From 493325537c168a09c850021d14e0c27d9f1a2a82 Mon Sep 17 00:00:00 2001
From: xdrm-brackets <doowap31@gmail.com>
Date: Thu, 7 Jul 2016 17:59:31 +0200
Subject: [PATCH] Gestion sha256 + Gestion 'hashChain' pour le 'token de
 synchronisation' des machines + Correction des 'view' : 'machines' et 'users'

---
 config/modules.json                        | 13 +++++++
 config/repositories.json                   |  2 +
 index.php                                  |  7 ++++
 manager/Authentification.php               |  6 +--
 manager/Checker.php                        |  2 +-
 manager/autoloader.php                     |  6 ---
 manager/module/authentificationDefault.php |  4 +-
 manager/module/machineDefault.php          | 22 +++++++++++
 manager/module/userDefault.php             |  4 +-
 manager/repo/admin.php                     |  6 +--
 manager/repo/machine.php                   | 44 +++++++++++++++++++++-
 manager/repo/warehouse.php                 |  6 +--
 manager/sessionManager.php                 |  4 +-
 phpunit/tests/Database_check.php           |  4 +-
 phpunit/tests/sessionManager.php           |  2 +-
 test/testHashChain.php                     |  9 +++--
 view/machines.php                          | 12 +++++-
 view/users.php                             | 12 +++++-
 18 files changed, 131 insertions(+), 34 deletions(-)

diff --git a/config/modules.json b/config/modules.json
index 40148c1..1645330 100755
--- a/config/modules.json
+++ b/config/modules.json
@@ -223,6 +223,19 @@
 
 
 	"machineDefault": {
+
+		"sync": {
+			"description": "Synchronisation d'une machine.",
+			"permissions": [],
+			"parameters": {
+				"token": { "description": "Code d'accès évolutif dynamique.", "type": "hash" },
+				"data":  { "description": "Données (dépendent des modules).", "type": "array<mixed>" }
+			},
+			"output": {
+				"data": { "description": "Données (dépendent des modules).", "type": "array<mixed>" }
+			}
+		},
+
 		"create": {
 			"description": "Création d'une nouvelle machine.",
 			"permissions": ["warehouse", "admin"],
diff --git a/config/repositories.json b/config/repositories.json
index e5baa81..bbe38f1 100755
--- a/config/repositories.json
+++ b/config/repositories.json
@@ -25,6 +25,8 @@
 		"getByCode",
 		"getByName",
 
+		"checkToken",
+
 		"search",
 
 		"getClusters"
diff --git a/index.php b/index.php
index b45f953..0c34935 100755
--- a/index.php
+++ b/index.php
@@ -23,6 +23,13 @@
 
 
 
+	/* [3] Gestion des authentifications et des droits
+	=========================================================*/
+	\manager\Authentification::check();
+
+
+
+
 
 
 
diff --git a/manager/Authentification.php b/manager/Authentification.php
index 3789def..d01f50c 100644
--- a/manager/Authentification.php
+++ b/manager/Authentification.php
@@ -44,11 +44,11 @@
 			/* (3) Gestion de AUTH en fonction des tokens
 			---------------------------------------------------------*/
 			/* (1) Double authentification */
-			if( preg_match('/^([a-f0-9]{40})([a-f0-9]{40})$/', $AUTH, $match) )
+			if( preg_match('/^([a-f0-9]{64})([a-f0-9]{64})$/', $AUTH, $match) )
 				$_SESSION['AUTH'] = [ $match[1], $match[2] ];
 
 			/* (2) Authentification unique */
-			else if( preg_match('/^[a-f0-9]{40}$/', $AUTH, $match) )
+			else if( preg_match('/^[a-f0-9]{64}$/', $AUTH, $match) )
 				$_SESSION['AUTH'] = [ $match[0] ];
 
 			/* (3) Aucune authentification */
@@ -143,7 +143,7 @@
 		public static function permission($expected){
 			/* [0] Mise à jour de l'authentification
 			=========================================================*/
-			self::check();
+			// self::check();
 
 
 			/* [1] Gestion de l'AUTH (authentification)
diff --git a/manager/Checker.php b/manager/Checker.php
index 64b5f53..1a7b85f 100644
--- a/manager/Checker.php
+++ b/manager/Checker.php
@@ -97,7 +97,7 @@
 
 				// Hash sha1/md5
 				case 'hash':
-					return $checker && is_string($value) && preg_match('/^[\da-f]{40}$/i', $value);
+					return $checker && is_string($value) && preg_match('/^[\da-f]+$/i', $value) && (strlen($value) == 40 || strlen($value) == 64);
 					break;
 
 				case 'alphanumeric':
diff --git a/manager/autoloader.php b/manager/autoloader.php
index 74e74a2..2f4a3c0 100755
--- a/manager/autoloader.php
+++ b/manager/autoloader.php
@@ -74,10 +74,4 @@
 	=========================================================*/
 	\manager\sessionManager::session_start();
 
-
-
-	/* [3] Gestion des authentifications et des droits
-	=========================================================*/
-	\manager\Authentification::check();
-
 ?>
diff --git a/manager/module/authentificationDefault.php b/manager/module/authentificationDefault.php
index d98d2db..30b280f 100644
--- a/manager/module/authentificationDefault.php
+++ b/manager/module/authentificationDefault.php
@@ -34,7 +34,7 @@
 
 			/* [2] On vérifie le mot de passe
 			=========================================================*/
-			$hash_password = sessionManager::secure_sha1($password);
+			$hash_password = sessionManager::secure_hash($password);
 
 			// Si mot de passe faux, on retourne une erreur
 			if( $nameFetched[0]['password'] != $hash_password )
@@ -80,7 +80,7 @@
 
 			/* [2] On vérifie le mot de passe
 			=========================================================*/
-			$hash_password = sessionManager::secure_sha1($password);
+			$hash_password = sessionManager::secure_hash($password);
 
 			// Si mot de passe faux, on retourne une erreur
 			if( $usernameFetched[0]['password'] != $hash_password )
diff --git a/manager/module/machineDefault.php b/manager/module/machineDefault.php
index 29932d8..75159f6 100755
--- a/manager/module/machineDefault.php
+++ b/manager/module/machineDefault.php
@@ -372,6 +372,28 @@
 
 
 
+		/* SYNCHRONISE UNE MACHINE
+		*
+		* @token<String> 										Token de synchronisation de la machine
+		* @data<Array> 											Données de la synchronisation
+		*
+		* @return data<Array> 									Données de retour de synchronisation
+		*
+		*/
+		public static function sync($params){
+			extract($params);
+
+			$checkToken = new Repo('machine/checkToken', [$token]);
+
+			return [
+					'tokenResult' => $checkToken->answer()
+			];
+
+
+		}
+
+
+
 
 	}
 
diff --git a/manager/module/userDefault.php b/manager/module/userDefault.php
index 6578f0e..df0adec 100755
--- a/manager/module/userDefault.php
+++ b/manager/module/userDefault.php
@@ -28,7 +28,7 @@
 
 			/* [1] Normalisation + verification des donnees
 			=========================================================*/
-			$password_hash = sessionManager::secure_sha1($password);
+			$password_hash = sessionManager::secure_hash($password);
 
 			/* [2] Creation de l'utilisateur
 			=========================================================*/
@@ -343,7 +343,7 @@
 
 			/* [2] Normalisation + verification des donnees
 			=========================================================*/
-			$password_hash = sessionManager::secure_sha1($password);
+			$password_hash = sessionManager::secure_hash($password);
 
 			/* (1) Verification des parametres (si non nul + differents)*/
 			$diff_param = [
diff --git a/manager/repo/admin.php b/manager/repo/admin.php
index 10180fc..d8464cb 100644
--- a/manager/repo/admin.php
+++ b/manager/repo/admin.php
@@ -37,8 +37,8 @@
 			$insert_admin->execute([
 				':username' => $username,
 				':mail'     => $mail,
-				':password' => sessionManager::secure_sha1( $password ),
-				':token'    => sessionManager::secure_sha1( uniqid()  )
+				':password' => sessionManager::secure_hash( $password ),
+				':token'    => sessionManager::secure_hash( uniqid()  )
 			]);
 
 
@@ -79,7 +79,7 @@
 			/* [2] On met à jour le token
 			=========================================================*/
 			/* (1) On crée un nouveau token */
-			$new_token = sessionManager::secure_sha1( uniqid() );
+			$new_token = sessionManager::secure_hash( uniqid() );
 
 			/* (2) On applique le nouveau token */
 			$update_token = Database::getPDO()->prepare("UPDATE admin
diff --git a/manager/repo/machine.php b/manager/repo/machine.php
index 28fa051..8c14f2c 100755
--- a/manager/repo/machine.php
+++ b/manager/repo/machine.php
@@ -2,6 +2,7 @@
 
 	namespace manager\repo;
 	use \manager\Database;
+	use \manager\sessionManager;
 	use \manager\repo\cluster as clusterRepo;
 
 	class machine extends parentRepo{
@@ -66,7 +67,7 @@
 		*/
 		public static function search($id_warehouse, $keyword){
 			// On recupere les donnees
-			$searchmachines = Database::getPDO()->prepare("SELECT * FROM machine
+			$searchmachines = Database::getPDO()->prepare("SELECT id_machine, code, name FROM machine
 				WHERE id_warehouse = :id_warehouse
 				AND   ( code      LIKE '%".$keyword."%'
 					OR  name      LIKE '%".$keyword."%'
@@ -359,6 +360,47 @@
 
 
 
+		/* VERIFIE MET A JOUR LE TOKEN DE SYNCHRONISATION
+		*
+		* @token<String> 										Nouveau token de synchronisation
+		*
+		* @return status<Boolean> 								VRAI si le token est correct, sinon FALSE
+		*
+		*/
+		public static function checkToken($token){
+			/* [1] On vérifie le token
+			=========================================================*/
+			$hash = sessionManager::secure_hash($token);
+
+			$byToken = self::getByToken($hash);
+
+			// Si aucun résultat, erreur
+			if( count($byToken) < 1 )
+				return false;
+
+
+			/* [2] On met à jour le token
+			=========================================================*/
+			$updateToken = Database::getPDO()->prepare("UPDATE machine
+				SET   token      = :token
+				WHERE id_machine = :id_machine");
+			$updateToken->execute([
+				':token'      => $token,
+				':id_machine' => $byToken[0]['id_machine']
+			]);
+
+
+			/* [3] On retourne que tout s'est bien déroulé
+			=========================================================*/
+			return true;
+
+		}
+
+
+
+
+
+
 
 	}
 
diff --git a/manager/repo/warehouse.php b/manager/repo/warehouse.php
index 82f30b9..ffc68fe 100644
--- a/manager/repo/warehouse.php
+++ b/manager/repo/warehouse.php
@@ -33,8 +33,8 @@
 				VALUES(DEFAULT, :name, :password, :token)");
 			$insert_warehouse->execute([
 				':name'      => $name,
-				':password'  => sessionManager::secure_sha1( $password ),
-				':token'     => sessionManager::secure_sha1( uniqid()  )
+				':password'  => sessionManager::secure_hash( $password ),
+				':token'     => sessionManager::secure_hash( uniqid()  )
 			]);
 
 			/* [3] On retourne l'id_warehouse ou FALSE si erreur
@@ -74,7 +74,7 @@
 			/* [2] On met à jour le token
 			=========================================================*/
 			/* (1) On crée un nouveau token */
-			$new_token = sessionManager::secure_sha1( uniqid() );
+			$new_token = sessionManager::secure_hash( uniqid() );
 
 			/* (2) On applique le nouveau token */
 			$update_token = Database::getPDO()->prepare("UPDATE warehouse
diff --git a/manager/sessionManager.php b/manager/sessionManager.php
index 62d0fa3..377ccee 100755
--- a/manager/sessionManager.php
+++ b/manager/sessionManager.php
@@ -11,8 +11,8 @@
 		/*************************/
 		/* SECURE SHA1 ALGORITHM */
 		/*************************/
-		public static function secure_sha1($data){
-			return sha1( '">\[..|{@#))'.sha1($data.'_)Q@#((%*_$%(@#') );
+		public static function secure_hash($data){
+			return hash('sha256', '">\[..|{@#))'.hash('sha256', $data.'_)Q@#((%*_$%(@#') );
 		}
 
 
diff --git a/phpunit/tests/Database_check.php b/phpunit/tests/Database_check.php
index db838b9..a9b8eee 100755
--- a/phpunit/tests/Database_check.php
+++ b/phpunit/tests/Database_check.php
@@ -185,7 +185,7 @@
 		/* [5] Mot de passe
 		=========================================================*/
 		public function testPasswordSizeEqCorrect(){
-			$password_hash = \manager\sessionManager::secure_sha1('monmotdepasse');
+			$password_hash = \manager\sessionManager::secure_hash('monmotdepasse');
 
 			$this->assertEquals( 40, strlen($password_hash) );
 			$this->assertTrue( \manager\Checker::run('user.password', $password_hash) );
@@ -199,7 +199,7 @@
 		}
 
 		public function testPasswordSizeSupIncorrect(){
-			$password_hash = \manager\sessionManager::secure_sha1('monmotdepasse').'a';
+			$password_hash = \manager\sessionManager::secure_hash('monmotdepasse').'a';
 			
 			$this->assertGreaterThan( 40, strlen($password_hash) );
 			$this->assertFalse( \manager\Checker::run('user.password', $password_hash) );
diff --git a/phpunit/tests/sessionManager.php b/phpunit/tests/sessionManager.php
index c5cec2c..d334311 100755
--- a/phpunit/tests/sessionManager.php
+++ b/phpunit/tests/sessionManager.php
@@ -7,7 +7,7 @@
 		=========================================================*/
 		public function testSecureSHA1(){
 			$plain = 'montexteclair';
-			$hash  = \manager\sessionManager::secure_sha1($plain);
+			$hash  = \manager\sessionManager::secure_hash($plain);
 
 			// Verification desuiee
 			$this->assertEquals(40, strlen($hash) );
diff --git a/test/testHashChain.php b/test/testHashChain.php
index f506bd4..cf9f70d 100644
--- a/test/testHashChain.php
+++ b/test/testHashChain.php
@@ -6,18 +6,19 @@
 
 
 
-	$hash   = 'mySecretKey';
+	$hash   = 'password';
 	$hashes = [];
 
 
 
 	for( $i = 0 ; $i < 1000 ; $i++ ){
-		$hash = sessionManager::secure_sha1($hash);
+		$hash = sessionManager::secure_hash($hash);
 
-		if( in_array($hash, $hashes) )
+		if( isset($hashes[$hash]) )
 			var_dump('already');
 
-		$hashes[] = $hash;
+		$hashes[$hash] = null;
+		var_dump($hash);
 	}
 
 
diff --git a/view/machines.php b/view/machines.php
index 5005010..24d04ad 100755
--- a/view/machines.php
+++ b/view/machines.php
@@ -70,8 +70,16 @@
 
 			// Liste des machines
 			foreach( $answer->get('machines') as $machine){
-				$clusters = new Repo('machine/getClusters', array($machine['id_machine']));
-				$clusters = $clusters->answer();
+
+				/* (1) On récupère les groupes de la machine */
+				$clustersReq = new ModuleRequest('machineDefault/getClusters', [
+					'id_machine' => $machine['id_machine']
+				]);
+				$clustersRes = $clustersReq->dispatch();
+
+				/* (2) Gestion si erreur */
+				if( $clustersRes->error == ManagerError::Success ) $clusters = $clustersRes->get('clusters');
+				else                                               $clusters = [];
 
 				echo "<article class='inline-box' id='".$machine['id_machine']."'>";
 					// Nom de la machine
diff --git a/view/users.php b/view/users.php
index e66237c..44f41ad 100755
--- a/view/users.php
+++ b/view/users.php
@@ -72,8 +72,16 @@
 
 			// Liste des utilisateurs
 			foreach( $answer->get('users') as $user){
-				$clusters = new Repo('user/getClusters', [$user['id_user']]);
-				$clusters = $clusters->answer();
+
+				/* (1) On récupère les groupes de la machine */
+				$clustersReq = new ModuleRequest('userDefault/getClusters', [
+					'id_user' => $user['id_user']
+				]);
+				$clustersRes = $clustersReq->dispatch();
+
+				/* (2) Gestion si erreur */
+				if( $clustersRes->error == ManagerError::Success ) $clusters = $clustersRes->get('clusters');
+				else                                               $clusters = [];
 
 				echo "<article class='inline-box' id='".$user['id_user']."'>";