summaryrefslogtreecommitdiff
path: root/app/frontend
diff options
context:
space:
mode:
authoremkael <emkael@tlen.pl>2016-10-31 17:22:13 +0100
committeremkael <emkael@tlen.pl>2016-10-31 17:22:59 +0100
commit53597812732c7891b087ef9de9788b824326dd93 (patch)
tree72b8077d20d7484f63065c0700e875c721ded450 /app/frontend
parent92b23923644d22b1e422631bc18fd1527b0b5399 (diff)
* SecurityManager which persist validation/encryption keys outside of global state cache
Diffstat (limited to 'app/frontend')
-rw-r--r--app/frontend/encryption.xmlbin0 -> 152 bytes
-rw-r--r--app/frontend/user/SecurityManager.php85
-rw-r--r--app/frontend/user/config.xml2
3 files changed, 87 insertions, 0 deletions
diff --git a/app/frontend/encryption.xml b/app/frontend/encryption.xml
new file mode 100644
index 0000000..c22bdb2
--- /dev/null
+++ b/app/frontend/encryption.xml
Binary files differ
diff --git a/app/frontend/user/SecurityManager.php b/app/frontend/user/SecurityManager.php
new file mode 100644
index 0000000..b83174c
--- /dev/null
+++ b/app/frontend/user/SecurityManager.php
@@ -0,0 +1,85 @@
+<?php
+
+Prado::using('System.Security.TSecurityManager');
+PRado::using('System.Xml.TXmlDocument');
+
+class SecurityManager extends TSecurityManager {
+
+ private $_configFile;
+ private $_validationKey;
+ private $_encryptionKey;
+
+ public function setConfigFile($path) {
+ $this->_configFile = Prado::getPathOfNamespace($path, '.xml');
+ $this->_restoreKeys();
+ }
+
+ public function getValidationKey() {
+ if (!$this->_configFile) {
+ return parent::getValidationKey();
+ }
+ if (!$this->_validationKey) {
+ $this->_storeKeys($this->_encryptionKey, $this->generateRandomKey());
+ }
+ return $this->_validationKey;
+ }
+
+ public function setValidationKey($key) {
+ parent::setValidationKey($key);
+ if ($this->_configFile) {
+ $this->_storeKeys($this->_encryptionKey, $key);
+ }
+ }
+
+ public function getEncryptionKey() {
+ if (!$this->_configFile) {
+ return parent::getEncryptionKey();
+ }
+ if (!$this->_encryptionKey) {
+ $this->_storeKeys($this->generateRandomKey(), $this->_validationKey);
+ }
+ return $this->_encryptionKey;
+ }
+
+ public function setEncryptionKey($key) {
+ parent::setEncryptionKey($key);
+ if ($this->_configFile) {
+ $this->_storeKeys($key, $this->_validationKey);
+ }
+ }
+
+ private function _restoreKeys() {
+ if ($this->_configFile) {
+ try {
+ $xml = new TXmlDocument();
+ $xml->loadFromFile($this->_configFile);
+ foreach ($xml->getELementsByTagName('key') as $key) {
+ $this->{'_' . $key->Attributes['for'] . 'Key'} = $key->Value;
+ }
+ } catch (TIOException $e) {}
+ }
+ }
+
+ private function _storeKeys($encryptionKey, $validationKey) {
+ $this->_encryptionKey = $encryptionKey;
+ $this->_validationKey = $validationKey;
+ if ($this->_configFile) {
+ $xml = new TXmlDocument();
+ $xml->TagName = 'keys';
+ $encElement = new TXmlElement('key');
+ $encElement->Attributes['for'] = 'encryption';
+ $encElement->Value = $this->_encryptionKey;
+ $xml->Elements[] = $encElement;
+ $valElement = new TXmlElement('key');
+ $valElement->Attributes['for'] = 'validation';
+ $valElement->Value = $this->_validationKey;
+ $xml->Elements[] = $valElement;
+ @chmod($this->_configFile, 0600);
+ $xml->saveToFile($this->_configFile);
+ chmod($this->_configFile, 0400);
+ }
+ }
+
+}
+
+?>
diff --git a/app/frontend/user/config.xml b/app/frontend/user/config.xml
index 103b007..a815ed6 100644
--- a/app/frontend/user/config.xml
+++ b/app/frontend/user/config.xml
@@ -6,5 +6,7 @@
AllowAutoLogin="true" />
<module id="users" class="System.Security.TDbUserManager"
UserClass="Application.user.DbUser" />
+ <module id="security" class="Application.user.SecurityManager"
+ ConfigFile="Application.encryption" />
</modules>
</configuration>