diff --git a/lib/SP/Config/Config.php b/lib/SP/Config/Config.php index d48bff7f..4349d062 100644 --- a/lib/SP/Config/Config.php +++ b/lib/SP/Config/Config.php @@ -47,7 +47,7 @@ class Config /** * @var bool */ - private static $configLoaded = false; + private $configLoaded = false; /** * @var ConfigData */ @@ -71,6 +71,7 @@ class Config * @param XmlFileStorageInterface $fileStorage * @param ContextInterface $session * @param Container $dic + * * @throws ConfigException */ public function __construct(XmlFileStorageInterface $fileStorage, ContextInterface $session, Container $dic) @@ -87,7 +88,7 @@ class Config */ private function initialize() { - if (!self::$configLoaded) { + if (!$this->configLoaded) { try { $this->configData = $this->loadConfigFromFile(); @@ -104,7 +105,9 @@ class Config } self::$timeUpdated = $this->configData->getConfigDate(); - self::$configLoaded = true; + $this->configLoaded = true; + + debugLog('Config loaded'); } } @@ -143,6 +146,7 @@ class Config * * @param ConfigData $configData * @param bool $backup + * * @return Config */ public function saveConfig(ConfigData $configData, $backup = true) @@ -177,6 +181,7 @@ class Config * Commits a config data * * @param ConfigData $configData + * * @return Config */ public function updateConfig(ConfigData $configData) @@ -197,6 +202,7 @@ class Config * * @param ContextInterface $context * @param bool $reload + * * @return ConfigData */ public function loadConfig(ContextInterface $context, $reload = false) @@ -217,6 +223,7 @@ class Config * Guardar la configuraciĆ³n en la sesiĆ³n * * @param ContextInterface $context + * * @return ConfigData */ private function saveConfigInSession(ContextInterface $context) diff --git a/lib/SP/Services/Auth/LoginService.php b/lib/SP/Services/Auth/LoginService.php index c20d1914..c75160bd 100644 --- a/lib/SP/Services/Auth/LoginService.php +++ b/lib/SP/Services/Auth/LoginService.php @@ -253,8 +253,8 @@ class LoginService extends Service $temporaryMasterPass = $this->dic->get(TemporaryMasterPassService::class); $userPassService = $this->dic->get(UserPassService::class); - $masterPass = $this->request->analyzeString('mpass'); - $oldPass = $this->request->analyzeString('oldpass'); + $masterPass = $this->request->analyzeEncrypted('mpass'); + $oldPass = $this->request->analyzeEncrypted('oldpass'); try { if ($masterPass) { diff --git a/lib/SP/Services/Crypt/TemporaryMasterPassService.php b/lib/SP/Services/Crypt/TemporaryMasterPassService.php index 753e6cf2..6104275d 100644 --- a/lib/SP/Services/Crypt/TemporaryMasterPassService.php +++ b/lib/SP/Services/Crypt/TemporaryMasterPassService.php @@ -26,6 +26,7 @@ namespace SP\Services\Crypt; use SP\Core\Crypt\Crypt; use SP\Core\Crypt\Hash; +use SP\Core\Crypt\Session; use SP\Core\Events\Event; use SP\Core\Events\EventMessage; use SP\Services\Config\ConfigService; @@ -68,8 +69,10 @@ class TemporaryMasterPassService extends Service // Encriptar la clave maestra con hash aleatorio generado $randomKey = Util::generateRandomBytes(32); + $secureKey = Crypt::makeSecuredKey($randomKey); - $this->configService->save('tempmaster_passkey', Crypt::makeSecuredKey($randomKey)); + $this->configService->save('tempmaster_pass', Crypt::encrypt(Session::getSessionKey($this->context), $secureKey, $randomKey)); + $this->configService->save('tempmaster_passkey', $secureKey); $this->configService->save('tempmaster_passhash', Hash::hashKey($randomKey)); $this->configService->save('tempmaster_passtime', time()); $this->configService->save('tempmaster_maxtime', $this->maxTime); @@ -145,6 +148,7 @@ class TemporaryMasterPassService extends Service */ protected function expire() { + $this->configService->save('tempmaster_pass', ''); $this->configService->save('tempmaster_passkey', ''); $this->configService->save('tempmaster_passhash', ''); $this->configService->save('tempmaster_maxtime', ''); diff --git a/lib/SP/Services/Install/Installer.php b/lib/SP/Services/Install/Installer.php index 8d9b581e..e7c226cc 100644 --- a/lib/SP/Services/Install/Installer.php +++ b/lib/SP/Services/Install/Installer.php @@ -56,7 +56,7 @@ class Installer extends Service */ const VERSION = [3, 0, 0]; const VERSION_TEXT = '3.0-beta'; - const BUILD = 18070901; + const BUILD = 18071101; /** * @var ConfigService diff --git a/tests/Repositories/AuthTokenRepositoryTest.php b/tests/Repositories/AuthTokenRepositoryTest.php index bd7d7782..9ef6de8a 100644 --- a/tests/Repositories/AuthTokenRepositoryTest.php +++ b/tests/Repositories/AuthTokenRepositoryTest.php @@ -158,7 +158,7 @@ class AuthTokenRepositoryTest extends DatabaseTestCase $this->assertEquals(1, $result->getNumRows()); - $this->assertInstanceOf(AuthTokenData::class, $result); + $this->assertInstanceOf(AuthTokenData::class, $data); $this->assertTrue(Hash::checkHashKey(self::AUTH_TOKEN_PASS, $data->getHash())); $this->assertEquals($vault, $data->getVault()); diff --git a/tests/res/datasets/syspass_accountFile.xml b/tests/res/datasets/syspass_accountFile.xml index 56057624..a457bdd7 100644 --- a/tests/res/datasets/syspass_accountFile.xml +++ b/tests/res/datasets/syspass_accountFile.xml @@ -1,6 +1,29 @@ + + + 1 + Google + 6338323263316236333835336564323733623839363837616335303566396661 + Google Inc. + 0 + + + 2 + Apple + 3166333837306265323734663663343962336533316130633637323839353766 + Apple Inc. + 0 + + + 3 + Microsoft + 3566353332613366633466316561343033663337303730663539613761353361 + Microsoft Inc. + 1 + + 1