/** * Check if your recovery access can match with expected recovery access. * * @param RecoveryAccess $yourRecoveryAccess Your recovery access. * @param RecoveryAccess $expectedRecoveryAccess Expected recovery access. * * @return Result */ public function check($yourRecoveryAccess, $expectedRecoveryAccess) { // Check token. if ($yourRecoveryAccess->token !== $expectedRecoveryAccess->token) { return new Result(false, 'token.invalid', ['received' => $yourRecoveryAccess->token, 'expected' => $expectedRecoveryAccess->token]); } // Check timestamp. if ($this->validity !== null) { $validityDelta = $this->validity * 3600; $validityDifference = $yourRecoveryAccess->timestamp - ($expectedRecoveryAccess->timestamp + $validityDelta); if ($validityDifference >= 0) { return new Result(false, 'timestamp.expired', ['received' => $yourRecoveryAccess->timestamp, 'expiredAt' => $expectedRecoveryAccess->timestamp + $validityDelta, 'difference' => $validityDifference]); } } // Check if your recovery access uses the recovery password. if (password_verify($yourRecoveryAccess->password, $expectedRecoveryAccess->getHash())) { return new Result(true, 'success', ['recovered' => true]); } // Check if your recovery access uses the original password (when it is setted). if ($this->originalPassword && password_verify($yourRecoveryAccess->password, $this->originalPassword)) { return new Result(true, 'success', ['recovered' => false]); } // Mark password as incorrect. return new Result(false, 'password.incorrect'); }
/** * Data provider. */ public function dataCheck() { $accessOriginal = new RecoveryAccess('aaabbb', 'token', 0); $accessOriginalRehashed = new RecoveryAccess('aaabbb', 'token', 0); $accessPasswordOne = new RecoveryAccess('123456', 'token', 0); $accessPasswordOneRehashed = new RecoveryAccess('123456', 'token', 0); $accessPasswordOnePrehashed = new RecoveryAccess(null, 'token', 0, $accessPasswordOneRehashed->getHash()); $accessPasswordTwo = new RecoveryAccess('abcdef', 'token', 0); $checkerDefault = new RecoveryCheck(); $checkerDefault->setValidity(24); $checkerDefault->setOriginalPassword($accessOriginal); $checkerWithOriginalPlain = clone $checkerDefault; $checkerWithOriginalPlain->setOriginalPassword('aaabbb'); return [[$checkerDefault, new RecoveryAccess(null, 1), new RecoveryAccess(null, 0), 'token.invalid', ['received' => '1', 'expected' => '0']], [$checkerDefault, new RecoveryAccess(null, 'sameToken', 186401), new RecoveryAccess(null, 'sameToken', 100000), 'timestamp.expired', ['received' => 186401, 'expiredAt' => 186400, 'difference' => 1]], [$checkerDefault, $accessPasswordOne, $accessPasswordTwo, 'password.incorrect'], [$checkerDefault, $accessPasswordOne, $accessPasswordOne, 'success', ['recovered' => true]], [$checkerDefault, $accessPasswordOneRehashed, $accessPasswordOne, 'success', ['recovered' => true]], [$checkerDefault, $accessPasswordOneRehashed, $accessPasswordOnePrehashed, 'success', ['recovered' => true]], [$checkerDefault, $accessOriginalRehashed, $accessPasswordOne, 'success', ['recovered' => false]], [$checkerWithOriginalPlain, $accessOriginalRehashed, $accessPasswordOne, 'success', ['recovered' => false]]]; }
/** * Test getHash method. * * @covers Rentalhost\VanillaRecovery\RecoveryAccess::getHash */ public function testGetHash() { $recoveryAccess = RecoveryAccess::generate(''); static::assertNull($recoveryAccess->getHash()); $recoveryAccess = RecoveryAccess::generate(); static::assertNotNull($recoveryAccess->getHash()); }