2015-01-09 09:22:31 +01:00
|
|
|
<?php
|
|
|
|
namespace Framadate\Services;
|
|
|
|
|
2015-10-28 17:30:42 +01:00
|
|
|
use Framadate\Security\PasswordHasher;
|
2018-02-19 00:18:43 +01:00
|
|
|
use Framadate\Security\Token;
|
2015-01-09 09:22:31 +01:00
|
|
|
|
|
|
|
class SecurityService {
|
2021-12-20 17:46:50 +01:00
|
|
|
public function __construct() {
|
2015-01-09 09:22:31 +01:00
|
|
|
}
|
|
|
|
|
2015-01-10 16:35:21 +01:00
|
|
|
/**
|
|
|
|
* Get a CSRF token by name, or (re)create it.
|
|
|
|
*
|
|
|
|
* It creates a new token if :
|
|
|
|
* <ul>
|
|
|
|
* <li>There no token with the given name in session</li>
|
|
|
|
* <li>The token time is in past</li>
|
|
|
|
* </ul>
|
|
|
|
*
|
|
|
|
* @param $tokan_name string The name of the CSRF token
|
2021-12-20 17:46:50 +01:00
|
|
|
* @return string The token
|
2015-01-10 16:35:21 +01:00
|
|
|
*/
|
2021-12-20 17:46:50 +01:00
|
|
|
function getToken(string $tokan_name): string
|
|
|
|
{
|
2015-01-10 16:35:21 +01:00
|
|
|
if (!isset($_SESSION['tokens'])) {
|
|
|
|
$_SESSION['tokens'] = [];
|
|
|
|
}
|
|
|
|
if (!isset($_SESSION['tokens'][$tokan_name]) || $_SESSION['tokens'][$tokan_name]->isGone()) {
|
|
|
|
$_SESSION['tokens'][$tokan_name] = new Token();
|
|
|
|
}
|
|
|
|
|
|
|
|
return $_SESSION['tokens'][$tokan_name]->getValue();
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Check if a given value is corresponding to the token in session.
|
|
|
|
*
|
|
|
|
* @param $tokan_name string Name of the token
|
|
|
|
* @param $csrf string Value to check
|
|
|
|
* @return bool true if the token is well checked
|
|
|
|
*/
|
2021-12-20 17:46:50 +01:00
|
|
|
public function checkCsrf(string $tokan_name, string $csrf): bool
|
|
|
|
{
|
2015-01-10 16:35:21 +01:00
|
|
|
$checked = $_SESSION['tokens'][$tokan_name]->getValue() === $csrf;
|
|
|
|
|
|
|
|
if($checked) {
|
|
|
|
unset($_SESSION['tokens'][$tokan_name]);
|
2015-01-09 09:22:31 +01:00
|
|
|
}
|
|
|
|
|
2015-01-10 16:35:21 +01:00
|
|
|
return $checked;
|
2015-01-09 09:22:31 +01:00
|
|
|
}
|
|
|
|
|
2015-10-28 17:30:42 +01:00
|
|
|
/**
|
|
|
|
* Verify if the current session allows to access given poll.
|
|
|
|
*
|
|
|
|
* @param $poll \stdClass The poll which we seek access
|
|
|
|
* @return bool true if the current session can access this poll
|
|
|
|
*/
|
2021-12-20 17:46:50 +01:00
|
|
|
public function canAccessPoll($poll): bool
|
|
|
|
{
|
2015-10-28 17:30:42 +01:00
|
|
|
if (is_null($poll->password_hash)) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
$this->ensureSessionPollSecurityIsCreated();
|
|
|
|
|
2021-12-20 17:46:50 +01:00
|
|
|
$currentPassword = $_SESSION['poll_security'][$poll->id] ?? null;
|
2015-10-28 17:30:42 +01:00
|
|
|
if (!empty($currentPassword) && PasswordHasher::verify($currentPassword, $poll->password_hash)) {
|
|
|
|
return true;
|
2021-12-20 17:46:50 +01:00
|
|
|
}
|
2015-10-28 17:30:42 +01:00
|
|
|
unset($_SESSION['poll_security'][$poll->id]);
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Submit to the session a poll password
|
|
|
|
*
|
|
|
|
* @param $poll \stdClass The poll which we seek access
|
|
|
|
* @param $password string the password to compare
|
|
|
|
*/
|
2021-12-20 17:46:50 +01:00
|
|
|
public function submitPollAccess($poll, string $password): void
|
|
|
|
{
|
2015-10-28 17:30:42 +01:00
|
|
|
if (!empty($password)) {
|
|
|
|
$this->ensureSessionPollSecurityIsCreated();
|
|
|
|
$_SESSION['poll_security'][$poll->id] = $password;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-12-20 17:46:50 +01:00
|
|
|
private function ensureSessionPollSecurityIsCreated(): void
|
|
|
|
{
|
2015-10-28 17:30:42 +01:00
|
|
|
if (!isset($_SESSION['poll_security'])) {
|
2018-02-19 00:18:43 +01:00
|
|
|
$_SESSION['poll_security'] = [];
|
2015-10-28 17:30:42 +01:00
|
|
|
}
|
|
|
|
}
|
2015-01-09 09:22:31 +01:00
|
|
|
}
|