composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-05-20 07:42:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

N°7516 - Code hardening

Browse Source
This commit is contained in:
Eric Espie
2024-06-20 15:36:19 +02:00
parent 6b2476d220
commit 4867810ebe
1 changed files with 50 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
datamodels/2.x/itop-portal-base/portal/src/Helper/ContextManipulatorHelper.php
View File

@@ -13,6 +13,7 @@ use CorePortalInvalidActionRuleException;
use DBObject; use DBObject;
use DBObjectSearch; use DBObjectSearch;
use DBObjectSet; use DBObjectSet;
use DBProperty;
use DBSearch; use DBSearch;
use DeprecatedCallsLog; use DeprecatedCallsLog;
use DOMFormatException; use DOMFormatException;
@@ -20,8 +21,10 @@ use DOMNodeList;
use Exception; use Exception;
use FieldExpression; use FieldExpression;
use IssueLog; use IssueLog;
use MetaModel;
use ModuleDesign; use ModuleDesign;
use ScalarExpression; use ScalarExpression;
use SimpleCrypt;
use Symfony\Component\Routing\RouterInterface; use Symfony\Component\Routing\RouterInterface;
use TrueExpression; use TrueExpression;
use UserRights; use UserRights;
@@ -49,6 +52,8 @@ class ContextManipulatorHelper
/** @var string DEFAULT_RULE_CALLBACK_OPEN */ /** @var string DEFAULT_RULE_CALLBACK_OPEN */
const DEFAULT_RULE_CALLBACK_OPEN = self::ENUM_RULE_CALLBACK_OPEN_VIEW; const DEFAULT_RULE_CALLBACK_OPEN = self::ENUM_RULE_CALLBACK_OPEN_VIEW;
const PRIVATE_KEY = 'portal-priv-key';
/** @var array $aRules */ /** @var array $aRules */
protected $aRules; protected $aRules;
/** @var \Symfony\Component\Routing\RouterInterface */ /** @var \Symfony\Component\Routing\RouterInterface */
@@ -524,8 +529,12 @@ class ContextManipulatorHelper
*/ */
public static function EncodeRulesToken($aTokenRules) public static function EncodeRulesToken($aTokenRules)
{ {
// Returning tokenised data $aTokenRules['user_id'] = UserRights::GetUserId();
return base64_encode(json_encode($aTokenRules)); $aTokenRules['salt'] = base64_encode(random_bytes(8));
$sPPrivateKey = self::GetPrivateKey();
$oCrypt = new SimpleCrypt(MetaModel::GetConfig()->GetEncryptionLibrary());
return base64_encode($oCrypt->Encrypt($sPPrivateKey, json_encode($aTokenRules)));
} }
/** /**
@@ -549,9 +558,47 @@ class ContextManipulatorHelper
* @param string $sToken * @param string $sToken
* *
* @return array * @return array
* @throws \CoreException
* @throws \CoreUnexpectedValue
* @throws \MySQLException
* @throws \OQLException
*/ */
public static function DecodeRulesToken($sToken) public static function DecodeRulesToken($sToken)
{ {
return json_decode(base64_decode($sToken), true); $sPrivateKey = self::GetPrivateKey();
$oCrypt = new SimpleCrypt(MetaModel::GetConfig()->GetEncryptionLibrary());
$sDecryptedToken = $oCrypt->Decrypt($sPrivateKey, base64_decode($sToken));
$aTokenRules = json_decode($sDecryptedToken, true);
if (!is_array($aTokenRules))
{
throw new Exception('DecodeRulesToken not a proper json structure.');
}
// Verify user id
if ($aTokenRules['user_id'] !== UserRights::GetUserId())
{
throw new Exception('DecodeRulesToken user id does not match.');
}
return $aTokenRules;
}
/**
* @return string
* @throws \CoreException
* @throws \CoreUnexpectedValue
* @throws \MySQLException
*/
private static function GetPrivateKey()
{
$sPrivateKey = DBProperty::GetProperty(self::PRIVATE_KEY);
if (is_null($sPrivateKey)) {
$sPrivateKey = bin2hex(random_bytes(32));
DBProperty::SetProperty(self::PRIVATE_KEY, $sPrivateKey);
}
return $sPrivateKey;
} }
} }