diff options
author | emkael <emkael@tlen.pl> | 2016-10-31 17:22:13 +0100 |
---|---|---|
committer | emkael <emkael@tlen.pl> | 2016-10-31 17:22:59 +0100 |
commit | 53597812732c7891b087ef9de9788b824326dd93 (patch) | |
tree | 72b8077d20d7484f63065c0700e875c721ded450 /app/frontend | |
parent | 92b23923644d22b1e422631bc18fd1527b0b5399 (diff) |
* SecurityManager which persist validation/encryption keys outside of global state cache
Diffstat (limited to 'app/frontend')
-rw-r--r-- | app/frontend/encryption.xml | bin | 0 -> 152 bytes | |||
-rw-r--r-- | app/frontend/user/SecurityManager.php | 85 | ||||
-rw-r--r-- | app/frontend/user/config.xml | 2 |
3 files changed, 87 insertions, 0 deletions
diff --git a/app/frontend/encryption.xml b/app/frontend/encryption.xml Binary files differnew file mode 100644 index 0000000..c22bdb2 --- /dev/null +++ b/app/frontend/encryption.xml diff --git a/app/frontend/user/SecurityManager.php b/app/frontend/user/SecurityManager.php new file mode 100644 index 0000000..b83174c --- /dev/null +++ b/app/frontend/user/SecurityManager.php @@ -0,0 +1,85 @@ +<?php + +Prado::using('System.Security.TSecurityManager'); +PRado::using('System.Xml.TXmlDocument'); + +class SecurityManager extends TSecurityManager { + + private $_configFile; + private $_validationKey; + private $_encryptionKey; + + public function setConfigFile($path) { + $this->_configFile = Prado::getPathOfNamespace($path, '.xml'); + $this->_restoreKeys(); + } + + public function getValidationKey() { + if (!$this->_configFile) { + return parent::getValidationKey(); + } + if (!$this->_validationKey) { + $this->_storeKeys($this->_encryptionKey, $this->generateRandomKey()); + } + return $this->_validationKey; + } + + public function setValidationKey($key) { + parent::setValidationKey($key); + if ($this->_configFile) { + $this->_storeKeys($this->_encryptionKey, $key); + } + } + + public function getEncryptionKey() { + if (!$this->_configFile) { + return parent::getEncryptionKey(); + } + if (!$this->_encryptionKey) { + $this->_storeKeys($this->generateRandomKey(), $this->_validationKey); + } + return $this->_encryptionKey; + } + + public function setEncryptionKey($key) { + parent::setEncryptionKey($key); + if ($this->_configFile) { + $this->_storeKeys($key, $this->_validationKey); + } + } + + private function _restoreKeys() { + if ($this->_configFile) { + try { + $xml = new TXmlDocument(); + $xml->loadFromFile($this->_configFile); + foreach ($xml->getELementsByTagName('key') as $key) { + $this->{'_' . $key->Attributes['for'] . 'Key'} = $key->Value; + } + } catch (TIOException $e) {} + } + } + + private function _storeKeys($encryptionKey, $validationKey) { + $this->_encryptionKey = $encryptionKey; + $this->_validationKey = $validationKey; + if ($this->_configFile) { + $xml = new TXmlDocument(); + $xml->TagName = 'keys'; + $encElement = new TXmlElement('key'); + $encElement->Attributes['for'] = 'encryption'; + $encElement->Value = $this->_encryptionKey; + $xml->Elements[] = $encElement; + $valElement = new TXmlElement('key'); + $valElement->Attributes['for'] = 'validation'; + $valElement->Value = $this->_validationKey; + $xml->Elements[] = $valElement; + @chmod($this->_configFile, 0600); + $xml->saveToFile($this->_configFile); + chmod($this->_configFile, 0400); + } + } + +} + +?> diff --git a/app/frontend/user/config.xml b/app/frontend/user/config.xml index 103b007..a815ed6 100644 --- a/app/frontend/user/config.xml +++ b/app/frontend/user/config.xml @@ -6,5 +6,7 @@ AllowAutoLogin="true" /> <module id="users" class="System.Security.TDbUserManager" UserClass="Application.user.DbUser" /> + <module id="security" class="Application.user.SecurityManager" + ConfigFile="Application.encryption" /> </modules> </configuration> |