/** * Allows for easy swapping out of nonce generator. * @return string One unique nonce */ private function makeNonce() { do { $nonce = StringUtils::randomString(); } while ($this->nonceExists($nonce)); return $nonce; }
public function testRandomString() { $length = 10; $this->assertEquals(10, strlen(StringUtils::randomString($length))); $this->assertEquals(16, strlen(StringUtils::randomString())); $this->assertInternalType('string', StringUtils::randomString()); $this->assertEquals(1, strlen(StringUtils::randomString(1))); }
/** * Add Directus default user * * @param array $data * @return array */ public static function addDefaultUser($data) { $db = Bootstrap::get('ZendDb'); $tableGateway = new TableGateway('directus_users', $db); $hash = password_hash($data['directus_password'], PASSWORD_DEFAULT, ['cost' => 12]); $data['user_salt'] = StringUtils::randomString(); $data['user_token'] = StringUtils::randomString(32); $data['avatar'] = get_gravatar($data['directus_email']); $tableGateway->insert(['active' => 1, 'first_name' => 'Admin', 'last_name' => 'User', 'email' => $data['directus_email'], 'password' => $hash, 'salt' => $data['user_salt'], 'avatar' => $data['avatar'], 'group' => 1, 'token' => $data['user_token'], 'language' => ArrayUtils::get($data, 'default_language', 'en')]); return $data; }
})->name('auth_permissions'); $app->post("/{$v}/hash/?", function () use($app) { if (!(isset($_POST['password']) && !empty($_POST['password']))) { return JsonView::render(['success' => false, 'message' => __t('hash_must_provide_string')]); } $salt = isset($_POST['salt']) && !empty($_POST['salt']) ? $_POST['salt'] : ''; $hashedPassword = Auth::hashPassword($_POST['password'], $salt); return JsonView::render(['success' => true, 'password' => $hashedPassword]); }); $app->post("/{$v}/random/?", function () use($app) { // default random string length $length = 32; if (array_key_exists('length', $_POST)) { $length = (int) $_POST['length']; } $randomString = StringUtils::randomString($length); return JsonView::render(['random' => $randomString]); }); $app->get("/{$v}/privileges/:groupId(/:tableName)/?", function ($groupId, $tableName = null) use($acl, $ZendDb, $params, $requestPayload, $app) { $currentUser = Auth::getUserRecord(); $myGroupId = $currentUser['group']; if ($myGroupId != 1) { throw new Exception(__t('permission_denied')); } $privileges = new DirectusPrivilegesTableGateway($acl, $ZendDb); $response = $privileges->fetchPerTable($groupId, $tableName); if (!$response) { $app->response()->setStatus(404); $response = ['message' => __t('unable_to_find_privileges_for_x_in_group_x', ['table' => $tableName, 'group_id' => $groupId]), 'success' => false]; } return JsonView::render($response);
/** * After a successful login attempt, registers the user in the session. * @param int $uid The User account's ID. * @return null * @throws \Directus\Auth\UserAlreadyLoggedInException */ private static function completeLogin($uid) { self::prependSessionKey(); if (self::loggedIn()) { throw new UserAlreadyLoggedInException(__t('attempting_to_authenticate_a_user_when_a_user_is_already_authenticated')); } $user = ['id' => $uid, 'access_token' => sha1($uid . StringUtils::randomString())]; $_SESSION[self::$SESSION_KEY] = $user; self::$authenticated = true; }