Skip to content

Commit f6c1bae

Browse files
JakiboyJakiboy
committed
Update
- Fixed cache validation - Fixed token validation
1 parent 12228dc commit f6c1bae

File tree

5 files changed

+122
-95
lines changed

5 files changed

+122
-95
lines changed

src/AbstractAuthController.php

Lines changed: 9 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -69,32 +69,34 @@ protected function authenticate(AuthenticationInterface $auth, array $args = [])
6969
if ( $this->isPassword($password, $user['password']) ) {
7070

7171
// Check password format
72-
if ( $this->applyFilter('authenticate-strong-password', false) ) {
72+
if ( $this->applyFilter('auth-strong-password', false) ) {
7373
if ( !$this->isStrongPassword($password) ) {
7474
// Authenticate failed
75-
$msg = $this->applyFilter('authenticate-password-message', 'Strong password required');
75+
$msg = $this->applyFilter('auth-password-message', 'Strong password required');
7676
$msg = $this->translate($msg);
7777
$this->setResponse($msg, [], 'warning');
7878
}
7979
}
8080

8181
// Register session
82-
$this->registerSession($this->getAccessExpire());
82+
$this->registerSession(
83+
$this->getAccessExpire()
84+
);
8385

8486
// Check valid session
8587
if ( $this->isValidSession() ) {
8688

8789
if ( $auth->hasSecret($username) ) {
8890
$this->setSession('--verify', $username);
8991
// Authenticate accepted
90-
$msg = $this->applyFilter('authenticate-accepted-message', 'Accepted');
92+
$msg = $this->applyFilter('auth-accepted-message', 'Accepted');
9193
$msg = $this->translate($msg);
9294
$this->setResponse($msg, [], 'accepted', 202);
9395

9496
} else {
9597
$this->setSession($auth->getKey(),$user[$auth->getKey()]);
9698
// Authenticate success
97-
$msg = $this->applyFilter('authenticate-success-message', 'Connected');
99+
$msg = $this->applyFilter('auth-success-message', 'Connected');
98100
$msg = $this->translate($msg);
99101
$this->setResponse($msg);
100102
}
@@ -106,10 +108,10 @@ protected function authenticate(AuthenticationInterface $auth, array $args = [])
106108
}
107109

108110
// Authenticate failed override
109-
$this->doAction('authenticate-failed', $username);
111+
$this->doAction('auth-failed', $username);
110112

111113
// Authenticate failed
112-
$msg = $this->applyFilter('authenticate-error-message', 'Authentication failed');
114+
$msg = $this->applyFilter('auth-error-message', 'Authentication failed');
113115
$msg = $this->translate($msg);
114116
$this->setResponse($msg, [], 'error', 401);
115117
}

src/BackendController.php

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,8 +15,33 @@
1515

1616
namespace FloatPHP\Kernel;
1717

18+
use FloatPHP\Helpers\Connection\User;
19+
use FloatPHP\Helpers\Framework\Debugger;
20+
1821
class BackendController extends BaseController
1922
{
23+
/**
24+
* @inheritdoc
25+
*/
26+
public function __construct(array $content = [])
27+
{
28+
// Init configuration
29+
$this->initConfig();
30+
31+
// Set view global content
32+
$id = (int)$this->getSession('userId');
33+
$content = $this->mergeArray([
34+
[
35+
'user' => (new User)->get($id),
36+
'execution' => Debugger::getExecutionTime()
37+
]
38+
], $content);
39+
$this->setContent($content);
40+
41+
// Allow non-blocking requests
42+
$this->closeSession();
43+
}
44+
2045
/**
2146
* Check whether user (current) has permissions.
2247
*

src/Base.php

Lines changed: 40 additions & 48 deletions
Original file line numberDiff line numberDiff line change
@@ -15,10 +15,7 @@
1515

1616
namespace FloatPHP\Kernel;
1717

18-
use FloatPHP\Helpers\Connection\Transient;
19-
use FloatPHP\Helpers\Filesystem\{
20-
Cache, Translator
21-
};
18+
use FloatPHP\Helpers\Filesystem\Translator;
2219

2320
class Base
2421
{
@@ -31,39 +28,54 @@ class Base
3128
\FloatPHP\Helpers\Framework\inc\TraitAuthenticatable;
3229

3330
/**
34-
* Get token.
35-
*
31+
* Get token (CSRF).
32+
*
3633
* @access protected
37-
* @param string $source
34+
* @param string $action
3835
* @return string
3936
*/
40-
protected function getToken(?string $source = null) : string
37+
protected function getToken(?string $action = null) : string
4138
{
42-
// Init token data
39+
// Set filtered token data
4340
$data = $this->applyFilter('token-data', []);
4441

45-
// Set default token data
46-
$data['source'] = (string)$source;
47-
$data['url'] = $this->getServerCurrentUrl();
48-
$data['ip'] = $this->getServerIp();
42+
// Apply default data
43+
$data = $this->mergeArray([
44+
'action' => (string)$action,
45+
'url' => $this->getServerCurrentUrl(),
46+
'ip' => $this->getServerIp(),
47+
'user' => false
48+
], $data);
49+
50+
$this->startSession();
4951

50-
// Set user token data
52+
// Set authenticated user data
5153
if ( $this->isAuthenticated() ) {
52-
$data['user'] = $this->getSession($this->getSessionId());
54+
$data['user'] = $this->getSession(
55+
$this->getSessionId()
56+
);
57+
}
58+
59+
// Generate session token from data
60+
$token = $this->generateHash($data);
61+
62+
// Get session token data
63+
$session = $this->getSession('--token') ?: [];
64+
65+
// Set session token data
66+
if ( !isset($session[$token])) {
67+
$session[$token] = $data;
68+
$this->setSession('--token', $session);
5369
}
5470

55-
// Save token
56-
$data = $this->serialize($data);
57-
$token = $this->generateToken(10);
58-
$transient = new Transient();
59-
$transient->setTemp($token, $data, $this->getAccessExpire());
71+
$this->closeSession();
6072

6173
return $token;
6274
}
6375

6476
/**
6577
* Get language.
66-
*
78+
*
6779
* @access protected
6880
* @return string
6981
*/
@@ -79,41 +91,21 @@ protected function getLanguage() : string
7991
}
8092

8193
/**
82-
* Translate string, May require quotes escaping.
94+
* Translate string,
95+
* May require quotes escaping.
8396
*
8497
* @access protected
8598
* @param string $string
8699
* @return string
87100
*/
88101
protected function translate(string $string) : string
89102
{
90-
if ( !($length = strlen($string)) ) {
91-
return $string;
103+
if ( $string ) {
104+
$lang = $this->getLanguage();
105+
return (new Translator($lang))->translate($string);
92106
}
93107

94-
$slug = $string;
95-
$this->matchEveryString('/([A-Z])/', $slug, $matches, -1);
96-
97-
foreach ($matches as $upper) {
98-
$slug = $this->replaceString($upper, "{$upper}1-", $slug);
99-
}
100-
101-
$slug = $this->slugify($slug);
102-
$slug = $this->limitString($slug);
103-
104-
Cache::$debug = false;
105-
$cache = new Cache();
106-
$lang = $this->getLanguage();
107-
$key = "i18n-{$lang}-{$length}-{$slug}";
108-
109-
$data = $cache->get($key, $status);
110-
if ( !$status ) {
111-
$translator = new Translator($lang);
112-
$data = $translator->translate($string);
113-
$cache->set($key, $data, 0);
114-
}
115-
116-
return (string)$data;
108+
return $string;
117109
}
118110

119111
/**
@@ -132,7 +124,7 @@ protected function translateArray(array $strings = []) : array
132124
}
133125

134126
/**
135-
* Translate string with variables.
127+
* Translate string with variables,
136128
* May require quotes escaping.
137129
*
138130
* @access public

src/BaseController.php

Lines changed: 47 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,6 @@
1616
namespace FloatPHP\Kernel;
1717

1818
use FloatPHP\Classes\Http\Response;
19-
use FloatPHP\Helpers\Connection\Transient;
2019

2120
class BaseController extends View
2221
{
@@ -109,60 +108,69 @@ protected function addCSS(string $css, string $hook = 'add-css')
109108

110109
/**
111110
* Verify token against request data.
112-
*
111+
*
113112
* @access protected
114113
* @param string $token
115114
* @param string $action
116115
* @param bool
117116
*/
118-
protected function verifyToken(?string $token = null, ?string $source = null)
117+
protected function verifyToken(?string $token = null, ?string $action = null) : bool
119118
{
120-
if ( $token ) {
121-
122-
$transient = new Transient();
123-
$data = (string)$transient->getTemp($token);
124-
$data = $this->unserialize($data);
125-
126-
// Override
127-
$this->doAction('verify-token', $data);
128-
129-
// Verify token data
130-
if ( $data ) {
131-
if ( $this->isValidSession() ) {
132-
if ( isset($data['user']) ) {
133-
if ( $this->getSession($this->getSessionId()) !== $data['user'] ) {
134-
return false;
135-
}
136-
}
137-
}
138-
if ( $source !== $data['source'] ) {
139-
return false;
140-
}
141-
if ( $this->getServerIp() !== $data['ip'] ) {
142-
return false;
143-
}
144-
if ( $this->getServer('http-referer') !== $data['url'] ) {
145-
return false;
146-
}
147-
return true;
119+
// Get token session
120+
$session = $this->getSession('--token') ?: [];
121+
122+
// Get token data
123+
$data = $session[$token] ?? [];
124+
125+
// Apply default data
126+
$data = $this->mergeArray([
127+
'action' => '',
128+
'url' => false,
129+
'ip' => false,
130+
'user' => false
131+
], $data);
132+
133+
// Override verification
134+
$this->doAction('verify-token', $data);
135+
136+
// Verify authenticated user
137+
if ( $this->isAuthenticated() ) {
138+
$user = $this->getSession($this->getSessionId());
139+
if ( $user !== $data['user'] ) {
140+
return false;
148141
}
149142
}
150143

151-
return false;
144+
// Verify action
145+
if ( $action !== $data['action'] ) {
146+
return false;
147+
}
148+
149+
// Verify IP
150+
if ( $this->getServerIp() !== $data['ip'] ) {
151+
return false;
152+
}
153+
154+
// Verify URL
155+
if ( $this->getServer('http-referer') !== $data['url'] ) {
156+
return false;
157+
}
158+
159+
return $this->verifyHash($token, $data);
152160
}
153161

154162
/**
155163
* Verify current request.
156-
*
164+
*
157165
* @access protected
158166
* @param bool $force, Token validation
159167
* @return void
160168
*/
161169
protected function verifyRequest(bool $force = false)
162170
{
163-
$token = $this->applyFilter('verify-request-token', '--token');
164-
$source = $this->applyFilter('verify-request-source', '--source');
165-
$ignore = $this->applyFilter('verify-request-ignore', '--ignore');
171+
$token = (string)$this->applyFilter('verify-request-token', '--token');
172+
$action = (string)$this->applyFilter('verify-request-action', '--action');
173+
$ignore = (string)$this->applyFilter('verify-request-ignore', '--ignore');
166174

167175
if ( $force ) {
168176
if ( !$this->hasRequest($token) ) {
@@ -173,8 +181,8 @@ protected function verifyRequest(bool $force = false)
173181
}
174182

175183
if ( $this->hasRequest($token) ) {
176-
$source = $this->hasRequest($source) ? $this->getRequest($source) : '';
177-
if ( !$this->verifyToken($this->getRequest($token), $source) ) {
184+
$action = $this->hasRequest($action) ? $this->getRequest($action) : '';
185+
if ( !$this->verifyToken($this->getRequest($token), $action) ) {
178186
$msg = $this->applyFilter('invalid-request-token', 'Invalid request token');
179187
$msg = $this->translate($msg);
180188
$this->setResponse($msg, [], 'error', 401);
@@ -205,7 +213,7 @@ protected function sanitizeRequest(bool $verify = true, bool $force = false) : a
205213

206214
if ( !$force ) {
207215
$excepts = $this->mergeArray([
208-
'submit', '--token', '--source', '--ignore'
216+
'submit', '--token', '--action', '--ignore'
209217
], $excepts);
210218
}
211219

src/View.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -149,7 +149,7 @@ protected function getDefaultCallables() : array
149149
'getTimeout' => function() {
150150
return $this->getTimeout();
151151
},
152-
'getToken' => function($source = '') {
152+
'getToken' => function(?string $source = null) {
153153
return $this->getToken($source);
154154
},
155155
'getLanguage' => function() {

0 commit comments

Comments
 (0)