/** * Handles authentication requests. * * @return void */ public function authenticate() { $applicationId = $this->request->query('id'); $redirectUrl = $this->_getRedirectUrl(); $timestamp = UniLoginUtil::getFormattedTimestamp(); $user = Configure::read('UniLogin.testProvider.user'); $auth = UniLoginUtil::calculateFingerprint($timestamp, $user); if ($applicationId === Configure::read('UniLogin.testProvider.applicationId')) { $query = ['user' => $user, 'timestamp' => $timestamp, 'auth' => $auth]; $redirectUrl .= '?' . http_build_query($query); } return $this->redirect($redirectUrl); }
/** * Receives auth response and does validation. * * @return void */ public function callback() { $response = $this->request->query; $user = $this->request->query('user'); $timestamp = $this->request->query('timestamp'); $auth = $this->request->query('auth'); if ($user && $timestamp && $auth && UniLoginUtil::hashEquals(UniLoginUtil::calculateFingerprint($timestamp, $user), $auth)) { $response['validated'] = true; } else { $response['validated'] = false; } $completeUrl = Configure::read('UniLogin.application.completeUrl'); $returnUrl = $this->request->query('returnUrl'); if ($returnUrl) { $completeUrl = $returnUrl; } $response['secret'] = Configure::read('UniLogin.application.secret'); return $this->_dispatch($completeUrl, $response); }
/** * Tests `UniLoginUtil::validateFingerprint`. * * @return void */ public function testValidateFingerprint() { // Good timestamp $timestamp = time(); $formattedTimestamp = UniLoginUtil::getFormattedTimestamp($timestamp); $user = '******'; $fingerprint = UniLoginUtil::calculateFingerprint($formattedTimestamp, $user); $result = UniLoginUtil::validateFingerprint($formattedTimestamp, $user, $fingerprint); $this->assertTrue($result); // Timestamp in the future $timestamp = strtotime('+5 minutes'); $formattedTimestamp = UniLoginUtil::getFormattedTimestamp($timestamp); $user = '******'; $fingerprint = UniLoginUtil::calculateFingerprint($formattedTimestamp, $user); $result = UniLoginUtil::validateFingerprint($formattedTimestamp, $user, $fingerprint); $this->assertFalse($result); // Timestamp in the past within 1 minute $timestamp = strtotime('-30 seconds'); $formattedTimestamp = UniLoginUtil::getFormattedTimestamp($timestamp); $user = '******'; $fingerprint = UniLoginUtil::calculateFingerprint($formattedTimestamp, $user); $result = UniLoginUtil::validateFingerprint($formattedTimestamp, $user, $fingerprint); $this->assertTrue($result); // Timestamp in the past more than 1 minute ago $timestamp = strtotime('-2 minutes'); $formattedTimestamp = UniLoginUtil::getFormattedTimestamp($timestamp); $user = '******'; $fingerprint = UniLoginUtil::calculateFingerprint($formattedTimestamp, $user); $result = UniLoginUtil::validateFingerprint($formattedTimestamp, $user, $fingerprint); $this->assertFalse($result); }