diff options
| author | Chris Cornutt <chris.cornutt@hp.com> | 2015-02-06 15:46:28 -0600 |
|---|---|---|
| committer | Chris Cornutt <chris.cornutt@hp.com> | 2015-02-06 15:46:28 -0600 |
| commit | 51ebe65e9b34f559b7c0e8c606fa227e7dfbe940 (patch) | |
| tree | 5e41d4ae85dddcbdb7bec2a3f7bfbdb442a46476 | |
| parent | c47abc76e1385dbc91b6e8331bbbdfc930e6f9b8 (diff) | |
| download | gatekeeper-origin/auth-token.zip gatekeeper-origin/auth-token.tar.gz gatekeeper-origin/auth-token.tar.bz2 | |
changing up handling for hashing in db storage, find token by ID and evaluationorigin/auth-token
| -rw-r--r-- | src/Psecio/Gatekeeper/Session/RememberMe.php | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/src/Psecio/Gatekeeper/Session/RememberMe.php b/src/Psecio/Gatekeeper/Session/RememberMe.php index d413062..844dc3e 100644 --- a/src/Psecio/Gatekeeper/Session/RememberMe.php +++ b/src/Psecio/Gatekeeper/Session/RememberMe.php @@ -99,7 +99,7 @@ class RememberMe } $tokenParts = explode(':', $this->data[$this->tokenName]); - $token = $this->getByToken($tokenParts[1]); + $token = $this->getById($tokenParts[0]); if ($token === false) { return false; } @@ -110,7 +110,7 @@ class RememberMe // Remove the token (a new one will be made later) $this->datasource->delete($token); - if ($this->hash_equals($this->data[$this->tokenName], $token->id.':'.$userToken) === false) { + if ($this->hash_equals($this->data[$this->tokenName], $token->id.':'.hash('sha256', $userToken)) === false) { return false; } @@ -132,6 +132,19 @@ class RememberMe } /** + * Get a token by its unique ID + * + * @param integer $tokenId Token ID + * @return boolean|\Psecio\Gatekeeper\AuthTokenModel instance + */ + public function getById($tokenId) + { + $token = new \Psecio\Gatekeeper\AuthTokenModel($this->datasource); + $result = $this->datasource->find($token, array('id' => $tokenId)); + return $result; + } + + /** * Get the token by user ID * Also performs evaluation to check if token is expired, returns false if so * @@ -173,7 +186,7 @@ class RememberMe { $expires = new \DateTime($this->expireInterval); $tokenModel = new \Psecio\Gatekeeper\AuthTokenModel($this->datasource, array( - 'token' => hash('sha256', $token), + 'token' => $token, 'userId' => $user->id, 'expires' => $expires->format('Y-m-d H:i:s') )); |