reject empty token on isValid & check + fix missing headers
This commit is contained in:
parent
6b0f2a350d
commit
81f3103ee0
|
@ -52,9 +52,9 @@ class Authenticator
|
||||||
* @param Pluie\Auth\Token $token
|
* @param Pluie\Auth\Token $token
|
||||||
* @return bool
|
* @return bool
|
||||||
*/
|
*/
|
||||||
public function isValid(Token $token)
|
public function isValid(Token $token = null)
|
||||||
{
|
{
|
||||||
return $token->getType() == $this->config['type'] && $this->checkObfuscatePart($token);
|
return !is_null($token) && $token->getType() == $this->config['type'] && $this->checkObfuscatePart($token);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*!
|
/*!
|
||||||
|
@ -153,9 +153,9 @@ class Authenticator
|
||||||
* @param str $login
|
* @param str $login
|
||||||
* @return bool
|
* @return bool
|
||||||
*/
|
*/
|
||||||
public function check(Token $token, $login)
|
public function check(Token $token = null, $login = '')
|
||||||
{
|
{
|
||||||
return !is_null($token) && $this->deobfuscate($token->getValue()) == $this->sign($token->getDate(), $login, $token->getIdent());
|
return !is_null($token) && !empty($login) && $this->deobfuscate($token->getValue()) == $this->sign($token->getDate(), $login, $token->getIdent());
|
||||||
}
|
}
|
||||||
|
|
||||||
/*!
|
/*!
|
||||||
|
@ -220,8 +220,9 @@ class Authenticator
|
||||||
if (is_null($headers)) {
|
if (is_null($headers)) {
|
||||||
$headers = apache_request_headers();
|
$headers = apache_request_headers();
|
||||||
}
|
}
|
||||||
$tokenValue = $headers[$this->config['header']['auth']] ?: '';
|
if (isset($headers[$this->config['header']['auth']]) && isset($headers[$this->config['header']['ident']])) {
|
||||||
$ident = $headers[$this->config['header']['ident']] ?: '';
|
$tokenValue = $headers[$this->config['header']['auth']];
|
||||||
|
$ident = $headers[$this->config['header']['ident']];
|
||||||
if (preg_match('/(?P<type>[a-z\d]+) (?P<date>\d{'.self::DATE_LENGTH.'})(?P<id>[a-z\d]+)/i', $tokenValue, $rs)) {
|
if (preg_match('/(?P<type>[a-z\d]+) (?P<date>\d{'.self::DATE_LENGTH.'})(?P<id>[a-z\d]+)/i', $tokenValue, $rs)) {
|
||||||
$date = Tool::formatDate($rs['date'], self::DATE_FORMAT, Tool::TIMESTAMP_SQLDATETIME);
|
$date = Tool::formatDate($rs['date'], self::DATE_FORMAT, Tool::TIMESTAMP_SQLDATETIME);
|
||||||
$tokenValue = substr($rs['id'], 0, -$this->config['hash']['noise.length']);
|
$tokenValue = substr($rs['id'], 0, -$this->config['hash']['noise.length']);
|
||||||
|
@ -229,6 +230,10 @@ class Authenticator
|
||||||
$token = new Token($rs['type'], $ident, $date, $tokenValue, $noise);
|
$token = new Token($rs['type'], $ident, $date, $tokenValue, $noise);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
else {
|
||||||
|
throw new \Exception('missing required headers');
|
||||||
|
}
|
||||||
|
}
|
||||||
catch(\Exception $e) {
|
catch(\Exception $e) {
|
||||||
throw new AuthenticateException("invalid authentication protocol : ".$e->getMessage());
|
throw new AuthenticateException("invalid authentication protocol : ".$e->getMessage());
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user