protected function generate(Credentials $credentials, $scope) { $sql = 'SELECT id, name, password FROM fusio_user WHERE name = :name AND status = :status'; $user = $this->connection->fetchAssoc($sql, array('name' => $credentials->getClientId(), 'status' => User::STATUS_ADMINISTRATOR)); if (!empty($user)) { if (password_verify($credentials->getClientSecret(), $user['password'])) { $scopes = ['backend']; // generate access token $expires = new \DateTime(); $expires->add(new \DateInterval('PT1H')); $now = new \DateTime(); $accessToken = hash('sha256', uniqid()); $this->connection->insert('fusio_app_token', ['appId' => App::BACKEND, 'userId' => $user['id'], 'status' => AppToken::STATUS_ACTIVE, 'token' => $accessToken, 'scope' => implode(',', $scopes), 'ip' => isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '127.0.0.1', 'expire' => $expires->format($this->connection->getDatabasePlatform()->getDateTimeFormatString()), 'date' => $now->format($this->connection->getDatabasePlatform()->getDateTimeFormatString())]); $token = new AccessToken(); $token->setAccessToken($accessToken); $token->setTokenType('bearer'); $token->setExpiresIn($expires->getTimestamp()); $token->setScope(implode(',', $scopes)); return $token; } else { throw new ServerErrorException('Invalid password'); } } else { throw new ServerErrorException('Unknown user'); } }
/** * This method tries to figure out whether a user tries to abuse the system. * Every user can insert, update or delete "core.input_limit" records * in the last "core.input_interval" minutes without entering an captcha * After this the user has to solve an captcha * * @return boolean */ public function hasInputExceeded() { if ($this->isAdministrator()) { return false; } $now = new DateTime('NOW', $this->registry['core.default_timezone']); $now->sub(new DateInterval($this->registry['core.input_interval'])); $con = new Condition(); $con->add('userId', '=', $this->id); $con->add('date', '>=', $now->format(DateTime::SQL)); $count = $this->sql->count($this->registry['table.log'], $con); if ($count > $this->registry['core.input_limit']) { $expire = time() - $now->getTimestamp(); $percentage = ceil($count * 100 / ($this->registry['core.input_limit'] * 2)); $expire = $expire - $expire * ($percentage / 100); $lastVerified = isset($_SESSION['captcha_verified']) ? $_SESSION['captcha_verified'] : 0; $diff = time() - $lastVerified; if ($diff > $expire) { return true; } } return false; }
public function onCheckidSetup(SetupRequest $request) { // check whether authenticated if (!$this->isAuthenticated()) { $loginUrl = $this->config['psx_url'] . '/' . $this->config['psx_dispatch'] . 'login'; $selfUrl = new Url($this->base->getSelf()); $values = array_merge($_GET, $_POST); foreach ($values as $key => $value) { $selfUrl->addParam($key, $value); } //$selfUrl->addParam('openid.mode', 'checkid_setup'); //$selfUrl->addParam('openid.ns', self::NS); header('Location: ' . $loginUrl . '?redirect=' . urlencode(strval($selfUrl))); exit; } // check association $sql = <<<SQL SELECT \t`assoc`.`id`, \t`assoc`.`expires`, \t`assoc`.`date` FROM \t{$this->registry['table.openid_assoc']} `assoc` WHERE \t`assoc`.`assocHandle` = ? SQL; $row = $this->sql->getRow($sql, array($request->getAssocHandle())); if (!empty($row)) { // check expire $now = new DateTime('NOW', $this->registry['core.default_timezone']); $expire = (int) $row['expires']; if (time() > $now->getTimestamp() + $expire) { throw new Exception('Association is expired'); } } else { if (!$request->isImmediate()) { // create association $date = new DateTime('NOW', $this->registry['core.default_timezone']); $assocHandle = ProviderAbstract::generateHandle(); $secret = base64_encode(ProviderAbstract::randomBytes(20)); $this->sql->insert($this->registry['table.openid_assoc'], array('assocHandle' => $assocHandle, 'assocType' => 'HMAC-SHA1', 'sessionType' => 'DH-SHA1', 'secret' => $secret, 'expires' => self::EXPIRE, 'date' => $date->format(DateTime::SQL))); // set assoc handle $request->setAssocHandle($assocHandle); } else { throw new Exception('Invalid association'); } } // count connect requests /* $maxCount = 5; $con = new PSX_Sql_Condition(array('userId', '=', $this->user->getId()), array('status', '=', AmunService_Oauth_Record::TEMPORARY)); $count = $this->sql->count($this->registry['table.oauth_request'], $con); if($count > $maxCount) { $conDelete = new PSX_Sql_Condition(); $result = $this->sql->select($this->registry['table.oauth_request'], array('id', 'expire', 'date'), $con, PSX_Sql::SELECT_ALL); foreach($result as $row) { $now = new DateTime('NOW', $this->registry['core.default_timezone']); $date = new DateTime($row['date'], $this->registry['core.default_timezone']); $date->add(new DateInterval($row['expire'])); if($now > $date) { $conDelete->add('id', '=', $row['id'], 'OR'); } } if($conDelete->hasCondition()) { $this->sql->delete($this->registry['table.oauth_request'], $conDelete); } throw new Exception('You can have max ' . $maxCount . ' temporary account connect requests. Each request expires after 30 hour'); } */ // save request params $_SESSION['amun_openid_request'] = $request; // redirect header('Location: ' . $this->config['psx_url'] . '/' . $this->config['psx_dispatch'] . 'login/connect'); exit; }