response['secret'] = Configure::read('UniLogin.application.secret'); return $this->_dispatch($completeUrl, $response); }
/** * Tests `UniLoginUtil::hashEquals`. * * @return void */ public function testHashEquals() { $knownString = 'abc'; $userString = 'abc'; $result = UniLoginUtil::hashEquals($knownString, $userString); $this->assertTrue($result); $knownString = 'abcde'; $userString = 'abc'; $result = UniLoginUtil::hashEquals($knownString, $userString); $this->assertFalse($result); $knownString = 'abc'; $userString = 'def'; $result = UniLoginUtil::hashEquals($knownString, $userString); $this->assertFalse($result); }