xdrm-brackets
/
prod-releaser.php
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[api\Authentification] management (almost done, module 'authentification/renew' todo)

This commit is contained in:
xdrm-brackets 2016-11-08 10:14:31 +01:00
parent e6df35cd0b
commit 929b4dc7fd
2 changed files with 25 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
build/api/chs/hash Normal file
View File

@ -0,0 +1 @@
52add802518cc5e81705e05f44abb920bc0cbf674bba0166e4c229022f4301bb

47
build/api/core/Authentification.php
View File

@ -42,23 +42,29 @@
* *
*/ */
public static function check(){ public static function check(){
/* (1) Initialisation des permissions */ /* (1) Initialisation des variables
---------------------------------------------------------*/
/* (1) Token de header */
if( !isset($GLOBALS['TOKEN']) )
$GLOBALS['TOKEN'] = null;
/* (1) Liste des permissions */
if( !isset($GLOBALS['PERM']) ) if( !isset($GLOBALS['PERM']) )
$GLOBALS['PERM'] = []; $GLOBALS['PERM'] = [];
/* (1) Gestion de AUTH (authentification) dans HEADER /* (2) Gestion de AUTH (authentification) dans HEADER
---------------------------------------------------------*/ ---------------------------------------------------------*/
define('__TOKEN__', isset($_SERVER['PHP_AUTH_DIGEST']) ? $_SERVER['PHP_AUTH_DIGEST'] : '' ); $GLOBALS['TOKEN'] = isset($_SERVER['PHP_AUTH_DIGEST']) ? $_SERVER['PHP_AUTH_DIGEST'] : '';
/* (2) Gestion de AUTH en fonction du token /* (3) Gestion de AUTH en fonction du token
---------------------------------------------------------*/ ---------------------------------------------------------*/
define('__TOKEN__', preg_match('/^[a-f0-9]{64}$/', __TOKEN__, $match) ? $match[0] : null ); $GLOBALS['TOKEN'] = preg_match('/^[a-f0-9]{64}$/', $GLOBALS['TOKEN'], $match) ? $match[0] : null;
/* (3) On vérifie l'authentification par BDD /* (4) On vérifie l'authentification par BDD
---------------------------------------------------------*/ ---------------------------------------------------------*/
if( !self::deepCheck() ) if( !self::deepCheck() )
define('__TOKEN__', null); $GLOBALS['TOKEN'] = null;
} }
@ -77,31 +83,26 @@
/* [2] Vérification de l'authentification /* [2] Vérification de l'authentification
=========================================================*/ =========================================================*/
/* (1) Fetch cyclic-hashing-system -> check files */ /* (1) Fetch cyclic-hashing-system -> check file */
$fn = [ $fn = __BUILD__.'/api/chs/hash';
'hash' => __BUILD__.'/api/chs/hash',
'cycle' => __BUILD__.'/api/chs/cycle'
];
if( !is_file($fn['hash']) || !is_file($fn['hash']) ) if( !is_file($fn) )
return false; return false;
/* (2) Read files -> check contents */ /* (2) Read file -> check content */
$fc = [ $fc = file_get_contents($fn);
'hash' => file_get_contents($fn['hash']),
'cycle' => file_get_contents($fn['cycle'])
];
if( strlen($fc['hash']) !== 64 || !is_numeric($fc['cycle']) ) if( strlen($fc) !== 64 )
return false; return false;
/* (3) Compares content */ /* (3) Compares content */
if( __TOKEN__ !== self::secure_hash($fc['hash'], intval($fc['cycle'])) ) $hashed = self::secure_hash($fc);
if( strlen($hashed) !== 64 || $GLOBALS['TOKEN'] !== $hashed )
return false; return false;
/* (4) Stores new content */ /* (4) Stores new content */
file_put_contents($fn['hash'], __TOKEN__); file_put_contents($fn, $GLOBALS['TOKEN']);
file_put_contents($fn['cycle'], intval($fc['cycle'])-1);
/* (5) Stores permission */ /* (5) Stores permission */
if( !in_array('cyclic-hash-system', $GLOBALS['PERM']) ) if( !in_array('cyclic-hash-system', $GLOBALS['PERM']) )
@ -155,7 +156,7 @@
* *
*/ */
public static function auth(){ public static function auth(){
return is_null(__AUTH_) ? 0 : 1; return is_null($GLOBALS['TOKEN']) ? 0 : 1;
} }
} }