public function testVerifyMd5Hash_KnownUserException() { $prefix = null; $sharedKey = "zaqxswcdevfrbgtnhymjukiloZAQCDEFRBGTNHYMJUKILOPlkjhgfdsapoiuytrewqmnbvcx"; $expectedPlaceInqueue = 7810; $expectedQueueId = "fe070f51-5548-403c-9f0a-2626c15cb81b"; $placeInQueueEncrypted = "3d20e598-0304-474f-87e8-371a34073d3b"; $unixTimestamp = 1360241766; $expectedTimeStamp = new \DateTime("2013-02-07 12:56:06", new \DateTimeZone("UTC")); $expectedCustomerId = "somecust"; $expectedEventId = "someevent"; $expectedOriginalUrl = "http://www.example.com/test.aspx?prop=value"; $urlNoHash = $expectedOriginalUrl . "?" . $prefix . "c=somecust&" . $prefix . "e=someevent&" . $prefix . "q=" . $expectedQueueId . "&" . $prefix . "p=" . $placeInQueueEncrypted . "&" . $prefix . "ts=" . $unixTimestamp . "&" . $prefix . "h="; $expectedHash = "INVALIDHASHxxxxxxxxxxxxxxxxxxxx"; $url = $urlNoHash . $expectedHash; $urlProvider = new MockUrlProvider($url, $expectedOriginalUrl, $expectedQueueId, $placeInQueueEncrypted, (string) $unixTimestamp, $expectedCustomerId, $expectedEventId); try { $knownUser = KnownUserFactory::verifyMd5Hash($sharedKey, $urlProvider, $prefix); } catch (KnownUserException $e) { $this->assertEquals($url, $e->getValidationUrl()); $this->assertEquals($expectedOriginalUrl, $e->getOriginalUrl()); } }
/** * Validate request from Queue * * @param Queue $queue * @param boolean $includeTargetUrl * @param boolean $sslEnabled * @param string $domainAlias * @param string $language * @param string $layoutName * * @throws Opifer\QueueIt\Exception\KnownUserValidationException * @throws Opifer\QueueIt\Exception\ExpiredValidationException * * @return Opifer\QueueIt\Validation\AcceptedConfirmedResult| * Opifer\QueueIt\Validation\EnqueueResult */ private static function validateRequestFromQueue($queue, $includeTargetUrl = null, $sslEnabled = null, $domainAlias = null, $language = null, $layoutName = null) { global $resultProviderFactory; $sessionObject = $resultProviderFactory()->getValidationResult($queue); if ($sessionObject != null) { if ($sessionObject instanceof AcceptedConfirmedResult) { return new AcceptedConfirmedResult($queue, $sessionObject->getKnownUser(), false); } return $sessionObject; } try { $knownUser = KnownUserFactory::verifyMd5Hash(); if ($knownUser == null) { $landingPage = $queue->getLandingPageUrl($includeTargetUrl); if ($landingPage != null) { return new EnqueueResult($queue, $landingPage); } return new EnqueueResult($queue, $queue->GetQueueUrl($includeTargetUrl, $sslEnabled, $domainAlias, $language, $layoutName)); } if ($knownUser->getTimeStamp()->getTimestamp() < time() - 180) { throw new ExpiredValidationException($queue, $knownUser); } $result = new AcceptedConfirmedResult($queue, $knownUser, true); $resultProviderFactory()->setValidationResult($queue, $result); return $result; } catch (InvalidKnownUserUrlException $e) { throw new KnownUserValidationException($e, $queue); } catch (InvalidKnownUserHashException $e) { throw new KnownUserValidationException($e, $queue); } }
/** * Verify MD5 Hash * * @param string $secretKey * @param KnownUserUrlProviderInterface $urlProvider * @param string $queryStringPrefix * * @throws InvalidArgumentException if $secretKey is null * @throws Opifer\QueueIt\Exception\InvalidKnownUserUrlException * @throws Opifer\QueueIt\Exception\KnownUserException * * @return Opifer\QueueIt\Queue\Md5KnownUser */ public static function verifyMd5Hash($secretKey = null, $urlProvider = null, $queryStringPrefix = null) { global $defaultQueryStringPrefix, $defaultSecretKey, $defaultUrlProviderFactory; if ($urlProvider == null) { $urlProvider = $defaultUrlProviderFactory(); } if ($secretKey == null) { $secretKey = $defaultSecretKey; } if ($queryStringPrefix == null) { $queryStringPrefix = $defaultQueryStringPrefix; } if ($secretKey == null) { throw new \InvalidArgumentException("Secret key is null"); } try { if ($urlProvider->getQueueId($queryStringPrefix) == null && $urlProvider->getPlaceInQueue($queryStringPrefix) == null && $urlProvider->getTimeStamp($queryStringPrefix) == null) { return null; } if ($urlProvider->getQueueId($queryStringPrefix) == null || $urlProvider->getPlaceInQueue($queryStringPrefix) == null || $urlProvider->getTimeStamp($queryStringPrefix) == null) { throw new InvalidKnownUserUrlException(); } KnownUserFactory::verifyUrl($urlProvider->getUrl(), $secretKey); return new Md5KnownUser($urlProvider->getQueueId($queryStringPrefix), KnownUserFactory::decryptPlaceInQueue($urlProvider->getPlaceInQueue($queryStringPrefix)), KnownUserFactory::decodeTimestamp($urlProvider->getTimeStamp($queryStringPrefix)), $urlProvider->getCustomerId($queryStringPrefix), $urlProvider->getEventId($queryStringPrefix), KnownUserFactory::decodeRedirectType($urlProvider->getRedirectType($queryStringPrefix)), $urlProvider->getOriginalUrl($queryStringPrefix)); } catch (KnownUserException $e) { $e->setValidationUrl($urlProvider->getUrl()); $e->setOriginalUrl($urlProvider->getOriginalUrl($queryStringPrefix)); throw $e; } }
/** * Generate hash * * @param string $queueId * @param string $originalUrl * @param integer $placeInQueue * @param string $redirectType * @param integer $timestamp * * @return string */ private function generateHash($queueId, $originalUrl, $placeInQueue, $redirectType, $timestamp) { return hash("sha256", $queueId . $originalUrl . $placeInQueue . $redirectType . $timestamp . KnownUserFactory::getSecretKey()); }