2019-12-08 16:45:34 -05:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
namespace Friendica\Model\User;
|
|
|
|
|
|
|
|
|
|
use Friendica\App;
|
|
|
|
|
use Friendica\Core\Config\Configuration;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Interacting with the Friendica Cookie of a user
|
|
|
|
|
*/
|
|
|
|
|
class Cookie
|
|
|
|
|
{
|
|
|
|
|
/** @var int Default expire duration in days */
|
|
|
|
|
const DEFAULT_EXPIRE = 7;
|
|
|
|
|
/** @var string The name of the Friendica cookie */
|
|
|
|
|
const NAME = 'Friendica';
|
2019-12-09 16:47:08 -05:00
|
|
|
/** @var string The path of the Friendica cookie */
|
|
|
|
|
const PATH = '/';
|
|
|
|
|
/** @var string The domain name of the Friendica cookie */
|
|
|
|
|
const DOMAIN = '';
|
2019-12-09 17:09:18 -05:00
|
|
|
/** @var bool True, if the cookie should only be accessible through HTTP */
|
2019-12-09 16:47:08 -05:00
|
|
|
const HTTPONLY = true;
|
2019-12-08 16:45:34 -05:00
|
|
|
|
|
|
|
|
/** @var string The remote address of this node */
|
|
|
|
|
private $remoteAddr = '0.0.0.0';
|
|
|
|
|
/** @var bool True, if the connection is ssl enabled */
|
|
|
|
|
private $sslEnabled = false;
|
|
|
|
|
/** @var string The private key of this Friendica node */
|
|
|
|
|
private $sitePrivateKey;
|
|
|
|
|
/** @var int The default cookie lifetime */
|
|
|
|
|
private $lifetime = self::DEFAULT_EXPIRE * 24 * 60 * 60;
|
|
|
|
|
/** @var array The $_COOKIE array */
|
|
|
|
|
private $cookie;
|
|
|
|
|
|
|
|
|
|
public function __construct(Configuration $config, array $server = [], array $cookie = [])
|
|
|
|
|
{
|
|
|
|
|
if (!empty($server['REMOTE_ADDR'])) {
|
|
|
|
|
$this->remoteAddr = $server['REMOTE_ADDR'];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$this->sslEnabled = $config->get('system', 'ssl_policy') === App\BaseURL::SSL_POLICY_FULL;
|
|
|
|
|
$this->sitePrivateKey = $config->get('system', 'site_prvkey');
|
|
|
|
|
|
|
|
|
|
$authCookieDays = $config->get('system', 'auth_cookie_lifetime',
|
|
|
|
|
self::DEFAULT_EXPIRE);
|
|
|
|
|
$this->lifetime = $authCookieDays * 24 * 60 * 60;
|
|
|
|
|
$this->cookie = $cookie;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Checks if the Friendica cookie is set for a user
|
|
|
|
|
*
|
|
|
|
|
* @param string $hash The cookie hash
|
|
|
|
|
* @param string $password The user password
|
|
|
|
|
* @param string $privateKey The private Key of the user
|
|
|
|
|
*
|
|
|
|
|
* @return boolean True, if the cookie is set
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
public function check(string $hash, string $password, string $privateKey)
|
|
|
|
|
{
|
|
|
|
|
return hash_equals(
|
|
|
|
|
$this->getHash($password, $privateKey),
|
|
|
|
|
$hash
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Set the Friendica cookie for a user
|
|
|
|
|
*
|
2019-12-09 17:09:18 -05:00
|
|
|
* @param int $uid The user id
|
|
|
|
|
* @param string $password The user password
|
|
|
|
|
* @param string $privateKey The user private key
|
|
|
|
|
* @param int|null $seconds optional the seconds
|
2019-12-08 16:45:34 -05:00
|
|
|
*
|
|
|
|
|
* @return bool
|
|
|
|
|
*/
|
|
|
|
|
public function set(int $uid, string $password, string $privateKey, int $seconds = null)
|
|
|
|
|
{
|
|
|
|
|
if (!isset($seconds)) {
|
2019-12-09 16:47:08 -05:00
|
|
|
$seconds = $this->lifetime + time();
|
2019-12-08 16:45:34 -05:00
|
|
|
} elseif (isset($seconds) && $seconds != 0) {
|
|
|
|
|
$seconds = $seconds + time();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$value = json_encode([
|
|
|
|
|
'uid' => $uid,
|
|
|
|
|
'hash' => $this->getHash($password, $privateKey),
|
|
|
|
|
'ip' => $this->remoteAddr,
|
|
|
|
|
]);
|
|
|
|
|
|
2019-12-09 16:47:08 -05:00
|
|
|
return $this->setCookie(self::NAME, $value, $seconds, $this->sslEnabled);
|
2019-12-08 16:45:34 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Returns the data of the Friendicas user cookie
|
|
|
|
|
*
|
|
|
|
|
* @return mixed|null The JSON data, null if not set
|
|
|
|
|
*/
|
|
|
|
|
public function getData()
|
|
|
|
|
{
|
|
|
|
|
// When the "Friendica" cookie is set, take the value to authenticate and renew the cookie.
|
|
|
|
|
if (isset($this->cookie[self::NAME])) {
|
|
|
|
|
$data = json_decode($this->cookie[self::NAME]);
|
|
|
|
|
if (!empty($data)) {
|
|
|
|
|
return $data;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Clears the Friendica cookie of this user after leaving the page
|
|
|
|
|
*/
|
|
|
|
|
public function clear()
|
|
|
|
|
{
|
|
|
|
|
// make sure cookie is deleted on browser close, as a security measure
|
2019-12-09 16:47:08 -05:00
|
|
|
return $this->setCookie(self::NAME, '', -3600, $this->sslEnabled);
|
2019-12-08 16:45:34 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Calculate the hash that is needed for the Friendica cookie
|
|
|
|
|
*
|
|
|
|
|
* @param string $password The user password
|
|
|
|
|
* @param string $privateKey The private key of the user
|
|
|
|
|
*
|
|
|
|
|
* @return string Hashed data
|
|
|
|
|
*/
|
|
|
|
|
private function getHash(string $password, string $privateKey)
|
|
|
|
|
{
|
|
|
|
|
return hash_hmac(
|
|
|
|
|
'sha256',
|
|
|
|
|
hash_hmac('sha256', $password, $privateKey),
|
|
|
|
|
$this->sitePrivateKey
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Send a cookie - protected, internal function for test-mocking possibility
|
|
|
|
|
*
|
|
|
|
|
* @link https://php.net/manual/en/function.setcookie.php
|
|
|
|
|
*
|
|
|
|
|
* @param string $name
|
2019-12-09 17:09:18 -05:00
|
|
|
* @param string $value [optional]
|
|
|
|
|
* @param int $expire [optional]
|
|
|
|
|
* @param bool $secure [optional]
|
2019-12-08 16:45:34 -05:00
|
|
|
*
|
|
|
|
|
* @return bool If output exists prior to calling this function,
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
protected function setCookie(string $name, string $value = null, int $expire = null,
|
2019-12-09 16:47:08 -05:00
|
|
|
bool $secure = null)
|
2019-12-08 16:45:34 -05:00
|
|
|
{
|
2019-12-09 16:47:08 -05:00
|
|
|
return setcookie($name, $value, $expire, self::PATH, self::DOMAIN, $secure, self::HTTPONLY);
|
2019-12-08 16:45:34 -05:00
|
|
|
}
|
|
|
|
|
}
|
