diff options
| -rw-r--r-- | .gitattributes | 1 | ||||
| -rw-r--r-- | app/frontend/encryption.xml | bin | 0 -> 152 bytes | |||
| -rw-r--r-- | app/frontend/user/SecurityManager.php | 85 | ||||
| -rw-r--r-- | app/frontend/user/config.xml | 2 |
4 files changed, 88 insertions, 0 deletions
diff --git a/.gitattributes b/.gitattributes index 17366f1..da046eb 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1 +1,2 @@ config/db.json filter=git-crypt diff=git-crypt +app/frontend/encryption.xml filter=git-crypt diff=git-crypt diff --git a/app/frontend/encryption.xml b/app/frontend/encryption.xml Binary files differnew file mode 100644 index 0000000..c22bdb2 --- /dev/null +++ b/app/frontend/encryption.xml diff --git a/app/frontend/user/SecurityManager.php b/app/frontend/user/SecurityManager.php new file mode 100644 index 0000000..b83174c --- /dev/null +++ b/app/frontend/user/SecurityManager.php @@ -0,0 +1,85 @@ +<?php + +Prado::using('System.Security.TSecurityManager'); +PRado::using('System.Xml.TXmlDocument'); + +class SecurityManager extends TSecurityManager { + + private $_configFile; + private $_validationKey; + private $_encryptionKey; + + public function setConfigFile($path) { + $this->_configFile = Prado::getPathOfNamespace($path, '.xml'); + $this->_restoreKeys(); + } + + public function getValidationKey() { + if (!$this->_configFile) { + return parent::getValidationKey(); + } + if (!$this->_validationKey) { + $this->_storeKeys($this->_encryptionKey, $this->generateRandomKey()); + } + return $this->_validationKey; + } + + public function setValidationKey($key) { + parent::setValidationKey($key); + if ($this->_configFile) { + $this->_storeKeys($this->_encryptionKey, $key); + } + } + + public function getEncryptionKey() { + if (!$this->_configFile) { + return parent::getEncryptionKey(); + } + if (!$this->_encryptionKey) { + $this->_storeKeys($this->generateRandomKey(), $this->_validationKey); + } + return $this->_encryptionKey; + } + + public function setEncryptionKey($key) { + parent::setEncryptionKey($key); + if ($this->_configFile) { + $this->_storeKeys($key, $this->_validationKey); + } + } + + private function _restoreKeys() { + if ($this->_configFile) { + try { + $xml = new TXmlDocument(); + $xml->loadFromFile($this->_configFile); + foreach ($xml->getELementsByTagName('key') as $key) { + $this->{'_' . $key->Attributes['for'] . 'Key'} = $key->Value; + } + } catch (TIOException $e) {} + } + } + + private function _storeKeys($encryptionKey, $validationKey) { + $this->_encryptionKey = $encryptionKey; + $this->_validationKey = $validationKey; + if ($this->_configFile) { + $xml = new TXmlDocument(); + $xml->TagName = 'keys'; + $encElement = new TXmlElement('key'); + $encElement->Attributes['for'] = 'encryption'; + $encElement->Value = $this->_encryptionKey; + $xml->Elements[] = $encElement; + $valElement = new TXmlElement('key'); + $valElement->Attributes['for'] = 'validation'; + $valElement->Value = $this->_validationKey; + $xml->Elements[] = $valElement; + @chmod($this->_configFile, 0600); + $xml->saveToFile($this->_configFile); + chmod($this->_configFile, 0400); + } + } + +} + +?> diff --git a/app/frontend/user/config.xml b/app/frontend/user/config.xml index 103b007..a815ed6 100644 --- a/app/frontend/user/config.xml +++ b/app/frontend/user/config.xml @@ -6,5 +6,7 @@ AllowAutoLogin="true" /> <module id="users" class="System.Security.TDbUserManager" UserClass="Application.user.DbUser" /> + <module id="security" class="Application.user.SecurityManager" + ConfigFile="Application.encryption" /> </modules> </configuration> |