mirror of
https://github.com/nuxsmin/sysPass.git
synced 2026-03-16 05:16:47 +01:00
0ed17a8f46
* [ADD] New Select component to deal with structured data from a query which will be shown in an HTML select component * [MOD] Improved accounts search filtering * [MOD] Code refactoring
491 lines
13 KiB
PHP
491 lines
13 KiB
PHP
<?php
|
|
/**
|
|
* sysPass
|
|
*
|
|
* @author nuxsmin
|
|
* @link http://syspass.org
|
|
* @copyright 2012-2018, Rubén Domínguez nuxsmin@$syspass.org
|
|
*
|
|
* This file is part of sysPass.
|
|
*
|
|
* sysPass is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* sysPass is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with sysPass. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
namespace SP\Repositories\ApiToken;
|
|
|
|
use SP\Core\Acl\Acl;
|
|
use SP\Core\Acl\ActionsInterface;
|
|
use SP\Core\Crypt\Hash;
|
|
use SP\Core\Crypt\Session as CryptSession;
|
|
use SP\Core\Crypt\Vault;
|
|
use SP\Core\Exceptions\SPException;
|
|
use SP\DataModel\ApiTokenData;
|
|
use SP\DataModel\ItemSearchData;
|
|
use SP\Repositories\Repository;
|
|
use SP\Repositories\RepositoryItemInterface;
|
|
use SP\Repositories\RepositoryItemTrait;
|
|
use SP\Storage\DbWrapper;
|
|
use SP\Storage\QueryData;
|
|
use SP\Util\Util;
|
|
|
|
/**
|
|
* Class ApiTokenRepository
|
|
*
|
|
* @package SP\Repositories\ApiToken
|
|
*/
|
|
class ApiTokenRepository extends Repository implements RepositoryItemInterface
|
|
{
|
|
use RepositoryItemTrait;
|
|
|
|
/**
|
|
* Deletes an item
|
|
*
|
|
* @param $id
|
|
* @return int
|
|
* @throws \SP\Core\Exceptions\ConstraintException
|
|
* @throws \SP\Core\Exceptions\QueryException
|
|
*/
|
|
public function delete($id)
|
|
{
|
|
$query = /** @lang SQL */
|
|
'DELETE FROM AuthToken WHERE id = ? LIMIT 1';
|
|
|
|
$Data = new QueryData();
|
|
$Data->setQuery($query);
|
|
$Data->addParam($id);
|
|
$Data->setOnErrorMessage(__u('Error interno'));
|
|
|
|
DbWrapper::getQuery($Data, $this->db);
|
|
|
|
return $Data->getQueryNumRows();
|
|
}
|
|
|
|
/**
|
|
* Returns the item for given id
|
|
*
|
|
* @param int $id
|
|
* @return mixed
|
|
*/
|
|
public function getById($id)
|
|
{
|
|
$query = /** @lang SQL */
|
|
'SELECT id,
|
|
userId,
|
|
actionId,
|
|
createdBy,
|
|
startDate,
|
|
token
|
|
FROM AuthToken
|
|
WHERE id = ? LIMIT 1';
|
|
|
|
$Data = new QueryData();
|
|
$Data->setMapClassName(ApiTokenData::class);
|
|
$Data->setQuery($query);
|
|
$Data->addParam($id);
|
|
|
|
return DbWrapper::getResults($Data, $this->db);
|
|
}
|
|
|
|
/**
|
|
* Returns all the items
|
|
*
|
|
* @return mixed
|
|
*/
|
|
public function getAll()
|
|
{
|
|
throw new \RuntimeException('Not implemented');
|
|
}
|
|
|
|
/**
|
|
* Returns all the items for given ids
|
|
*
|
|
* @param array $ids
|
|
* @return void
|
|
*/
|
|
public function getByIdBatch(array $ids)
|
|
{
|
|
throw new \RuntimeException('Not implemented');
|
|
}
|
|
|
|
/**
|
|
* Deletes all the items for given ids
|
|
*
|
|
* @param array $ids
|
|
* @return bool
|
|
* @throws \SP\Core\Exceptions\ConstraintException
|
|
* @throws \SP\Core\Exceptions\QueryException
|
|
*/
|
|
public function deleteByIdBatch(array $ids)
|
|
{
|
|
$query = /** @lang SQL */
|
|
'DELETE FROM AuthToken WHERE id IN (' . $this->getParamsFromArray($ids) . ')';
|
|
|
|
$Data = new QueryData();
|
|
$Data->setQuery($query);
|
|
$Data->setParams($ids);
|
|
$Data->setOnErrorMessage(__u('Error interno'));
|
|
|
|
return DbWrapper::getQuery($Data, $this->db);
|
|
}
|
|
|
|
/**
|
|
* Checks whether the item is in use or not
|
|
*
|
|
* @param $id int
|
|
* @return void
|
|
*/
|
|
public function checkInUse($id)
|
|
{
|
|
throw new \RuntimeException('Not implemented');
|
|
}
|
|
|
|
/**
|
|
* Searches for items by a given filter
|
|
*
|
|
* @param ItemSearchData $SearchData
|
|
* @return mixed
|
|
*/
|
|
public function search(ItemSearchData $SearchData)
|
|
{
|
|
$query = /** @lang SQL */
|
|
'SELECT AT.id,
|
|
AT.userId,
|
|
AT.actionId,
|
|
AT.token,
|
|
CONCAT(U.name, \' (\', U.login, \')\') AS userLogin
|
|
FROM AuthToken AT
|
|
INNER JOIN User U ON userid = U.id';
|
|
|
|
$Data = new QueryData();
|
|
|
|
if ($SearchData->getSeachString() !== '') {
|
|
$search = '%' . $SearchData->getSeachString() . '%';
|
|
$query .= ' WHERE U.login LIKE ?';
|
|
|
|
$Data->addParam($search);
|
|
}
|
|
|
|
$query .= ' ORDER BY U.login';
|
|
$query .= ' LIMIT ?, ?';
|
|
|
|
$Data->addParam($SearchData->getLimitStart());
|
|
$Data->addParam($SearchData->getLimitCount());
|
|
|
|
$Data->setQuery($query);
|
|
|
|
DbWrapper::setFullRowCount();
|
|
|
|
$queryRes = DbWrapper::getResultsArray($Data, $this->db);
|
|
|
|
foreach ($queryRes as $token) {
|
|
$token->actionId = Acl::getActionInfo($token->actionId);
|
|
}
|
|
|
|
$queryRes['count'] = $Data->getQueryNumRows();
|
|
|
|
return $queryRes;
|
|
}
|
|
|
|
/**
|
|
* Creates an item
|
|
*
|
|
* @param ApiTokenData $itemData
|
|
* @return mixed
|
|
* @throws SPException
|
|
* @throws \Defuse\Crypto\Exception\CryptoException
|
|
* @throws \Defuse\Crypto\Exception\EnvironmentIsBrokenException
|
|
* @throws \SP\Core\Exceptions\ConstraintException
|
|
* @throws \SP\Core\Exceptions\QueryException
|
|
*/
|
|
public function create($itemData)
|
|
{
|
|
if ($this->checkDuplicatedOnAdd($itemData)) {
|
|
throw new SPException(SPException::SP_WARNING, __u('La autorización ya existe'));
|
|
}
|
|
|
|
$query = /** @lang SQL */
|
|
'INSERT INTO AuthToken
|
|
SET userId = ?,
|
|
actionId = ?,
|
|
createdBy = ?,
|
|
token = ?,
|
|
vault = ?,
|
|
`hash` = ?,
|
|
startDate = UNIX_TIMESTAMP()';
|
|
|
|
$Data = new QueryData();
|
|
$Data->setQuery($query);
|
|
$Data->addParam($itemData->getUserId());
|
|
$Data->addParam($itemData->getActionId());
|
|
$Data->addParam($this->session->getUserData()->getId());
|
|
|
|
$token = $this->getTokenByUserId($itemData->getUserId());
|
|
$Data->addParam($token);
|
|
|
|
$action = $itemData->getActionId();
|
|
|
|
if ($action === ActionsInterface::ACCOUNT_VIEW_PASS
|
|
|| $action === ActionsInterface::ACCOUNT_CREATE
|
|
) {
|
|
$Data->addParam(serialize($this->getSecureData($token, $itemData)));
|
|
} else {
|
|
$Data->addParam(null);
|
|
}
|
|
|
|
$Data->addParam(Hash::hashKey($itemData->getHash()));
|
|
$Data->setOnErrorMessage(__u('Error interno'));
|
|
|
|
DbWrapper::getQuery($Data, $this->db);
|
|
|
|
return $this->db->getLastId();
|
|
}
|
|
|
|
/**
|
|
* Checks whether the item is duplicated on adding
|
|
*
|
|
* @param mixed $itemData
|
|
* @return bool
|
|
*/
|
|
public function checkDuplicatedOnAdd($itemData)
|
|
{
|
|
$query = /** @lang SQL */
|
|
'SELECT id FROM AuthToken
|
|
WHERE userId = ?
|
|
AND actionId = ? LIMIT 1';
|
|
|
|
$Data = new QueryData();
|
|
$Data->setQuery($query);
|
|
$Data->addParam($itemData->getAuthtokenUserId());
|
|
$Data->addParam($itemData->getAuthtokenActionId());
|
|
|
|
DbWrapper::getResults($Data, $this->db);
|
|
|
|
return $Data->getQueryNumRows() === 1;
|
|
}
|
|
|
|
/**
|
|
* Obtener el token de la API de un usuario
|
|
*
|
|
* @param $id
|
|
* @return string
|
|
* @throws \Defuse\Crypto\Exception\EnvironmentIsBrokenException
|
|
*/
|
|
private function getTokenByUserId($id)
|
|
{
|
|
$query = /** @lang SQL */
|
|
'SELECT token FROM AuthToken WHERE userId = ? LIMIT 1';
|
|
|
|
$Data = new QueryData();
|
|
$Data->setQuery($query);
|
|
$Data->addParam($id);
|
|
|
|
$queryRes = DbWrapper::getResults($Data, $this->db);
|
|
|
|
return $Data->getQueryNumRows() === 1 ? $queryRes->token : $this->generateToken();
|
|
}
|
|
|
|
/**
|
|
* Generar un token de acceso
|
|
*
|
|
* @return string
|
|
* @throws \Defuse\Crypto\Exception\EnvironmentIsBrokenException
|
|
*/
|
|
private function generateToken()
|
|
{
|
|
return Util::generateRandomBytes(32);
|
|
}
|
|
|
|
/**
|
|
* Generar la llave segura del token
|
|
*
|
|
* @param string $token
|
|
* @param ApiTokenData $itemData
|
|
* @return Vault
|
|
* @throws \Defuse\Crypto\Exception\CryptoException
|
|
*/
|
|
private function getSecureData($token, ApiTokenData $itemData)
|
|
{
|
|
$Vault = new Vault();
|
|
$Vault->saveData(CryptSession::getSessionKey(), $itemData->getHash() . $token);
|
|
|
|
return $Vault;
|
|
}
|
|
|
|
/**
|
|
* Updates an item
|
|
*
|
|
* @param ApiTokenData $itemData
|
|
* @return mixed
|
|
* @throws SPException
|
|
* @throws \Defuse\Crypto\Exception\CryptoException
|
|
* @throws \SP\Core\Exceptions\ConstraintException
|
|
* @throws \SP\Core\Exceptions\QueryException
|
|
*/
|
|
public function update($itemData)
|
|
{
|
|
if ($this->checkDuplicatedOnUpdate($itemData)) {
|
|
throw new SPException(SPException::SP_WARNING, __u('La autorización ya existe'));
|
|
}
|
|
|
|
$token = $this->getTokenByUserId($itemData->getUserId());
|
|
|
|
$query = /** @lang SQL */
|
|
'UPDATE AuthToken
|
|
SET userId = ?,
|
|
actionId = ?,
|
|
createdBy = ?,
|
|
token = ?,
|
|
vault = ?,
|
|
`hash` = ?,
|
|
startDate = UNIX_TIMESTAMP()
|
|
WHERE id = ? LIMIT 1';
|
|
|
|
$Data = new QueryData();
|
|
$Data->setQuery($query);
|
|
$Data->addParam($itemData->getUserId());
|
|
$Data->addParam($itemData->getActionId());
|
|
$Data->addParam($this->session->getUserData()->getId());
|
|
$Data->addParam($token);
|
|
|
|
$action = $itemData->getActionId();
|
|
|
|
if ($action === ActionsInterface::ACCOUNT_VIEW_PASS
|
|
|| $action === ActionsInterface::ACCOUNT_CREATE
|
|
) {
|
|
$Data->addParam(serialize($this->getSecureData($token, $itemData)));
|
|
} else {
|
|
$Data->addParam(null);
|
|
}
|
|
|
|
$Data->addParam(Hash::hashKey($itemData->getHash()));
|
|
$Data->addParam($itemData->getId());
|
|
$Data->setOnErrorMessage(__u('Error interno'));
|
|
|
|
return DbWrapper::getQuery($Data, $this->db);
|
|
}
|
|
|
|
/**
|
|
* Checks whether the item is duplicated on updating
|
|
*
|
|
* @param ApiTokenData $itemData
|
|
* @return bool
|
|
*/
|
|
public function checkDuplicatedOnUpdate($itemData)
|
|
{
|
|
$query = /** @lang SQL */
|
|
'SELECT id FROM AuthToken
|
|
WHERE userId = ?
|
|
AND actionId = ?
|
|
AND id <> ? LIMIT 1';
|
|
|
|
$Data = new QueryData();
|
|
$Data->setQuery($query);
|
|
$Data->addParam($itemData->getUserId());
|
|
$Data->addParam($itemData->getActionId());
|
|
$Data->addParam($itemData->getId());
|
|
|
|
DbWrapper::getResults($Data, $this->db);
|
|
|
|
return $Data->getQueryNumRows() === 1;
|
|
}
|
|
|
|
/**
|
|
* Regenerar el hash de los tokens de un usuario
|
|
*
|
|
* @param ApiTokenData $itemData
|
|
* @return bool
|
|
* @throws \Defuse\Crypto\Exception\CryptoException
|
|
* @throws \Defuse\Crypto\Exception\EnvironmentIsBrokenException
|
|
* @throws \SP\Core\Exceptions\ConstraintException
|
|
* @throws \SP\Core\Exceptions\QueryException
|
|
*/
|
|
public function refreshToken(ApiTokenData $itemData)
|
|
{
|
|
$query = /** @lang SQL */
|
|
'UPDATE AuthToken
|
|
SET token = ?,
|
|
`hash` = ?,
|
|
vault = ?,
|
|
startDate = UNIX_TIMESTAMP()
|
|
WHERE userId = ? LIMIT 1';
|
|
|
|
$Data = new QueryData();
|
|
$Data->setQuery($query);
|
|
|
|
$token = $this->generateToken();
|
|
$Data->addParam($token);
|
|
$Data->addParam(Hash::hashKey($itemData->getHash()));
|
|
|
|
$action = $itemData->getActionId();
|
|
|
|
if ($action === ActionsInterface::ACCOUNT_VIEW_PASS
|
|
|| $action === ActionsInterface::ACCOUNT_CREATE
|
|
) {
|
|
$Data->addParam(serialize($this->getSecureData($token, $itemData)));
|
|
} else {
|
|
$Data->addParam(null);
|
|
}
|
|
|
|
$Data->addParam($itemData->getUserId());
|
|
$Data->setOnErrorMessage(__u('Error interno'));
|
|
|
|
return DbWrapper::getQuery($Data, $this->db);
|
|
}
|
|
|
|
/**
|
|
* Obtener el usuario a partir del token
|
|
*
|
|
* @param $token string El token de autorización
|
|
* @return bool|mixed
|
|
*/
|
|
public function getUserIdForToken($token)
|
|
{
|
|
$query = /** @lang SQL */
|
|
'SELECT userId FROM AuthToken WHERE token = ? LIMIT 1';
|
|
|
|
$Data = new QueryData();
|
|
$Data->setQuery($query);
|
|
$Data->addParam($token);
|
|
|
|
$queryRes = DbWrapper::getResults($Data, $this->db);
|
|
|
|
return $Data->getQueryNumRows() === 1 ? $queryRes->userId : false;
|
|
}
|
|
|
|
/**
|
|
* Devolver los datos de un token
|
|
*
|
|
* @param $actionId int El id de la accion
|
|
* @param $token string El token de seguridad
|
|
* @return false|ApiTokenData
|
|
*/
|
|
public function getTokenByToken($actionId, $token)
|
|
{
|
|
$query = /** @lang SQL */
|
|
'SELECT userId, vault, `hash`
|
|
FROM AuthToken
|
|
WHERE actionId = ?
|
|
AND token = ? LIMIT 1';
|
|
|
|
$Data = new QueryData();
|
|
$Data->setMapClassName(ApiTokenData::class);
|
|
$Data->setQuery($query);
|
|
$Data->addParam($actionId);
|
|
$Data->addParam($token);
|
|
|
|
$queryRes = DbWrapper::getResults($Data, $this->db);
|
|
|
|
return $Data->getQueryNumRows() === 1 ? $queryRes : false;
|
|
}
|
|
} |