public function setUp() { require 'bootstrap.php'; $session = new Hm_Mock_Session(); $request = new Hm_Mock_Request('AJAX'); Hm_Request_Key::load($session, $request, false); }
public function process() { /* new session or one not passed the second auth */ if ($this->session->loaded || $this->session->get('2fa_required', false)) { /* ini file location */ $ini_file = rtrim($this->config->get('app_data_dir', ''), '/') . '/swipeidentity.ini'; /* data for the swipe api */ $swipe_username = $this->session->get('username', false); $swipe_address = $this->request->server['REMOTE_ADDR']; $required = true; /* get api config and object */ list($api, $api_config) = setup_swipe_api($ini_file); $started = start_api($api, $api_config); if (!$started) { $this->out('2fa_fatal', true); } /* get current 2fa state */ if (!array_key_exists('2fa_sms_response', $this->request->post)) { $state = get_secondfactor_state($api, $api_config, $swipe_username, $swipe_address); } else { $state = RC_SMS_DELIVERED; } /* pass a key and no redirect flag to the output modules */ $this->out('no_redirect', true); Hm_Request_Key::load($this->session, $this->request, false); $this->out('2fa_key', Hm_Request_Key::generate()); $sms_number = false; $sms_response = false; /* if the user has not registered a phone number yet look for one in POST */ if ($state == NEED_REGISTER_SMS && array_key_exists('sms_number', $this->request->post)) { /* remove non numeric delimiters */ $sms_number = preg_replace("/[^\\d]/", "", $this->request->post['sms_number']); /* US phone numbers only for now */ if (preg_match("/^1\\d{10}\$/", $sms_number)) { $submit_number = $sms_number; /* set the phone number using the api */ $api->setUserSmsNumber($swipe_username, $api_config["com.swipeidentity.api.appcode"], $submit_number); /* refecth the status */ $state = get_secondfactor_state($api, $api_config, $swipe_username, $swipe_address); /* number rejected by swipe */ if ($state == NEED_REGISTER_SMS) { $this->out('2fa_error', 'Invalid phone number'); } } else { $this->out('2fa_error', 'Invalid phone number format'); } } elseif ($state == RC_SMS_DELIVERED && array_key_exists('2fa_sms_response', $this->request->post)) { if (preg_match("/^\\d{5}\$/", $this->request->post['2fa_sms_response'])) { $sms_response = $this->request->post['2fa_sms_response']; /* validate the sms response with the api */ $resp = $api->answerSMS($swipe_username, $api_config["com.swipeidentity.api.appcode"], $sms_response); /* success! allow the user to login */ if ($resp->getReturnCode() == RC_SMS_ANSWER_ACCEPTED) { $required = false; } else { $state = get_secondfactor_state($api, $api_config, $swipe_username, $swipe_address); $this->out('2fa_error', 'Response did not match! A new sms code has been sent'); } } else { $this->out('2fa_error', 'Incorrectly formatted response, please re-enter the sms code'); } } /* if required is true we still have not completed the 2fa */ if ($required) { /* pass required flag to modules */ $this->session->set('2fa_required', true); $this->out('2fa_required', true); $this->out('2fa_state', $state); /* close the session early */ $this->session->close_early(); } else { /* unset any previously set required flags */ $this->session->set('2fa_required', false); $this->out('2fa_required', false); } } }
/** * @preserveGlobalState disabled * @runInSeparateProcess */ public function test_key_load() { $this->assertEquals('fakefingerprint', Hm_Request_Key::generate()); $session = new Hm_Mock_Session(); $request = new Hm_Mock_Request('AJAX'); $session->loaded = false; Hm_Request_Key::load($session, $request, false); $this->assertEquals('fakefingerprint', Hm_Request_Key::generate()); }
/** * Destroy a session for good * @param object $request request details * @return void */ public function destroy($request) { if (function_exists('delete_uploaded_files')) { delete_uploaded_files($this); } if ($this->dbh) { $sql = $this->dbh->prepare("delete from hm_user_session where hm_id=?"); $sql->execute(array($this->session_key)); } $this->secure_cookie($request, $this->cname, '', time() - 3600); $this->secure_cookie($request, 'hm_id', '', time() - 3600); $this->active = false; Hm_Request_Key::load($this, $request, false); }
/** * Perform a new login if the form was submitted, otherwise check for and continue a session if it exists */ public function process() { if (!$this->get('create_username', false)) { list($success, $form) = $this->process_form(array('username', 'password')); if ($success) { $this->session->check($this->request, rtrim($form['username']), $form['password']); $this->session->set('username', rtrim($form['username'])); } else { $this->session->check($this->request); } if ($this->session->is_active()) { Hm_Page_Cache::load($this->session); $this->out('changed_settings', $this->session->get('changed_settings', array()), false); } } Hm_Request_Key::load($this->session, $this->request, $this->session->loaded); $this->process_key(); }
/** * Validate a form key. If this is a non-empty POST form from an * HTTP request or AJAX update, it will take the user to the home * page if the page_key value is either not present or not valid * @return void */ public function process_key() { Hm_Request_Key::load($this->session, $this->request, $this->session->loaded); if (empty($this->request->post)) { return false; } $key = array_key_exists('hm_page_key', $this->request->post) ? $this->request->post['hm_page_key'] : false; $valid = Hm_Request_Key::validate($key); if (!$valid) { if ($this->request->type == 'AJAX') { if (DEBUG_MODE) { Hm_Debug::add('REQUEST KEY check failed'); Hm_Debug::load_page_stats(); Hm_Debug::show('log'); } Hm_Functions::cease(json_encode(array('status' => 'not callable'))); return 'exit'; } else { if ($this->session->loaded) { $this->session->destroy($this->request); } Hm_Debug::add('REQUEST KEY check failed'); Hm_Dispatch::page_redirect('?page=home'); return 'redirect'; } } return false; }
/** * @preserveGlobalState disabled * @runInSeparateProcess */ public function test_process_key() { /* TODO: fix assertions */ $session = new Hm_Mock_Session(); $request = new Hm_Mock_Request('AJAX'); Hm_Request_Key::load($session, $request, false); $request->post = array(); $this->handler_mod->request->post = array(); $this->assertFalse($this->handler_mod->process_key()); $request->post['hm_page_key'] = 'asdf'; $this->handler_mod->request->post['hm_page_key'] = 'asdf'; Hm_Request_Key::load($session, $request, false); $this->assertEquals('redirect', $this->handler_mod->process_key()); $this->handler_mod->request->type = 'AJAX'; $this->assertEquals('exit', $this->handler_mod->process_key()); $this->handler_mod->request->post['hm_page_key'] = 'fakefingerprint'; $this->assertFalse($this->handler_mod->process_key()); }