mirror/FreshRSS
0
0
Fork 0
mirror of https://github.com/FreshRSS/FreshRSS.git synced 2025-12-23 21:47:44 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
b1d24fbdb7d1cc948c946295035dad6df550fb7e
FreshRSS/app/Models/FormAuth.php
Alexandre Alapetite b1d24fbdb7 PHPStan 2.0 (#7131) 
* PHPStan 2.0
fix https://github.com/FreshRSS/FreshRSS/issues/6989
https://github.com/phpstan/phpstan/releases/tag/2.0.0
https://github.com/phpstan/phpstan/blob/2.0.x/UPGRADING.md

* More

* More

* Done

* fix i18n CLI

* Restore a PHPStan Next test
For work towards PHPStan Level 10

* 4 more on Level 10

* fix getTagsForEntry

* API at Level 10

* More Level 10

* Finish Minz at Level 10

* Finish CLI at Level 10

* Finish Controllers at Level 10

* More Level 10

* More

* Pass bleedingEdge

* Clean PHPStan options and add TODOs

* Level 10 for main config

* More

* Consitency array vs. list

* Sanitize themes get_infos

* Simplify TagDAO->getTagsForEntries()

* Finish reportAnyTypeWideningInVarTag

* Prepare checkBenevolentUnionTypes and checkImplicitMixed

* Fixes

* Refix

* Another fix

* Casing of __METHOD__ constant
2024-12-27 12:12:49 +01:00

90 lines
3.0 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
class FreshRSS_FormAuth {
public static function checkCredentials(string $username, string $hash, string $nonce, string $challenge): bool {
if (!FreshRSS_user_Controller::checkUsername($username) ||
!ctype_graph($hash) ||
!ctype_graph($challenge) ||
!ctype_alnum($nonce)) {
Minz_Log::debug("Invalid credential parameters: user={$username}, challenge={$challenge}, nonce={$nonce}");
return false;
}
return password_verify($nonce . $hash, $challenge);
}
/** @return list<string> */
public static function getCredentialsFromCookie(): array {
$token = Minz_Session::getLongTermCookie('FreshRSS_login');
if (!ctype_alnum($token)) {
return [];
}
$token_file = DATA_PATH . '/tokens/' . $token . '.txt';
$mtime = @filemtime($token_file) ?: 0;
$limits = FreshRSS_Context::systemConf()->limits;
$cookie_duration = empty($limits['cookie_duration']) ? FreshRSS_Auth::DEFAULT_COOKIE_DURATION : $limits['cookie_duration'];
if ($mtime + $cookie_duration < time()) {
// Token has expired (> cookie_duration) or does not exist.
@unlink($token_file);
return [];
}
$credentials = @file_get_contents($token_file);
if ($credentials !== false && self::renewCookie($token) != false) {
return explode("\t", $credentials, 2);
}
return [];
}
private static function renewCookie(string $token): string|false {
$token_file = DATA_PATH . '/tokens/' . $token . '.txt';
if (touch($token_file)) {
$limits = FreshRSS_Context::systemConf()->limits;
$cookie_duration = empty($limits['cookie_duration']) ? FreshRSS_Auth::DEFAULT_COOKIE_DURATION : $limits['cookie_duration'];
$expire = time() + $cookie_duration;
Minz_Session::setLongTermCookie('FreshRSS_login', $token, $expire);
return $token;
}
return false;
}
public static function makeCookie(string $username, string $password_hash): string|false {
do {
$token = sha1(FreshRSS_Context::systemConf()->salt . $username . uniqid('' . mt_rand(), true));
$token_file = DATA_PATH . '/tokens/' . $token . '.txt';
} while (file_exists($token_file));
if (@file_put_contents($token_file, $username . "\t" . $password_hash) === false) {
return false;
}
return self::renewCookie($token);
}
public static function deleteCookie(): void {
$token = Minz_Session::getLongTermCookie('FreshRSS_login');
if (ctype_alnum($token)) {
Minz_Session::deleteLongTermCookie('FreshRSS_login');
@unlink(DATA_PATH . '/tokens/' . $token . '.txt');
}
if (rand(0, 10) === 1) {
self::purgeTokens();
}
}
public static function purgeTokens(): void {
$limits = FreshRSS_Context::systemConf()->limits;
$cookie_duration = empty($limits['cookie_duration']) ? FreshRSS_Auth::DEFAULT_COOKIE_DURATION : $limits['cookie_duration'];
$oldest = time() - $cookie_duration;
foreach (new DirectoryIterator(DATA_PATH . '/tokens/') as $file_info) {
$extension = $file_info->getExtension();
if ($extension === 'txt' && $file_info->getMTime() < $oldest) {
@unlink($file_info->getPathname());
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink