jan/miniflux-legacy
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Move generate_token() to Helper namespace

Browse Source
This commit is contained in:
Frederic Guillot 2016-08-17 21:41:14 -04:00
parent 55e4ab882c
commit 8ac08649e8
No known key found for this signature in database
GPG Key ID: 92D77191BA7FBC99
5 changed files with 40 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/helpers.php
View File

@ -3,6 +3,20 @@
namespace Helper; namespace Helper;
function generate_token()
{
if (function_exists('random_bytes')) {
return bin2hex(random_bytes(30));
} elseif (function_exists('openssl_random_pseudo_bytes')) {
return bin2hex(openssl_random_pseudo_bytes(30));
} elseif (ini_get('open_basedir') === '' && strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') {
return hash('sha256', file_get_contents('/dev/urandom', false, null, 0, 30));
}
return hash('sha256', uniqid(mt_rand(), true));
}
function is_secure_connection() function is_secure_connection()
{ {
return ! empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off'; return ! empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off';

24
models/config.php
View File

@ -2,6 +2,7 @@
namespace Model\Config; namespace Model\Config;
use Helper;
use Translator; use Translator;
use DirectoryIterator; use DirectoryIterator;
use SimpleValidator\Validator; use SimpleValidator\Validator;
@ -214,7 +215,7 @@ function generate_csrf()
$_SESSION['csrf'] = array(); $_SESSION['csrf'] = array();
} }
$token = generate_token(); $token = Helper\generate_token();
$_SESSION['csrf'][$token] = true; $_SESSION['csrf'][$token] = true;
return $token; return $token;
@ -242,28 +243,15 @@ function check_csrf($token)
return false; return false;
} }
// Generate a token from /dev/urandom or with uniqid() if open_basedir is enabled
function generate_token()
{
if (function_exists('random_bytes')) {
return bin2hex(random_bytes(30));
} elseif (function_exists('openssl_random_pseudo_bytes')) {
return bin2hex(openssl_random_pseudo_bytes(30));
} elseif (ini_get('open_basedir') === '' && strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') {
return hash('sha256', file_get_contents('/dev/urandom', false, null, 0, 30));
}
return hash('sha256', uniqid(mt_rand(), true));
}
// Regenerate tokens for the API and bookmark feed // Regenerate tokens for the API and bookmark feed
function new_tokens() function new_tokens()
{ {
$values = array( $values = array(
'api_token' => generate_token(), 'api_token' => Helper\generate_token(),
'feed_token' => generate_token(), 'feed_token' => Helper\generate_token(),
'bookmarklet_token' => generate_token(), 'bookmarklet_token' => Helper\generate_token(),
'fever_token' => substr(generate_token(), 0, 8), 'fever_token' => substr(Helper\generate_token(), 0, 8),
); );
return Database::getInstance('db')->hashtable('settings')->put($values); return Database::getInstance('db')->hashtable('settings')->put($values);

7
models/remember_me.php
View File

@ -2,6 +2,7 @@
namespace Model\RememberMe; namespace Model\RememberMe;
use Helper;
use PicoDb\Database; use PicoDb\Database;
use Model\Config; use Model\Config;
use Model\Database as DatabaseModel; use Model\Database as DatabaseModel;
@ -130,8 +131,8 @@ function destroy()
*/ */
function create($dbname, $username, $ip, $user_agent) function create($dbname, $username, $ip, $user_agent)
{ {
$token = hash('sha256', $dbname.$username.$user_agent.$ip.Config\generate_token()); $token = hash('sha256', $dbname.$username.$user_agent.$ip.Helper\generate_token());
$sequence = Config\generate_token(); $sequence = Helper\generate_token();
$expiration = time() + EXPIRATION; $expiration = time() + EXPIRATION;
cleanup(); cleanup();
@ -178,7 +179,7 @@ function cleanup()
*/ */
function update($token) function update($token)
{ {
$new_sequence = Config\generate_token(); $new_sequence = Helper\generate_token();
Database::getInstance('db') Database::getInstance('db')
->table(TABLE) ->table(TABLE)

9
models/schema.php
View File

@ -3,6 +3,7 @@
namespace Schema; namespace Schema;
use PDO; use PDO;
use Helper;
use Model\Config; use Model\Config;
const VERSION = 44; const VERSION = 44;
@ -180,7 +181,7 @@ function version_30(PDO $pdo)
function version_29(PDO $pdo) function version_29(PDO $pdo)
{ {
$pdo->exec('ALTER TABLE config ADD COLUMN fever_token INTEGER DEFAULT "'.substr(Config\generate_token(), 0, 8).'"'); $pdo->exec('ALTER TABLE config ADD COLUMN fever_token INTEGER DEFAULT "'.substr(Helper\generate_token(), 0, 8).'"');
} }
function version_28(PDO $pdo) function version_28(PDO $pdo)
@ -195,7 +196,7 @@ function version_27(PDO $pdo)
function version_26(PDO $pdo) function version_26(PDO $pdo)
{ {
$pdo->exec('ALTER TABLE config ADD COLUMN bookmarklet_token TEXT DEFAULT "'.Config\generate_token().'"'); $pdo->exec('ALTER TABLE config ADD COLUMN bookmarklet_token TEXT DEFAULT "'.Helper\generate_token().'"');
} }
function version_25(PDO $pdo) function version_25(PDO $pdo)
@ -276,7 +277,7 @@ function version_15(PDO $pdo)
function version_14(PDO $pdo) function version_14(PDO $pdo)
{ {
$pdo->exec('ALTER TABLE config ADD COLUMN feed_token TEXT DEFAULT "'.Config\generate_token().'"'); $pdo->exec('ALTER TABLE config ADD COLUMN feed_token TEXT DEFAULT "'.Helper\generate_token().'"');
} }
function version_13(PDO $pdo) function version_13(PDO $pdo)
@ -286,7 +287,7 @@ function version_13(PDO $pdo)
function version_12(PDO $pdo) function version_12(PDO $pdo)
{ {
$pdo->exec('ALTER TABLE config ADD COLUMN api_token TEXT DEFAULT "'.Config\generate_token().'"'); $pdo->exec('ALTER TABLE config ADD COLUMN api_token TEXT DEFAULT "'.Helper\generate_token().'"');
} }
function version_11(PDO $pdo) function version_11(PDO $pdo)

11
tests/unit/HelperTest.php Normal file
View File

@ -0,0 +1,11 @@
<?php
class HelperTest extends PHPUnit_Framework_TestCase
{
public function testGenerateToken()
{
$token1 = Helper\generate_token();
$token2 = Helper\generate_token();
$this->assertNotEquals($token1, $token2);
}
}