From ff314a495083d1e6d959c3035b8308459e05b456 Mon Sep 17 00:00:00 2001 From: xdrm-brackets Date: Thu, 7 Jul 2016 17:59:31 +0200 Subject: [PATCH] Gestion sha256 + Gestion 'hashChain' pour le 'token de synchronisation' des machines + Correction des 'view' : 'machines' et 'users' --- config/modules.json | 13 +++++++ config/repositories.json | 2 + index.php | 7 ++++ manager/Authentification.php | 6 +-- manager/Checker.php | 2 +- manager/autoloader.php | 6 --- manager/module/authentificationDefault.php | 4 +- manager/module/machineDefault.php | 22 +++++++++++ manager/module/userDefault.php | 4 +- manager/repo/admin.php | 6 +-- manager/repo/machine.php | 44 +++++++++++++++++++++- manager/repo/warehouse.php | 6 +-- manager/sessionManager.php | 4 +- phpunit/tests/Database_check.php | 4 +- phpunit/tests/sessionManager.php | 2 +- test/testHashChain.php | 9 +++-- view/machines.php | 12 +++++- view/users.php | 12 +++++- 18 files changed, 131 insertions(+), 34 deletions(-) diff --git a/config/modules.json b/config/modules.json index 40148c1..1645330 100755 --- a/config/modules.json +++ b/config/modules.json @@ -223,6 +223,19 @@ "machineDefault": { + + "sync": { + "description": "Synchronisation d'une machine.", + "permissions": [], + "parameters": { + "token": { "description": "Code d'accès évolutif dynamique.", "type": "hash" }, + "data": { "description": "Données (dépendent des modules).", "type": "array" } + }, + "output": { + "data": { "description": "Données (dépendent des modules).", "type": "array" } + } + }, + "create": { "description": "Création d'une nouvelle machine.", "permissions": ["warehouse", "admin"], diff --git a/config/repositories.json b/config/repositories.json index e5baa81..bbe38f1 100755 --- a/config/repositories.json +++ b/config/repositories.json @@ -25,6 +25,8 @@ "getByCode", "getByName", + "checkToken", + "search", "getClusters" diff --git a/index.php b/index.php index b45f953..0c34935 100755 --- a/index.php +++ b/index.php @@ -23,6 +23,13 @@ + /* [3] Gestion des authentifications et des droits + =========================================================*/ + \manager\Authentification::check(); + + + + diff --git a/manager/Authentification.php b/manager/Authentification.php index 3789def..d01f50c 100644 --- a/manager/Authentification.php +++ b/manager/Authentification.php @@ -44,11 +44,11 @@ /* (3) Gestion de AUTH en fonction des tokens ---------------------------------------------------------*/ /* (1) Double authentification */ - if( preg_match('/^([a-f0-9]{40})([a-f0-9]{40})$/', $AUTH, $match) ) + if( preg_match('/^([a-f0-9]{64})([a-f0-9]{64})$/', $AUTH, $match) ) $_SESSION['AUTH'] = [ $match[1], $match[2] ]; /* (2) Authentification unique */ - else if( preg_match('/^[a-f0-9]{40}$/', $AUTH, $match) ) + else if( preg_match('/^[a-f0-9]{64}$/', $AUTH, $match) ) $_SESSION['AUTH'] = [ $match[0] ]; /* (3) Aucune authentification */ @@ -143,7 +143,7 @@ public static function permission($expected){ /* [0] Mise à jour de l'authentification =========================================================*/ - self::check(); + // self::check(); /* [1] Gestion de l'AUTH (authentification) diff --git a/manager/Checker.php b/manager/Checker.php index 64b5f53..1a7b85f 100644 --- a/manager/Checker.php +++ b/manager/Checker.php @@ -97,7 +97,7 @@ // Hash sha1/md5 case 'hash': - return $checker && is_string($value) && preg_match('/^[\da-f]{40}$/i', $value); + return $checker && is_string($value) && preg_match('/^[\da-f]+$/i', $value) && (strlen($value) == 40 || strlen($value) == 64); break; case 'alphanumeric': diff --git a/manager/autoloader.php b/manager/autoloader.php index 74e74a2..2f4a3c0 100755 --- a/manager/autoloader.php +++ b/manager/autoloader.php @@ -74,10 +74,4 @@ =========================================================*/ \manager\sessionManager::session_start(); - - - /* [3] Gestion des authentifications et des droits - =========================================================*/ - \manager\Authentification::check(); - ?> diff --git a/manager/module/authentificationDefault.php b/manager/module/authentificationDefault.php index d98d2db..30b280f 100644 --- a/manager/module/authentificationDefault.php +++ b/manager/module/authentificationDefault.php @@ -34,7 +34,7 @@ /* [2] On vérifie le mot de passe =========================================================*/ - $hash_password = sessionManager::secure_sha1($password); + $hash_password = sessionManager::secure_hash($password); // Si mot de passe faux, on retourne une erreur if( $nameFetched[0]['password'] != $hash_password ) @@ -80,7 +80,7 @@ /* [2] On vérifie le mot de passe =========================================================*/ - $hash_password = sessionManager::secure_sha1($password); + $hash_password = sessionManager::secure_hash($password); // Si mot de passe faux, on retourne une erreur if( $usernameFetched[0]['password'] != $hash_password ) diff --git a/manager/module/machineDefault.php b/manager/module/machineDefault.php index 29932d8..75159f6 100755 --- a/manager/module/machineDefault.php +++ b/manager/module/machineDefault.php @@ -372,6 +372,28 @@ + /* SYNCHRONISE UNE MACHINE + * + * @token Token de synchronisation de la machine + * @data Données de la synchronisation + * + * @return data Données de retour de synchronisation + * + */ + public static function sync($params){ + extract($params); + + $checkToken = new Repo('machine/checkToken', [$token]); + + return [ + 'tokenResult' => $checkToken->answer() + ]; + + + } + + + } diff --git a/manager/module/userDefault.php b/manager/module/userDefault.php index 6578f0e..df0adec 100755 --- a/manager/module/userDefault.php +++ b/manager/module/userDefault.php @@ -28,7 +28,7 @@ /* [1] Normalisation + verification des donnees =========================================================*/ - $password_hash = sessionManager::secure_sha1($password); + $password_hash = sessionManager::secure_hash($password); /* [2] Creation de l'utilisateur =========================================================*/ @@ -343,7 +343,7 @@ /* [2] Normalisation + verification des donnees =========================================================*/ - $password_hash = sessionManager::secure_sha1($password); + $password_hash = sessionManager::secure_hash($password); /* (1) Verification des parametres (si non nul + differents)*/ $diff_param = [ diff --git a/manager/repo/admin.php b/manager/repo/admin.php index 10180fc..d8464cb 100644 --- a/manager/repo/admin.php +++ b/manager/repo/admin.php @@ -37,8 +37,8 @@ $insert_admin->execute([ ':username' => $username, ':mail' => $mail, - ':password' => sessionManager::secure_sha1( $password ), - ':token' => sessionManager::secure_sha1( uniqid() ) + ':password' => sessionManager::secure_hash( $password ), + ':token' => sessionManager::secure_hash( uniqid() ) ]); @@ -79,7 +79,7 @@ /* [2] On met à jour le token =========================================================*/ /* (1) On crée un nouveau token */ - $new_token = sessionManager::secure_sha1( uniqid() ); + $new_token = sessionManager::secure_hash( uniqid() ); /* (2) On applique le nouveau token */ $update_token = Database::getPDO()->prepare("UPDATE admin diff --git a/manager/repo/machine.php b/manager/repo/machine.php index 28fa051..8c14f2c 100755 --- a/manager/repo/machine.php +++ b/manager/repo/machine.php @@ -2,6 +2,7 @@ namespace manager\repo; use \manager\Database; + use \manager\sessionManager; use \manager\repo\cluster as clusterRepo; class machine extends parentRepo{ @@ -66,7 +67,7 @@ */ public static function search($id_warehouse, $keyword){ // On recupere les donnees - $searchmachines = Database::getPDO()->prepare("SELECT * FROM machine + $searchmachines = Database::getPDO()->prepare("SELECT id_machine, code, name FROM machine WHERE id_warehouse = :id_warehouse AND ( code LIKE '%".$keyword."%' OR name LIKE '%".$keyword."%' @@ -359,6 +360,47 @@ + /* VERIFIE MET A JOUR LE TOKEN DE SYNCHRONISATION + * + * @token Nouveau token de synchronisation + * + * @return status VRAI si le token est correct, sinon FALSE + * + */ + public static function checkToken($token){ + /* [1] On vérifie le token + =========================================================*/ + $hash = sessionManager::secure_hash($token); + + $byToken = self::getByToken($hash); + + // Si aucun résultat, erreur + if( count($byToken) < 1 ) + return false; + + + /* [2] On met à jour le token + =========================================================*/ + $updateToken = Database::getPDO()->prepare("UPDATE machine + SET token = :token + WHERE id_machine = :id_machine"); + $updateToken->execute([ + ':token' => $token, + ':id_machine' => $byToken[0]['id_machine'] + ]); + + + /* [3] On retourne que tout s'est bien déroulé + =========================================================*/ + return true; + + } + + + + + + } diff --git a/manager/repo/warehouse.php b/manager/repo/warehouse.php index 82f30b9..ffc68fe 100644 --- a/manager/repo/warehouse.php +++ b/manager/repo/warehouse.php @@ -33,8 +33,8 @@ VALUES(DEFAULT, :name, :password, :token)"); $insert_warehouse->execute([ ':name' => $name, - ':password' => sessionManager::secure_sha1( $password ), - ':token' => sessionManager::secure_sha1( uniqid() ) + ':password' => sessionManager::secure_hash( $password ), + ':token' => sessionManager::secure_hash( uniqid() ) ]); /* [3] On retourne l'id_warehouse ou FALSE si erreur @@ -74,7 +74,7 @@ /* [2] On met à jour le token =========================================================*/ /* (1) On crée un nouveau token */ - $new_token = sessionManager::secure_sha1( uniqid() ); + $new_token = sessionManager::secure_hash( uniqid() ); /* (2) On applique le nouveau token */ $update_token = Database::getPDO()->prepare("UPDATE warehouse diff --git a/manager/sessionManager.php b/manager/sessionManager.php index 62d0fa3..377ccee 100755 --- a/manager/sessionManager.php +++ b/manager/sessionManager.php @@ -11,8 +11,8 @@ /*************************/ /* SECURE SHA1 ALGORITHM */ /*************************/ - public static function secure_sha1($data){ - return sha1( '">\[..|{@#))'.sha1($data.'_)Q@#((%*_$%(@#') ); + public static function secure_hash($data){ + return hash('sha256', '">\[..|{@#))'.hash('sha256', $data.'_)Q@#((%*_$%(@#') ); } diff --git a/phpunit/tests/Database_check.php b/phpunit/tests/Database_check.php index db838b9..a9b8eee 100755 --- a/phpunit/tests/Database_check.php +++ b/phpunit/tests/Database_check.php @@ -185,7 +185,7 @@ /* [5] Mot de passe =========================================================*/ public function testPasswordSizeEqCorrect(){ - $password_hash = \manager\sessionManager::secure_sha1('monmotdepasse'); + $password_hash = \manager\sessionManager::secure_hash('monmotdepasse'); $this->assertEquals( 40, strlen($password_hash) ); $this->assertTrue( \manager\Checker::run('user.password', $password_hash) ); @@ -199,7 +199,7 @@ } public function testPasswordSizeSupIncorrect(){ - $password_hash = \manager\sessionManager::secure_sha1('monmotdepasse').'a'; + $password_hash = \manager\sessionManager::secure_hash('monmotdepasse').'a'; $this->assertGreaterThan( 40, strlen($password_hash) ); $this->assertFalse( \manager\Checker::run('user.password', $password_hash) ); diff --git a/phpunit/tests/sessionManager.php b/phpunit/tests/sessionManager.php index c5cec2c..d334311 100755 --- a/phpunit/tests/sessionManager.php +++ b/phpunit/tests/sessionManager.php @@ -7,7 +7,7 @@ =========================================================*/ public function testSecureSHA1(){ $plain = 'montexteclair'; - $hash = \manager\sessionManager::secure_sha1($plain); + $hash = \manager\sessionManager::secure_hash($plain); // Verification desuiee $this->assertEquals(40, strlen($hash) ); diff --git a/test/testHashChain.php b/test/testHashChain.php index f506bd4..cf9f70d 100644 --- a/test/testHashChain.php +++ b/test/testHashChain.php @@ -6,18 +6,19 @@ - $hash = 'mySecretKey'; + $hash = 'password'; $hashes = []; for( $i = 0 ; $i < 1000 ; $i++ ){ - $hash = sessionManager::secure_sha1($hash); + $hash = sessionManager::secure_hash($hash); - if( in_array($hash, $hashes) ) + if( isset($hashes[$hash]) ) var_dump('already'); - $hashes[] = $hash; + $hashes[$hash] = null; + var_dump($hash); } diff --git a/view/machines.php b/view/machines.php index 5005010..24d04ad 100755 --- a/view/machines.php +++ b/view/machines.php @@ -70,8 +70,16 @@ // Liste des machines foreach( $answer->get('machines') as $machine){ - $clusters = new Repo('machine/getClusters', array($machine['id_machine'])); - $clusters = $clusters->answer(); + + /* (1) On récupère les groupes de la machine */ + $clustersReq = new ModuleRequest('machineDefault/getClusters', [ + 'id_machine' => $machine['id_machine'] + ]); + $clustersRes = $clustersReq->dispatch(); + + /* (2) Gestion si erreur */ + if( $clustersRes->error == ManagerError::Success ) $clusters = $clustersRes->get('clusters'); + else $clusters = []; echo "
"; // Nom de la machine diff --git a/view/users.php b/view/users.php index e66237c..44f41ad 100755 --- a/view/users.php +++ b/view/users.php @@ -72,8 +72,16 @@ // Liste des utilisateurs foreach( $answer->get('users') as $user){ - $clusters = new Repo('user/getClusters', [$user['id_user']]); - $clusters = $clusters->answer(); + + /* (1) On récupère les groupes de la machine */ + $clustersReq = new ModuleRequest('userDefault/getClusters', [ + 'id_user' => $user['id_user'] + ]); + $clustersRes = $clustersReq->dispatch(); + + /* (2) Gestion si erreur */ + if( $clustersRes->error == ManagerError::Success ) $clusters = $clustersRes->get('clusters'); + else $clusters = []; echo "
";