IT4Change/gradido
3
0
Fork 0
mirror of https://github.com/IT4Change/gradido.git synced 2025-12-13 07:45:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

check signature by Operator ajax save

Browse Source
This commit is contained in:
Dario Rekowski on RockPI 2019-09-17 11:49:42 +00:00
parent 7dd91a838b
commit 6f56e082e2
10 changed files with 184 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
composer.json
View File

@ -9,7 +9,8 @@
"cakephp/cakephp": "3.8.*",
"cakephp/migrations": "^2.0.0",
"cakephp/plugin-installer": "^1.0",
"mobiledetect/mobiledetectlib": "2.*"
"mobiledetect/mobiledetectlib": "2.*",
"paragonie/sodium_compat": "^1.11"
},
"require-dev": {
"cakephp/bake": "^1.9.0",

129
composer.lock generated
View File

@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically"
],
"content-hash": "bae3f640a631a993a49129d353eefbf9",
"content-hash": "67bc2c5a0445873e8399d5b549a7076a",
"packages": [
{
"name": "aura/intl",
@ -344,6 +344,133 @@
],
"time": "2018-09-01T15:05:15+00:00"
},
{
"name": "paragonie/random_compat",
"version": "v9.99.99",
"source": {
"type": "git",
"url": "https://github.com/paragonie/random_compat.git",
"reference": "84b4dfb120c6f9b4ff7b3685f9b8f1aa365a0c95"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/paragonie/random_compat/zipball/84b4dfb120c6f9b4ff7b3685f9b8f1aa365a0c95",
"reference": "84b4dfb120c6f9b4ff7b3685f9b8f1aa365a0c95",
"shasum": ""
},
"require": {
"php": "^7"
},
"require-dev": {
"phpunit/phpunit": "4.*|5.*",
"vimeo/psalm": "^1"
},
"suggest": {
"ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
},
"type": "library",
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Paragon Initiative Enterprises",
"email": "security@paragonie.com",
"homepage": "https://paragonie.com"
}
],
"description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
"keywords": [
"csprng",
"polyfill",
"pseudorandom",
"random"
],
"time": "2018-07-02T15:55:56+00:00"
},
{
"name": "paragonie/sodium_compat",
"version": "v1.11.1",
"source": {
"type": "git",
"url": "https://github.com/paragonie/sodium_compat.git",
"reference": "a9f968bc99485f85f9303a8524c3485a7e87bc15"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/paragonie/sodium_compat/zipball/a9f968bc99485f85f9303a8524c3485a7e87bc15",
"reference": "a9f968bc99485f85f9303a8524c3485a7e87bc15",
"shasum": ""
},
"require": {
"paragonie/random_compat": ">=1",
"php": "^5.2.4|^5.3|^5.4|^5.5|^5.6|^7|^8"
},
"require-dev": {
"phpunit/phpunit": "^3|^4|^5"
},
"suggest": {
"ext-libsodium": "PHP < 7.0: Better performance, password hashing (Argon2i), secure memory management (memzero), and better security.",
"ext-sodium": "PHP >= 7.0: Better performance, password hashing (Argon2i), secure memory management (memzero), and better security."
},
"type": "library",
"autoload": {
"files": [
"autoload.php"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"ISC"
],
"authors": [
{
"name": "Paragon Initiative Enterprises",
"email": "security@paragonie.com"
},
{
"name": "Frank Denis",
"email": "jedisct1@pureftpd.org"
}
],
"description": "Pure PHP implementation of libsodium; uses the PHP extension if it exists",
"keywords": [
"Authentication",
"BLAKE2b",
"ChaCha20",
"ChaCha20-Poly1305",
"Chapoly",
"Curve25519",
"Ed25519",
"EdDSA",
"Edwards-curve Digital Signature Algorithm",
"Elliptic Curve Diffie-Hellman",
"Poly1305",
"Pure-PHP cryptography",
"RFC 7748",
"RFC 8032",
"Salpoly",
"Salsa20",
"X25519",
"XChaCha20-Poly1305",
"XSalsa20-Poly1305",
"Xchacha20",
"Xsalsa20",
"aead",
"cryptography",
"ecdh",
"elliptic curve",
"elliptic curve cryptography",
"encryption",
"libsodium",
"php",
"public-key cryptography",
"secret-key cryptography",
"side-channel resistant"
],
"time": "2019-09-12T12:05:58+00:00"
},
{
"name": "psr/container",
"version": "1.0.0",

2
mithril_client

@ -1 +1 @@
Subproject commit a4af9311f84e31d1b4682ea6de953c3a018b5343
Subproject commit 116e2b660676334a593658b46ead01f03a057f1e

33
src/Controller/OperatorsController.php
View File

@ -3,6 +3,8 @@ namespace App\Controller;
use App\Controller\AppController;
//require_once "../../vendor/paragonie/sodium_compat/autoload.php";
/**
* Operators Controller
*
@ -37,10 +39,27 @@ class OperatorsController extends AppController
{
if ($this->request->is('post')) {
$operatorTypeName = $this->request->getData('operator_type_name');
$usernamePasswordHash = $this->request->getData('usernamePasswordHash');
$username = $this->request->getData('username');
$pubkey_bin = base64_decode($this->request->getData('user_pubkey'));
$data = base64_decode($this->request->getData('data_base64'));
$sign = base64_decode($this->request->getData('sign'));
//$publicKey_hex = bin2hex($pubkey_bin);
//$signature_hex = bin2hex($sign);
if(!sodium_crypto_sign_verify_detached($sign, $data, $pubkey_bin)) {
return $this->returnJson([
'state' => 'wrong signature',
/* 'details' => [
'pubkey' => $publicKey_hex,
'sign' => $signature_hex,
'data' => bin2hex($data)
]
*/
]);
}
$operatorTypeId = $this->Operators->OperatorTypes->
find()
->where(['name' => $operatorTypeName])
@ -52,14 +71,19 @@ class OperatorsController extends AppController
->find()
->where([
'operator_type_id' => $operatorTypeId->id,
'usernamePasswordHash' => $usernamePasswordHash])
'username' => $username,
'user_pubkey' => $pubkey_bin])
->first();
if(!$operator) {
// create new entity
$operator = $this->Operators->newEntity();
} else {
// check if request has valid signature
}
$operator = $this->Operators->patchEntity($operator, $this->request->getData());
$operator->user_pubkey = $pubkey_bin;
$operator->operator_type_id = $operatorTypeId->id;
if ($this->Operators->save($operator)) {
return $this->returnJson(['state' => 'success']);
@ -77,6 +101,7 @@ class OperatorsController extends AppController
->find()
->where(['usernamePasswordHash' => $usernamePasswordHash])
->contain(['OperatorTypes'])
->select(['data_base64', 'OperatorTypes.name'])
->toArray();
;
if($operators) {

3
src/Model/Entity/Operator.php
View File

@ -23,7 +23,8 @@ class Operator extends Entity
* @var array
*/
protected $_accessible = [
'usernamePasswordHash' => true,
'username' => true,
'user_pubkey' => true,
'operator_type_id' => true,
'data_base64' => true,
'modified' => true

12
src/Model/Table/OperatorsTable.php
View File

@ -57,12 +57,16 @@ class OperatorsTable extends Table
->allowEmptyString('id', null, 'create');
$validator
->scalar('usernamePasswordHash')
->maxLength('usernamePasswordHash', 255)
->requirePresence('usernamePasswordHash', 'create')
->notEmptyString('usernamePasswordHash');
->scalar('username')
->maxLength('username', 50)
->requirePresence('username', 'create')
->notEmptyString('username');
//->add('usernamePasswordHash', 'unique', ['rule' => 'validateUnique', 'provider' => 'table']);
$validator
->requirePresence('user_pubkey', 'create')
->notEmptyString('user_pubkey');
$validator
->scalar('data_base64')
->maxLength('data_base64', 255)

3
src/Template/Operators/add.ctp
View File

@ -15,7 +15,8 @@
<fieldset>
<legend><?= __('Add Operator') ?></legend>
<?php
echo $this->Form->control('usernamePasswordHash');
echo $this->Form->control('username');
echo $this->Form->control('user_pubkey');
echo $this->Form->control('operator_type_id');
echo $this->Form->control('data_base64');
?>

3
src/Template/Operators/edit.ctp
View File

@ -21,7 +21,8 @@
<fieldset>
<legend><?= __('Edit Operator') ?></legend>
<?php
echo $this->Form->control('usernamePasswordHash');
echo $this->Form->control('username');
echo $this->Form->control('user_pubkey');
echo $this->Form->control('operator_type_id');
echo $this->Form->control('data_base64');
?>

6
src/Template/Operators/index.ctp
View File

@ -16,7 +16,8 @@
<thead>
<tr>
<th scope="col"><?= $this->Paginator->sort('id') ?></th>
<th scope="col"><?= $this->Paginator->sort('usernamePasswordHash') ?></th>
<th scope="col"><?= $this->Paginator->sort('username') ?></th>
<th scope="col"><?= $this->Paginator->sort('user_pubkey') ?></th>
<th scope="col"><?= $this->Paginator->sort('operator_type_id') ?></th>
<th scope="col"><?= $this->Paginator->sort('data_base64') ?></th>
<th scope="col"><?= $this->Paginator->sort('modified') ?></th>
@ -28,7 +29,8 @@
//echo $operator->operator_type->name ?>
<tr>
<td><?= $this->Number->format($operator->id) ?></td>
<td><?= h($operator->usernamePasswordHash) ?></td>
<td><?= h($operator->username) ?></td>
<td><?= h(bin2hex($operator->user_pubkey)) ?></td>
<td><?= $this->Html->link(__($operator->operator_type->name), ['controller' => 'OperatorTypes', 'action' => 'view', $operator->operator_type_id]) ?></td>
<td><?= h($operator->data_base64) ?></td>
<td><?= h($operator->modified) ?></td>

8
src/Template/Operators/view.ctp
View File

@ -17,8 +17,12 @@
<h3><?= h($operator->id) ?></h3>
<table class="vertical-table">
<tr>
<th scope="row"><?= __('Username Password Hash') ?></th>
<td><?= h($operator->usernamePasswordHash) ?></td>
<th scope="row"><?= __('Username') ?></th>
<td><?= h($operator->username) ?></td>
</tr>
<tr>
<th scope="row"><?= __('User Pubkey') ?></th>
<td><?= h(bin2hex($operator->user_pubkey)) ?></td>
</tr>
<tr>
<th scope="row"><?= __('Data Base64') ?></th>