From e6df35cd0bed69645d220a0af887765d3d0b45b8 Mon Sep 17 00:00:00 2001 From: xdrm-brackets Date: Tue, 8 Nov 2016 10:05:08 +0100 Subject: [PATCH] Test + cyclic verification --- autoloader.php => al.php | 0 build/api/core/Authentification.php | 61 +++++++++++++---------------- config/modules.json | 4 +- public_html/index.php | 2 +- public_html/test.php | 12 ++++++ 5 files changed, 43 insertions(+), 36 deletions(-) rename autoloader.php => al.php (100%) create mode 100644 public_html/test.php diff --git a/autoloader.php b/al.php similarity index 100% rename from autoloader.php rename to al.php diff --git a/build/api/core/Authentification.php b/build/api/core/Authentification.php index f0c4bc8..1e4aca3 100644 --- a/build/api/core/Authentification.php +++ b/build/api/core/Authentification.php @@ -42,18 +42,23 @@ * */ public static function check(){ + /* (1) Initialisation des permissions */ + if( !isset($GLOBALS['PERM']) ) + $GLOBALS['PERM'] = []; + + /* (1) Gestion de AUTH (authentification) dans HEADER ---------------------------------------------------------*/ - define('__AUTH__', isset($_SERVER['PHP_AUTH_DIGEST']) ? $_SERVER['PHP_AUTH_DIGEST'] : '' ); + define('__TOKEN__', isset($_SERVER['PHP_AUTH_DIGEST']) ? $_SERVER['PHP_AUTH_DIGEST'] : '' ); /* (2) Gestion de AUTH en fonction du token ---------------------------------------------------------*/ - $define('__AUTH__', preg_match('/^[a-f0-9]{64}$/', __AUTH__, $match) ? [$match[0]] : [] ); + define('__TOKEN__', preg_match('/^[a-f0-9]{64}$/', __TOKEN__, $match) ? $match[0] : null ); /* (3) On vérifie l'authentification par BDD ---------------------------------------------------------*/ if( !self::deepCheck() ) - define('__AUTH__', null); + define('__TOKEN__', null); } @@ -74,8 +79,8 @@ =========================================================*/ /* (1) Fetch cyclic-hashing-system -> check files */ $fn = [ - 'hash' => __BUILD__.'/api/hcs/hash', - 'cycle' => __BUILD__.'/api/hcs/cycle' + 'hash' => __BUILD__.'/api/chs/hash', + 'cycle' => __BUILD__.'/api/chs/cycle' ]; if( !is_file($fn['hash']) || !is_file($fn['hash']) ) @@ -90,12 +95,23 @@ if( strlen($fc['hash']) !== 64 || !is_numeric($fc['cycle']) ) return false; + /* (3) Compares content */ + if( __TOKEN__ !== self::secure_hash($fc['hash'], intval($fc['cycle'])) ) + return false; + + /* (4) Stores new content */ + file_put_contents($fn['hash'], __TOKEN__); + file_put_contents($fn['cycle'], intval($fc['cycle'])-1); + + /* (5) Stores permission */ + if( !in_array('cyclic-hash-system', $GLOBALS['PERM']) ) + $GLOBALS['PERM'][] = 'cyclic-hash-system'; - - /* [3] Si pas d'erreur d'authentification, on retourne TRUE + /* [3] Returns true if no error =========================================================*/ return true; + } @@ -110,14 +126,9 @@ * */ public static function permission($module, $expected){ - /* [0] Mise à jour de l'authentification + /* [1] Mise à jour de l'authentification =========================================================*/ - // self::check(); - - - /* [1] Gestion de l'AUTH (authentification) - =========================================================*/ - + self::check(); /* [2] Gestion des permissions @@ -125,27 +136,11 @@ /* (1) Vérification de toutes les permissions requises */ foreach($expected as $permission) // Si il manque au minimum une permission, on retourne FALSE - if( !in_array($permission, $_SESSION['PERM']) ) + if( !in_array($permission, $GLOBALS['PERM']) ) return Error::PermissionError; - /* [3] Vérification que le module est actif pour l'entrepot - =========================================================*/ - - /* (1) On vérifie que le module est actif dans l'entrepot */ - $allowedModule = isset($_SESSION['WAREHOUSE']['modules']) - && is_array($_SESSION['WAREHOUSE']['modules']) - && in_array($module, $_SESSION['WAREHOUSE']['modules']); - - /* (2) On vérifie si le module est un module "Default" */ - $defaultModule = preg_match('/^(\w+)Default$/', $module); - - /* (3) Si aucune autorisation et pas module "Default" */ - if( !$allowedModule && !$defaultModule ) - return Error::DisabledModule; - - - /* [4] Si on a toutes les permissions requises + /* [3] Si on a toutes les permissions requises =========================================================*/ return Error::Success; } @@ -160,7 +155,7 @@ * */ public static function auth(){ - return !is_array(__AUTH_) ? 0 : count(__AUTH_); + return is_null(__AUTH_) ? 0 : 1; } } diff --git a/config/modules.json b/config/modules.json index 330d699..7e46f1a 100755 --- a/config/modules.json +++ b/config/modules.json @@ -3,7 +3,7 @@ "authentification": { "renew": { "description": "Renewal of the cyclic hashing system.", - "permission": ["cyclic-hashing-system"] + "permission": ["cyclic-hash-system"] } }, @@ -11,7 +11,7 @@ "release": { "pull": { "description": "Pulls project from git branch.", - "permissions": ["cyclic-hashing-system"], + "permissions": ["cyclic-hash-system"], "parameters": { "project": { "description": "Project's name.", "type": "varchar(2,30,alphanumeric)" }, "branch": { "description": "Git release branch.", "type": "varchar(2,30,alphanumeric)" } diff --git a/public_html/index.php b/public_html/index.php index d004ff7..bf05fd6 100755 --- a/public_html/index.php +++ b/public_html/index.php @@ -1,6 +1,6 @@