/** * Authenticate users based on their JWT. This is inspired by * the method _findUser in admads JWT plugin * * @see https://github.com/ADmad/cakephp-jwt-auth/blob/master/src/Auth/JwtAuthenticate.php * @param string $token The token identifier. * @param mixed $extra Unused * @return array */ public function processAuthenticate($token, $extra = null) { try { $token = JWT::decode($token, Security::salt(), Configure::read('Websockets.allowedAlgs')); } catch (Exception $e) { if (Configure::read('debug')) { throw $e; } return ["FAILURE"]; } if ($token->id == 'server') { return ["SUCCESS", ["authid" => $token->id]]; } $fields = Configure::read('Websockets.fields'); $table = TableRegistry::get(Configure::read('Websockets.userModel')); $conditions = [$table->aliasField($fields['id']) => $token->id]; if (!empty(Configure::read('Websockets.scope'))) { $conditions = array_merge($conditions, Configure::read('Websockets.scope')); } $result = $table->find('all')->where($conditions)->first(); if (empty($result)) { return ["FAILURE"]; } return ["SUCCESS", ["authid" => $result->id]]; }
/** * Initialize config data and properties. * * @param array $config The config data. * @return void */ public function initialize(array $config) { if (!$this->_config['cypherKey']) { $this->config('cypherKey', Security::salt()); } $this->Cookie->configKey($this->config('cookieName'), ['key' => $this->config('cypherKey'), 'expires' => $this->config('period')]); }
/** * Get URL builder instance. * * @return \League\Urls\UrlBuilder URL builder instance. */ public function urlBuilder() { if (!isset($this->_urlBuilder)) { $this->_urlBuilder = UrlBuilderFactory::create(Configure::read('Glide.serverConfig.base_url'), Configure::read('Glide.secureUrls') ? Security::salt() : null); } return $this->_urlBuilder; }
/** * Index Login method API URL /api/login method: POST * @return json response */ public function login() { try { $user = $this->Auth->identify(); if ($user) { $user = $this->Users->get($user['id']); if (!$user) { } } else { throw new UnauthorizedException("Invalid login"); } // Generate user Auth token $authentication = $this->Authentications->newEntity(); $authentication->auth_token = Security::hash($user->id . $user->email, 'sha1', true); $authentication->user_id = $user->id; $authentication->ip = $this->request->clientIp(); $this->Authentications->save($authentication); $this->Auth->setUser($user->toArray()); } catch (UnauthorizedException $e) { throw new UnauthorizedException($e->getMessage(), 401); } $this->set('user', $this->Auth->user()); $this->set('token', $authentication->auth_token); $this->set('_serialize', ['user', 'token']); }
/** * Purge ConnectionManager configs. * * @return void */ public static function tearDownAfterClass() { foreach (self::$datasources as $ds => $configs) { \Cake\Datasource\ConnectionManager::drop($ds); } \Cake\Utility\Security::salt(''); }
/** * Marshalls request data into PHP strings. * * @param mixed $value The value to convert. * @return mixed Converted value. */ public function marshal($value) { if ($value === null) { return $value; } return base64_encode(Security::encrypt($value, Configure::read('Security.key'))); }
function ajax_login() { if ($this->request->is('ajax')) { $email = $this->request->data['email']; $password = Security::hash($this->request->data['password'], 'sha1', true); $user = $this->Users->find()->where(['email' => $email, 'password' => $password, 'status <>' => USER_STATUS_DELETED])->first(); if ($user) { if ($user->status == USER_STATUS_ACTIVE) { $user->auth_token = \Core::randomCode(); // if 'remember me' checked, save cookie /*if(isset($this->request->data['User']['remember'])) { $this->Cookie->write('CookieRemember', $user->auth_token, null, '30 days'); } else { $this->Cookie->delete('CookieRemember'); }*/ if ($this->Users->save($user)) { $this->request->session()->write('Core.Users', $user); $this->ajax['status'] = AJAX_STATUS_SUCCESS; $this->ajax['redirect'] = $this->request->webroot . 'admin/users/index'; } } else { $this->ajax['status'] = AJAX_STATUS_ERROR; $this->ajax['error'] = __('your account has been blocked'); } } else { $this->ajax['status'] = AJAX_STATUS_ERROR; $this->ajax['error'] = __('invalid email or password'); } } }
/** * Callback for Routing.beforeDispatch event. * * @param \Cake\Event\Event $event The event instance. * * @return \Cake\Network\Response Response instance. */ public function beforeDispatch(Event $event) { $request = $event->data['request']; $response = $event->data['response']; $path = urldecode($request->url); if (Configure::read('Glide.secureUrls')) { SignatureFactory::create(Security::salt())->validateRequest('/' . $path, $request->query); } $server = ServerFactory::create(Configure::read('Glide.serverConfig')); $cache = Configure::read('Glide.cache'); if ($cache) { $timestamp = $server->getSource()->getTimestamp($server->getSourcePath($path)); $response->modified($timestamp); if (!$response->checkNotModified($request)) { $response = $server->getImageResponse($path, $request->query); } $response->cache($timestamp, $cache); } else { $response = $server->getImageResponse($path, $request->query); } $headers = Hash::filter((array) Configure::read('Glide.headers')); foreach ($headers as $key => $value) { $response->header($key, $value); } return $response; }
public function setContentsFile() { $this->__contentsFileSettings(); foreach ($this->__contentsFileSettings['fields'] as $field => $field_setting) { $file_info = $this->{$field}; if (!empty($file_info) && array_key_exists('error', $file_info) && $file_info['error'] != UPLOAD_ERR_NO_FILE) { $file_set = ['model' => $this->_registryAlias, 'model_id' => $this->id, 'field_name' => $field, 'file_name' => $file_info['name'], 'file_content_type' => $file_info['type'], 'file_size' => $file_info['size'], 'file_error' => $file_info['error']]; //$file_infoにtmp_nameがいるときはtmpディレクトリへのファイルのコピーを行う if (!empty($file_info['tmp_name'])) { $tmp_file_name = Security::hash(rand() . Time::now()->i18nFormat('YYYY/MM/dd HH:ii:ss') . $file_info['name']); if ($this->__getExt($file_info['name']) !== null) { $tmp_file_name .= '.' . $this->__getExt($file_info['name']); } if (!copy($file_info['tmp_name'], $field_setting['cacheTempDir'] . $tmp_file_name)) { //エラー } $file_set['tmp_file_name'] = $tmp_file_name; } //これを残して次に引き渡したくないので unset($this->{$field}); $this->{'contents_file_' . $field} = $file_set; } } return $this; }
/** * setUp * * @return void */ public function setUp() { parent::setUp(); Security::salt('12345678901234567890123456789012345678901'); $this->controller = new Controller(new Request(), new Response()); $this->controller->loadComponent('Cookie'); $this->controller->loadComponent('Auth'); }
public function beforeSave(Event $event) { $entity = $event->data['entity']; if ($entity->isNew()) { $entity->api_key = Security::hash(Text::uuid()); } return true; }
/** * Test marshalling * * @return void */ public function testMarshal() { $this->assertNull($this->type->marshal(null)); $encrypted = $this->type->marshal('string'); $this->assertSame(128, strlen($encrypted)); $decrypted = Security::decrypt(base64_decode($encrypted), Configure::read('Security.key')); $this->assertSame('string', $decrypted); }
public function token() { $user = $this->Auth->identify(); if (!$user) { throw new UnauthorizedException('Invalid username or password'); } $this->set(['success' => true, 'data' => ['token' => $token = \JWT::encode(['id' => $user['id'], 'exp' => time() + 604800], Security::salt())], '_serialize' => ['success', 'data']]); }
/** * Get the boundary marker * * @return string */ public function boundary() { if ($this->_boundary) { return $this->_boundary; } $this->_boundary = md5(Security::randomBytes(16)); return $this->_boundary; }
/** * Signs the url with a salted hash * * @throws \RuntimeException * @param array $options * @return string */ public function hash($options) { $mediaSalt = Configure::read('Imagine.salt'); if (empty($mediaSalt)) { throw new \RuntimeException(__d('imagine', 'Please configure {0} using {1}', 'Imagine.salt', 'Configure::write(\'Imagine.salt\', \'YOUR-SALT-VALUE\')')); } ksort($options); return urlencode(Security::hash(serialize($options) . $mediaSalt)); }
public function login($provider = null) { if ($provider) { $config = ['path' => Router::url(['action' => 'login']) . '/', 'callback_url' => Router::url(['action' => 'callback']), 'security_salt' => Security::salt(), 'Strategy' => Configure::read('OpauthStrategy')]; $opauth = new \Opauth($config, true); } else { throw new NotFoundException(); } }
public function token() { $user = $this->Auth->identify(); if (!$user) { throw new UnauthorizedException('Invalid username or password'); } $this->set('data', ['user' => $user, 'token' => $token = \JWT::encode(['id' => $user['id'], 'user' => $user, 'exp' => time() + 604800], Security::salt())]); $this->ApiBuilder->execute(); }
/** * Tries to decode, decrypt and unserialize the given token and return the data as an * array * * @param string $token The string token * @return array|false */ public function decryptToken($token) { $tokenData = false; $encrypted = base64_decode($token); if ($encrypted) { $serialized = Security::decrypt($encrypted, Configure::read('Security.cryptKey')); $tokenData = unserialize($serialized); } return $tokenData; }
public function google() { $data = $this->request->input('json_decode'); $user = $this->Users->find('all')->where(['Users.provider' => 'facebook', 'Users.provider_uid' => $data->clientId])->first(); if (!$user) { throw new UnauthorizedException('Invalid username or password'); } $this->Auth->setUser($user); $this->set(['success' => true, 'data' => ['token' => JWT::encode(['sub' => $user['id'], 'exp' => time() + 1800], Security::salt()), 'user_id' => $user['id']], '_serialize' => ['success', 'data']]); }
public function createToken() { $customer = $this->Customers->find('all', ['fields' => ['id', 'email', 'name', 'password'], 'conditions' => ['email' => $this->request->data('email'), 'gym_id' => $this->request->query('gym_id'), 'deleted' => false, 'is_active' => true]])->first(); if (!$customer || !(new DefaultPasswordHasher())->check($this->request->data('password'), $customer->password)) { throw new UnauthorizedException('Invalid username or password'); } $customer->sub = $customer->id; unset($customer->password); $this->set(['message' => ['user' => ['name' => $customer->name], 'token' => JWT::encode($customer->toArray(), Security::salt())]]); $this->set('_serialize', ['message']); }
public function testValueIsAddedToDatabaseWithEncryption() { $value = '555'; $store = MapStore::load('2'); $store->set('access_token', $value); $entity = $this->Model->get(['2', 'access_token']); $dbValue = stream_get_contents($entity->value); $dbValueDecrypted = Security::decrypt($dbValue, Configure::read('Security.key'), Configure::read('Security.salt')); $this->assertNotEquals($value, $dbValue); $this->assertEquals($value, $dbValueDecrypted); }
/** * Setup * * @return void */ public function setUp() { parent::setUp(); Configure::write('App.namespace', 'TestApp'); Security::salt('not-the-default'); DispatcherFactory::add('Routing'); DispatcherFactory::add('ControllerFactory'); $this->object = $this->getObjectForTrait('Cake\\Routing\\RequestActionTrait'); Router::connect('/request_action/:action/*', ['controller' => 'RequestAction']); Router::connect('/tests_apps/:action/*', ['controller' => 'TestsApps']); }
/** * Test initialize method * * @return void */ public function testInitializeException() { $salt = Security::salt(); Security::salt('too small'); try { $this->rememberMeComponent = new RememberMeComponent($this->registry, []); } catch (InvalidArgumentException $ex) { $this->assertEquals('Invalid app salt, app salt must be at least 256 bits (32 bytes) long', $ex->getMessage()); } Security::salt($salt); }
public function login() { $user = $this->Auth->user(); if (!$user) { $this->request->data('id', (string) $this->request->data('id')); if ($this->request->is('put') || $this->request->is('post')) { $user = $this->Auth->identify(); } } if (!$user) { throw new UnauthorizedException('Invalid username or password'); } $this->Auth->setUser($user); $this->set(['_serialize' => ['class' => 'Auth', 'token' => JWT::encode(['sub' => $user['id'], 'exp' => time() + 604800], Security::salt()), 'player' => '/players/' . $user['id']]]); }
/** * setup * * @return void */ public function setUp() { parent::setUp(); $this->request = new Request('posts/index'); Router::setRequestInfo($this->request); $this->response = $this->getMock('Cake\\Network\\Response'); Security::salt('somerandomhaskeysomerandomhaskey'); $this->Registry = new ComponentRegistry(new Controller($this->request, $this->response)); $this->Registry->load('Cookie'); $this->Registry->load('Auth'); $this->auth = new CookieAuthenticate($this->Registry, ['fields' => ['username' => 'user_name', 'password' => 'password'], 'userModel' => 'MultiUsers']); $password = password_hash('password', PASSWORD_DEFAULT); $MultiUsers = TableRegistry::get('MultiUsers'); $MultiUsers->updateAll(['password' => $password], []); }
/** * setup * * @return void */ public function setUp() { parent::setUp(); $this->request = new Request('posts/index'); Router::setRequestInfo($this->request); $this->response = $this->getMock('Cake\\Network\\Response'); Security::salt('Xety-Cake3CookieAuth_Xety-Cake3CookieAuth'); $this->registry = new ComponentRegistry(new Controller($this->request, $this->response)); $this->registry->load('Cookie'); $this->registry->load('Auth'); $this->auth = new CookieAuthenticate($this->registry); $password = password_hash('password', PASSWORD_DEFAULT); $Users = TableRegistry::get('Users'); $Users->updateAll(['password' => $password], []); }
/** * Initialization hook method. * * Use this method to add common initialization code like loading components. * * @return void */ public function initialize() { parent::initialize(); $this->loadComponent('Auth', ['authenticate' => ['ByuApi', 'CasAuth.Cas' => ['hostname' => 'cas.byu.edu', 'uri' => 'cas']]]); $this->loadComponent('AuthUser'); $this->loadComponent('Flash'); if ($this->request->query('debug') && !Configure::read('debug')) { $user = $this->Auth->user(); if (!empty($user['roles']['admin'])) { $this->loadComponent('Cookie'); $this->Cookie->configKey('cake_manual_debug', 'encryption', false); $this->Cookie->write('cake_manual_debug', $user['username'] . 'debug|' . Security::hash($user['username'] . 'debug')); } } }
/** * setUp method * * @return void */ public function setUp() { parent::setUp(); $this->backupUsersConfig = Configure::read('Users'); Router::reload(); Plugin::routes('CakeDC/Users'); Router::connect('/route/*', ['plugin' => 'CakeDC/Users', 'controller' => 'Users', 'action' => 'requestResetPassword']); Security::salt('YJfIxfs2guVoUubWDYhG93b0qyJfIxfs2guwvniR2G0FgaC9mi'); Configure::write('App.namespace', 'Users'); $this->request = $this->getMock('Cake\\Network\\Request', ['is', 'method']); $this->request->expects($this->any())->method('is')->will($this->returnValue(true)); $this->response = $this->getMock('Cake\\Network\\Response', ['stop']); $this->Controller = new Controller($this->request, $this->response); $this->Registry = $this->Controller->components(); $this->Controller->UsersAuth = new UsersAuthComponent($this->Registry); }
public function login() { $user = $this->Auth->identify(); if (!$user) { $this->set(['success' => false, 'message' => __('Invalid email or password'), '_serialize' => ['success', 'message']]); } else { $expire = !is_null(Configure::read('AuthToken.expire')) ? Configure::read('AuthToken.expire') : 3600; $access_token = JWT::encode(['sub' => $user['id'], 'exp' => time() + $expire], Security::salt()); $refresh_token = JWT::encode(['sub' => $user['id'], 'ref' => time()], Security::salt()); $authToken = $this->Users->AuthToken->newEntity(); $authToken->user_id = $user['id']; $authToken->access_token = $access_token; $authToken->refresh_token = $refresh_token; $this->Users->AuthToken->save($authToken); $this->set(['success' => true, 'data' => ['access_token' => $access_token, 'refresh_token' => $refresh_token, 'id' => $user['id'], 'username' => $user['username'], 'email' => $user['email']], '_serialize' => ['success', 'data']]); } }
/** * Attempting to make a password beefer'upper */ public function index() { if ($this->request->is(['post', 'put', 'patch'])) { $userId = $this->request->session()->read('User.id'); $this->loadModel('Users'); $user = $this->Users->get($userId); $input = $this->request->data['input']; $hash1 = Security::hash($input, 'sha512', $user->username); $hash2 = Security::hash($hash1, 'sha512', $user->username . $hash1); $hash3 = Security::hash($hash2, 'sha512', $hash2 . $hash1); $hash4 = Security::hash($hash3, 'sha512', $hash1 . $hash2); $hash5 = Security::hash($hash4, 'sha512', $hash2 . $hash3); $hash6 = Security::hash($hash5, 'sha512', $hash3 . $hash4); $hash7 = Security::hash($hash6, 'sha512', $hash4 . $hash5); $output = $hash7; $this->set(compact('output')); } }