CO-Public-Mirror/CloudObjects-PHP-SDK
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Imported code from old repository

Browse Source
This commit is contained in:
Lukas Rosenstock
2022-11-17 11:48:29 +01:00
parent 14dfa45240
commit 0e4ab60d77
31 changed files with 6486 additions and 253 deletions
Download Patch File Download Diff File Expand all files Collapse all files

110
CloudObjects/SDK/Helpers/SharedSecretAuthentication.php Normal file
View File

@@ -0,0 +1,110 @@
<?php
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
namespace CloudObjects\SDK\Helpers;
use ML\IRI\IRI;
use CloudObjects\SDK\COIDParser, CloudObjects\SDK\NodeReader, CloudObjects\SDK\ObjectRetriever;
/**
* The SharedSecretAuthentication helper allows developers to quickly
* implement authentication based on CloudObjects shared secrets.
*/
class SharedSecretAuthentication {
const RESULT_OK = 0;
const RESULT_INVALID_USERNAME = 1;
const RESULT_INVALID_PASSWORD = 2;
const RESULT_NAMESPACE_NOT_FOUND = 3;
const RESULT_SHARED_SECRET_NOT_RETRIEVABLE = 4;
const RESULT_SHARED_SECRET_INCORRECT = 5;
private $objectRetriever;
/**
* @param ObjectRetriever $objectRetriever An initialized and authenticated object retriever.
*/
public function __construct(ObjectRetriever $objectRetriever) {
$this->objectRetriever = $objectRetriever;
}
/**
* Verifies credentials.
* @deprecated
*
* @param ObjectRetriever $retriever Provides access to CloudObjects.
* @param string $username Username; a domain.
* @param string $password Password; a shared secret.
*
* @return integer A result constant, RESULT_OK if successful.
*/
public static function verifyCredentials(ObjectRetriever $retriever, $username, $password) {
// Validate input
$namespaceCoid = new IRI('coid://'.$username);
if (COIDParser::getType($namespaceCoid) != COIDParser::COID_ROOT)
return self::RESULT_INVALID_USERNAME;
if (strlen($password) != 40)
return self::RESULT_INVALID_PASSWORD;
// Retrieve namespace
$namespace = $retriever->getObject($namespaceCoid);
if (!isset($namespace))
return self::RESULT_NAMESPACE_NOT_FOUND;
// Read and validate shared secret
$reader = new NodeReader([
'prefixes' => [
'co' => 'coid://cloudobjects.io/'
]
]);
$sharedSecret = $reader->getAllValuesNode($namespace, 'co:hasSharedSecret');
if (count($sharedSecret) != 1)
return self::RESULT_SHARED_SECRET_NOT_RETRIEVABLE;
if ($reader->getFirstValueString($sharedSecret[0], 'co:hasTokenValue') == $password)
return self::RESULT_OK;
else
return self::RESULT_SHARED_SECRET_INCORRECT;
}
/**
* Verifies credentials.
*
* @param string $username Username; a domain.
* @param string $password Password; a shared secret.
*
* @return integer A result constant, RESULT_OK if successful.
*/
public function verify($username, $password) {
// Validate input
$namespaceCoid = new IRI('coid://'.$username);
if (COIDParser::getType($namespaceCoid) != COIDParser::COID_ROOT)
return self::RESULT_INVALID_USERNAME;
if (strlen($password) != 40)
return self::RESULT_INVALID_PASSWORD;
// Retrieve namespace
$namespace = $this->objectRetriever->getObject($namespaceCoid);
if (!isset($namespace))
return self::RESULT_NAMESPACE_NOT_FOUND;
// Read and validate shared secret
$reader = new NodeReader([
'prefixes' => [
'co' => 'coid://cloudobjects.io/'
]
]);
$sharedSecret = $reader->getAllValuesNode($namespace, 'co:hasSharedSecret');
if (count($sharedSecret) != 1)
return self::RESULT_SHARED_SECRET_NOT_RETRIEVABLE;
if ($reader->getFirstValueString($sharedSecret[0], 'co:hasTokenValue') == $password)
return self::RESULT_OK;
else
return self::RESULT_SHARED_SECRET_INCORRECT;
}
}