luticate
/
api-auth
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 6 Wiki Activity
Browse Source

token salt validation

tags/0.1.0
Robin Thoni 8 years ago
parent
bc94b2aa6b
commit
adea97451f
4 changed files with 19 additions and 21 deletions
Split View Show Diff Stats
  1. 1
    8
      src/Auth/Business/JwtHelper.php
  2. 6
    2
      src/Auth/Business/LuticateBusiness.php
  3. 12
    2
      src/Auth/Business/LuticateUsersBusiness.php
  4. 0
    9
      src/Auth/DataAccess/LuticateUsersDataAccess.php

+ 1
- 8
src/Auth/Business/JwtHelper.php View File 

@@ -11,7 +11,6 @@ namespace Luticate\Auth\Business;
11 11 
 class JwtHelper
12 12 
 {
13 13 
     const EXPIRATION_KEY =  "expiration_date";
14 
-    const USER_KEY =        "user_id";
15 14
16 15 
     public static function decode($token)
17 16 
     {
 
@@ -26,13 +25,7 @@ class JwtHelper
26 25 
         }
27 26
28 27 
         $expiration_date = array_key_exists(self::EXPIRATION_KEY, $data) ? $data[self::EXPIRATION_KEY] : null;
29 
-        if (!is_numeric($expiration_date))
30 
-            return null;
31 
-        $user_id = array_key_exists(self::USER_KEY, $data) ? $data[self::USER_KEY] : null;
32 
-        if (!is_numeric($user_id))
33 
-            return null;
34 
-
35 
-        if ($expiration_date < time())
28 
+        if (!is_numeric($expiration_date) || $expiration_date < time())
36 29 
             return null;
37 30
38 31 
         return $data;

+ 6
- 2
src/Auth/Business/LuticateBusiness.php View File 

@@ -38,8 +38,12 @@ class LuticateBusiness
38 38 
         if ($token != null && $token != "") {
39 39 
             $data = JwtHelper::decode($token);
40 40 
             if ($data != null) {
41 
-                $user_id = $data[JwtHelper::USER_KEY];
42 
-                self::$_currentUser = LuticateUsersBusiness::getById($user_id);
41 
+                $user_id = $data[LuticateUsersBusiness::KEY_USER_ID];
42 
+                $salt = $data[LuticateUsersBusiness::KEY_SALT];
43 
+                $user = LuticateUsersBusiness::getById($user_id);
44 
+                if ($user->getSalt() == $salt) {
45 
+                    self::$_currentUser = $user;
46 
+                }
43 47 
             }
44 48 
         }
45 49

+ 12
- 2
src/Auth/Business/LuticateUsersBusiness.php View File 

@@ -9,6 +9,9 @@ use Luticate\Auth\DBO\LuticateUsersDbo;
9 9
10 10 
 class LuticateUsersBusiness extends LuBusiness {
11 11
12 
+    const KEY_USER_ID =  "user_id";
13 
+    const KEY_SALT =  "salt";
14 
+
12 15 
     protected static function getDataAccess()
13 16 
     {
14 17 
         return new LuticateUsersDataAccess();
 
@@ -40,9 +43,16 @@ class LuticateUsersBusiness extends LuBusiness {
40 43 
         return $randomString;
41 44 
     }
42 45
46 
+    /**
47 
+     * @param $user LuticateUsersDbo
48 
+     * @return string
49 
+     */
43 50 
     public static function getToken($user)
44 51 
     {
45 
-        return JwtHelper::encode(array(JwtHelper::USER_KEY => $user->getId()));
52 
+        return JwtHelper::encode(array(
53 
+            self::KEY_USER_ID => $user->getId(),
54 
+            self::KEY_SALT => $user->getSalt()
55 
+            ));
46 56 
     }
47 57
48 58 
     public static function login($username, $password)
 
@@ -77,6 +87,6 @@ class LuticateUsersBusiness extends LuBusiness {
77 87 
         $user->setUsername($username);
78 88 
         $user->setSalt(self::getSalt());
79 89
80 
-        return LuticateUsersDataAccess::add($user);
90 
+        return LuticateUsersDataAccess::addId($user);
81 91 
     }
82 92 
 }

+ 0
- 9
src/Auth/DataAccess/LuticateUsersDataAccess.php View File 

@@ -23,13 +23,4 @@ class LuticateUsersDataAccess extends LuDataAccess {
23 23 
             return null;
24 24 
         return $user->toDbo();
25 25 
     }
26 
-
27 
-    /**
28 
-     * @param LuticateUsersDbo $user
29 
-     * @return int
30 
-     */
31 
-    public static function add($user)
32 
-    {
33 
-        return self::addId($user);
34 
-    }
35 26 
 }

Write Preview
Loading…
Cancel
Save