Test + cyclic verification

This commit is contained in:
xdrm-brackets 2016-11-08 10:05:08 +01:00
parent 90931aa603
commit e6df35cd0b
5 changed files with 43 additions and 36 deletions

View File

@ -42,18 +42,23 @@
* *
*/ */
public static function check(){ public static function check(){
/* (1) Initialisation des permissions */
if( !isset($GLOBALS['PERM']) )
$GLOBALS['PERM'] = [];
/* (1) Gestion de AUTH (authentification) dans HEADER /* (1) Gestion de AUTH (authentification) dans HEADER
---------------------------------------------------------*/ ---------------------------------------------------------*/
define('__AUTH__', isset($_SERVER['PHP_AUTH_DIGEST']) ? $_SERVER['PHP_AUTH_DIGEST'] : '' ); define('__TOKEN__', isset($_SERVER['PHP_AUTH_DIGEST']) ? $_SERVER['PHP_AUTH_DIGEST'] : '' );
/* (2) Gestion de AUTH en fonction du token /* (2) Gestion de AUTH en fonction du token
---------------------------------------------------------*/ ---------------------------------------------------------*/
$define('__AUTH__', preg_match('/^[a-f0-9]{64}$/', __AUTH__, $match) ? [$match[0]] : [] ); define('__TOKEN__', preg_match('/^[a-f0-9]{64}$/', __TOKEN__, $match) ? $match[0] : null );
/* (3) On vérifie l'authentification par BDD /* (3) On vérifie l'authentification par BDD
---------------------------------------------------------*/ ---------------------------------------------------------*/
if( !self::deepCheck() ) if( !self::deepCheck() )
define('__AUTH__', null); define('__TOKEN__', null);
} }
@ -74,8 +79,8 @@
=========================================================*/ =========================================================*/
/* (1) Fetch cyclic-hashing-system -> check files */ /* (1) Fetch cyclic-hashing-system -> check files */
$fn = [ $fn = [
'hash' => __BUILD__.'/api/hcs/hash', 'hash' => __BUILD__.'/api/chs/hash',
'cycle' => __BUILD__.'/api/hcs/cycle' 'cycle' => __BUILD__.'/api/chs/cycle'
]; ];
if( !is_file($fn['hash']) || !is_file($fn['hash']) ) if( !is_file($fn['hash']) || !is_file($fn['hash']) )
@ -90,12 +95,23 @@
if( strlen($fc['hash']) !== 64 || !is_numeric($fc['cycle']) ) if( strlen($fc['hash']) !== 64 || !is_numeric($fc['cycle']) )
return false; return false;
/* (3) Compares content */
if( __TOKEN__ !== self::secure_hash($fc['hash'], intval($fc['cycle'])) )
return false;
/* (4) Stores new content */
file_put_contents($fn['hash'], __TOKEN__);
file_put_contents($fn['cycle'], intval($fc['cycle'])-1);
/* (5) Stores permission */
if( !in_array('cyclic-hash-system', $GLOBALS['PERM']) )
$GLOBALS['PERM'][] = 'cyclic-hash-system';
/* [3] Returns true if no error
/* [3] Si pas d'erreur d'authentification, on retourne TRUE
=========================================================*/ =========================================================*/
return true; return true;
} }
@ -110,14 +126,9 @@
* *
*/ */
public static function permission($module, $expected){ public static function permission($module, $expected){
/* [0] Mise à jour de l'authentification /* [1] Mise à jour de l'authentification
=========================================================*/ =========================================================*/
// self::check(); self::check();
/* [1] Gestion de l'AUTH (authentification)
=========================================================*/
/* [2] Gestion des permissions /* [2] Gestion des permissions
@ -125,27 +136,11 @@
/* (1) Vérification de toutes les permissions requises */ /* (1) Vérification de toutes les permissions requises */
foreach($expected as $permission) foreach($expected as $permission)
// Si il manque au minimum une permission, on retourne FALSE // Si il manque au minimum une permission, on retourne FALSE
if( !in_array($permission, $_SESSION['PERM']) ) if( !in_array($permission, $GLOBALS['PERM']) )
return Error::PermissionError; return Error::PermissionError;
/* [3] Vérification que le module est actif pour l'entrepot /* [3] Si on a toutes les permissions requises
=========================================================*/
/* (1) On vérifie que le module est actif dans l'entrepot */
$allowedModule = isset($_SESSION['WAREHOUSE']['modules'])
&& is_array($_SESSION['WAREHOUSE']['modules'])
&& in_array($module, $_SESSION['WAREHOUSE']['modules']);
/* (2) On vérifie si le module est un module "Default" */
$defaultModule = preg_match('/^(\w+)Default$/', $module);
/* (3) Si aucune autorisation et pas module "Default" */
if( !$allowedModule && !$defaultModule )
return Error::DisabledModule;
/* [4] Si on a toutes les permissions requises
=========================================================*/ =========================================================*/
return Error::Success; return Error::Success;
} }
@ -160,7 +155,7 @@
* *
*/ */
public static function auth(){ public static function auth(){
return !is_array(__AUTH_) ? 0 : count(__AUTH_); return is_null(__AUTH_) ? 0 : 1;
} }
} }

View File

@ -3,7 +3,7 @@
"authentification": { "authentification": {
"renew": { "renew": {
"description": "Renewal of the cyclic hashing system.", "description": "Renewal of the cyclic hashing system.",
"permission": ["cyclic-hashing-system"] "permission": ["cyclic-hash-system"]
} }
}, },
@ -11,7 +11,7 @@
"release": { "release": {
"pull": { "pull": {
"description": "Pulls project from git branch.", "description": "Pulls project from git branch.",
"permissions": ["cyclic-hashing-system"], "permissions": ["cyclic-hash-system"],
"parameters": { "parameters": {
"project": { "description": "Project's name.", "type": "varchar(2,30,alphanumeric)" }, "project": { "description": "Project's name.", "type": "varchar(2,30,alphanumeric)" },
"branch": { "description": "Git release branch.", "type": "varchar(2,30,alphanumeric)" } "branch": { "description": "Git release branch.", "type": "varchar(2,30,alphanumeric)" }

View File

@ -1,6 +1,6 @@
<?php define('__ROOT__', dirname(dirname(__FILE__)) ); <?php define('__ROOT__', dirname(dirname(__FILE__)) );
require_once __ROOT__.'/autoloader.php'; require_once __ROOT__.'/al.php';
use \router\core\Router; use \router\core\Router;
use \api\core\ModuleRequest; use \api\core\ModuleRequest;

12
public_html/test.php Normal file
View File

@ -0,0 +1,12 @@
<?php define('__ROOT__', dirname(dirname(__FILE__)));
require_once __ROOT__.'/al.php';
use api\core\Authentification;
var_dump( $stored=Authentification::secure_hash('some-password', 1000) );
var_dump( $given=Authentification::secure_hash('some-password', 999) );
var_dump( Authentification::secure_hash($given) );
?>