Mirrors/sysPass
2
0
Fork 0
mirror of https://github.com/nuxsmin/sysPass.git synced 2026-03-03 15:14:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
10dedaa03ff833ba466cca496cefe43d340ba032
sysPass/lib/SP/Domain/Auth/Services/AuthToken.php
Rubén D 40c6cb1dba chore: Use strict types 
Signed-off-by: Rubén D <nuxsmin@syspass.org>
2024-05-01 12:03:55 +02:00

306 lines
9.0 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
/*
* sysPass
*
* @author nuxsmin
* @link https://syspass.org
* @copyright 2012-2024, Rubén Domínguez nuxsmin@$syspass.org
*
* This file is part of sysPass.
*
* sysPass is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* sysPass is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with sysPass. If not, see <http://www.gnu.org/licenses/>.
*/
namespace SP\Domain\Auth\Services;
use Defuse\Crypto\Exception\CryptoException;
use Defuse\Crypto\Exception\EnvironmentIsBrokenException;
use Exception;
use SP\Core\Application;
use SP\Core\Crypt\Hash;
use SP\Core\Crypt\Vault;
use SP\Domain\Auth\Models\AuthToken as AuthTokenModel;
use SP\Domain\Auth\Ports\AuthTokenRepository;
use SP\Domain\Auth\Ports\AuthTokenService;
use SP\Domain\Common\Adapters\Serde;
use SP\Domain\Common\Providers\Password;
use SP\Domain\Common\Services\Service;
use SP\Domain\Common\Services\ServiceException;
use SP\Domain\Core\Acl\AclActionsInterface;
use SP\Domain\Core\Crypt\CryptInterface;
use SP\Domain\Core\Crypt\VaultInterface;
use SP\Domain\Core\Dtos\ItemSearchDto;
use SP\Domain\Core\Exceptions\ConstraintException;
use SP\Domain\Core\Exceptions\CryptException;
use SP\Domain\Core\Exceptions\QueryException;
use SP\Domain\Core\Exceptions\SPException;
use SP\Infrastructure\Common\Repositories\DuplicatedItemException;
use SP\Infrastructure\Common\Repositories\NoSuchItemException;
use SP\Infrastructure\Database\QueryResult;
use function SP\__u;
/**
* Class AuthToken
*
* @template T of AuthTokenModel
*/
final class AuthToken extends Service implements AuthTokenService
{
private const SECURED_ACTIONS = [
AclActionsInterface::ACCOUNT_VIEW_PASS,
AclActionsInterface::ACCOUNT_EDIT_PASS,
AclActionsInterface::ACCOUNT_CREATE,
];
private const CAN_USE_SECURE_TOKEN_ACTIONS = [
AclActionsInterface::ACCOUNT_VIEW,
AclActionsInterface::CATEGORY_VIEW,
AclActionsInterface::CLIENT_VIEW,
];
/**
* @param Application $application
* @param AuthTokenRepository<AuthToken> $authTokenRepository
* @param CryptInterface $crypt
*/
public function __construct(
Application $application,
private readonly AuthTokenRepository $authTokenRepository,
private readonly CryptInterface $crypt
) {
parent::__construct($application);
}
/**
* @param ItemSearchDto $itemSearchData
* @return QueryResult<T>
* @throws ConstraintException
* @throws QueryException
*/
public function search(ItemSearchDto $itemSearchData): QueryResult
{
return $this->authTokenRepository->search($itemSearchData);
}
/**
* @param int $id
* @return AuthTokenModel
*/
public function getById(int $id): AuthTokenModel
{
return $this->authTokenRepository->getById($id)->getData(AuthTokenModel::class);
}
/**
* @throws ConstraintException
* @throws QueryException
* @throws NoSuchItemException
*/
public function delete(int $id): void
{
if ($this->authTokenRepository->delete($id)->getAffectedNumRows() === 0) {
throw new NoSuchItemException(__u('Token not found'));
}
}
/**
* Deletes all the items for given ids
*
* @throws ServiceException
* @throws ConstraintException
* @throws QueryException
*/
public function deleteByIdBatch(array $ids): void
{
if ($this->authTokenRepository->deleteByIdBatch($ids)->getAffectedNumRows() === 0) {
throw new ServiceException(__u('Error while removing the tokens'), SPException::WARNING);
}
}
/**
* @throws SPException
* @throws CryptoException
* @throws EnvironmentIsBrokenException
* @throws ConstraintException
* @throws QueryException
*/
public function create(AuthTokenModel $authToken): int
{
$secureAuthToken = $this->injectSecureData($authToken, $this->getOrBuildToken($authToken));
return $this->authTokenRepository->create($secureAuthToken)->getLastId();
}
/**
* Injects secure data for token
*
* @throws CryptException
* @throws ServiceException
*/
private function injectSecureData(AuthTokenModel $authToken, string $token): AuthTokenModel
{
if (self::isSecuredAction($authToken->getActionId())
|| self::canUseSecureTokenAction($authToken->getActionId())
) {
$properties = [
'vault' => $this->getSecureData($token, $authToken->getHash())->getSerialized(),
'hash' => Hash::hashKey($authToken->getHash())
];
} else {
$properties = [
'hash' => null
];
}
$properties['token'] = $token;
$properties['createdBy'] = $this->context->getUserData()->getId();
return $authToken->mutate($properties);
}
public static function isSecuredAction(int $action): bool
{
return in_array($action, self::SECURED_ACTIONS, true);
}
public static function canUseSecureTokenAction(int $action): bool
{
return in_array($action, self::CAN_USE_SECURE_TOKEN_ACTIONS, true);
}
/**
* Generar la llave segura del token
*
* @throws ServiceException
* @throws CryptException
*/
private function getSecureData(string $token, string $key): VaultInterface
{
return Vault::factory($this->crypt)
->saveData(
$this->getMasterKeyFromContext(),
$key . $token
);
}
/**
* @param AuthTokenModel $authToken
* @return string|null
* @throws EnvironmentIsBrokenException
* @throws SPException
*/
private function getOrBuildToken(AuthTokenModel $authToken): ?string
{
$currentToken = $this->authTokenRepository->getTokenByUserId($authToken->getUserId());
return match ($currentToken->getNumRows()) {
1 => $currentToken->getData(AuthTokenModel::class)->getToken(),
0 => $this->generateToken()
};
}
/**
* Generar un token de acceso
*
* @throws EnvironmentIsBrokenException
*/
private function generateToken(): string
{
return Password::generateRandomBytes(32);
}
/**
* @throws Exception
*/
public function refreshAndUpdate(AuthTokenModel $authToken): void
{
$this->authTokenRepository->transactionAware(
function () use ($authToken) {
$token = $this->generateToken();
$vault = Serde::serialize($this->getSecureData($token, $authToken->getHash()));
$this->authTokenRepository->refreshTokenByUserId(
$authToken->getUserId(),
$token
);
$this->authTokenRepository->refreshVaultByUserId(
$authToken->getUserId(),
$vault,
Hash::hashKey($authToken->getHash())
);
$secureData = $this->injectSecureData($authToken, $token);
$this->authTokenRepository->update($secureData);
},
$this
);
}
/**
* @throws ConstraintException
* @throws CryptException
* @throws DuplicatedItemException
* @throws EnvironmentIsBrokenException
* @throws QueryException
* @throws SPException
* @throws ServiceException
*/
public function update(AuthTokenModel $authToken): void
{
$secureAuthToken = $this->injectSecureData($authToken, $this->getOrBuildToken($authToken));
$this->authTokenRepository->update($secureAuthToken);
}
/**
* @throws SPException
* @throws ConstraintException
* @throws QueryException
*/
public function updateRaw(AuthTokenModel $authToken): void
{
$this->authTokenRepository->update($authToken);
}
/**
* Devolver los datos de un token
*
* @param int $actionId
* @param string $token
* @return AuthTokenModel
* @throws NoSuchItemException
*/
public function getTokenByToken(int $actionId, string $token): AuthTokenModel
{
$result = $this->authTokenRepository->getTokenByToken($actionId, $token);
if ($result->getNumRows() === 0) {
throw new NoSuchItemException(__u('Token not found'));
}
return $result->getData(AuthTokenModel::class);
}
/**
* @return array<T>
*/
public function getAll(): array
{
return $this->authTokenRepository->getAll()->getDataAsArray(AuthTokenModel::class);
}
}
Reference in New Issue View Git Blame Copy Permalink