mirror of
https://github.com/the-djmaze/snappymail.git
synced 2026-07-09 06:28:28 +03:00
Cleanup and bugfix encryption
This commit is contained in:
parent
414a9509aa
commit
cda88f438a
4 changed files with 36 additions and 41 deletions
|
|
@ -234,7 +234,6 @@ trait UserAuth
|
|||
$this->ClearSignMeData();
|
||||
|
||||
$uuid = \SnappyMail\UUID::generate();
|
||||
\SnappyMail\Crypt::setCipher($this->Config()->Get('security', 'encrypt_cipher', ''));
|
||||
$data = \SnappyMail\Crypt::Encrypt($oAccount);
|
||||
|
||||
if ('xxtea' === $data[0]) {
|
||||
|
|
@ -279,7 +278,6 @@ trait UserAuth
|
|||
if (empty($sAuthToken)) {
|
||||
return null;
|
||||
}
|
||||
\SnappyMail\Crypt::setCipher($this->Config()->Get('security', 'encrypt_cipher', ''));
|
||||
if (!empty($aTokenData['x'])) {
|
||||
$aAccountHash = \SnappyMail\Crypt::XxteaDecrypt($sAuthToken, \base64_decode($aTokenData['x']));
|
||||
} else if (!empty($aTokenData['s'])) {
|
||||
|
|
|
|||
|
|
@ -161,17 +161,18 @@ class Api
|
|||
return APP_VERSION;
|
||||
}
|
||||
|
||||
public static function GetUserSsoHash(string $sEmail, string $sPassword, array $aAdditionalOptions = array(), bool $bUseTimeout = true) : string
|
||||
public static function GetUserSsoHash(string $sEmail, string $sPassword, array $aAdditionalOptions = array(), bool $bUseTimeout = true) : ?string
|
||||
{
|
||||
$sSsoHash = \MailSo\Base\Utils::Sha1Rand(\md5($sEmail).\md5($sPassword));
|
||||
$sSsoHash = \MailSo\Base\Utils::Sha1Rand(\sha1($sPassword.$sEmail));
|
||||
|
||||
return static::Actions()->Cacher()->Set(KeyPathHelper::SsoCacherKey($sSsoHash),
|
||||
return static::Actions()->Cacher()->Set(
|
||||
KeyPathHelper::SsoCacherKey($sSsoHash),
|
||||
Utils::EncodeKeyValuesQ(array(
|
||||
'Email' => $sEmail,
|
||||
'Password' => $sPassword,
|
||||
'AdditionalOptions' => $aAdditionalOptions,
|
||||
'Time' => $bUseTimeout ? \time() : 0
|
||||
))) ? $sSsoHash : '';
|
||||
))) ? $sSsoHash : null;
|
||||
}
|
||||
|
||||
public static function ClearUserSsoHash(string $sSsoHash) : bool
|
||||
|
|
@ -181,7 +182,7 @@ class Api
|
|||
|
||||
public static function ClearUserData(string $sEmail) : bool
|
||||
{
|
||||
if (0 < \strlen($sEmail))
|
||||
if (\strlen($sEmail))
|
||||
{
|
||||
$sEmail = \MailSo\Base\Utils::IdnToAscii($sEmail);
|
||||
|
||||
|
|
@ -205,6 +206,7 @@ class Api
|
|||
|
||||
public static function LogoutCurrentLogginedUser() : bool
|
||||
{
|
||||
// TODO: kill SignMe data to prevent automatic login?
|
||||
Utils::ClearCookie(Utils::SHORT_TOKEN);
|
||||
return true;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,13 +18,12 @@ class Utils
|
|||
/**
|
||||
* 30 days cookie
|
||||
* Used by: ServiceProxyExternal, compileLogParams, GetCsrfToken
|
||||
* To preven CSRF attacks on all requests.
|
||||
*/
|
||||
CONNECTION_TOKEN = 'smtoken',
|
||||
|
||||
/**
|
||||
* Session cookie
|
||||
* Used by: GetAuthToken, GetAuthTokenQ, GetAccountFromCustomToken, EncryptStringQ, DecryptStringQ
|
||||
* Used by: EncodeKeyValuesQ, DecodeKeyValuesQ
|
||||
*/
|
||||
SHORT_TOKEN = 'smsession';
|
||||
|
||||
|
|
@ -38,16 +37,6 @@ class Utils
|
|||
return \MailSo\Base\Crypt::Decrypt($sEncryptedString, $sKey);
|
||||
}
|
||||
|
||||
public static function EncryptStringQ(string $sString, string $sKey) : string
|
||||
{
|
||||
return \MailSo\Base\Crypt::Encrypt($sString, $sKey.'Q'.static::GetShortToken());
|
||||
}
|
||||
|
||||
public static function DecryptStringQ(string $sEncryptedString, string $sKey) : string
|
||||
{
|
||||
return \MailSo\Base\Crypt::Decrypt($sEncryptedString, $sKey.'Q'.static::GetShortToken());
|
||||
}
|
||||
|
||||
public static function EncodeKeyValues(array $aValues, string $sCustomKey = '') : string
|
||||
{
|
||||
return \MailSo\Base\Utils::UrlSafeBase64Encode(
|
||||
|
|
@ -64,15 +53,19 @@ class Utils
|
|||
public static function EncodeKeyValuesQ(array $aValues, string $sCustomKey = '') : string
|
||||
{
|
||||
return \MailSo\Base\Utils::UrlSafeBase64Encode(
|
||||
static::EncryptStringQ(
|
||||
\json_encode($aValues), \md5(APP_SALT.$sCustomKey)));
|
||||
\MailSo\Base\Crypt::Encrypt(
|
||||
\json_encode($aValues),
|
||||
\md5(APP_SALT.$sCustomKey).'Q'.static::GetShortToken()
|
||||
));
|
||||
}
|
||||
|
||||
public static function DecodeKeyValuesQ(string $sEncodedValues, string $sCustomKey = '') : array
|
||||
{
|
||||
return static::unserialize(
|
||||
static::DecryptStringQ(\MailSo\Base\Utils::UrlSafeBase64Decode($sEncodedValues), \md5(APP_SALT.$sCustomKey))
|
||||
);
|
||||
\MailSo\Base\Crypt::Decrypt(
|
||||
\MailSo\Base\Utils::UrlSafeBase64Decode($sEncodedValues),
|
||||
\md5(APP_SALT.$sCustomKey).'Q'.static::GetShortToken()
|
||||
));
|
||||
}
|
||||
|
||||
public static function unserialize(string $sDecodedValues) : array
|
||||
|
|
@ -84,18 +77,6 @@ class Utils
|
|||
}
|
||||
}
|
||||
|
||||
public static function GetConnectionToken() : string
|
||||
{
|
||||
$sToken = static::GetCookie(self::CONNECTION_TOKEN, null);
|
||||
if (null === $sToken)
|
||||
{
|
||||
$sToken = \MailSo\Base\Utils::Sha1Rand(APP_SALT);
|
||||
static::SetCookie(self::CONNECTION_TOKEN, $sToken, \time() + 60 * 60 * 24 * 30);
|
||||
}
|
||||
|
||||
return \md5('Connection'.APP_SALT.$sToken.'Token'.APP_SALT);
|
||||
}
|
||||
|
||||
public static function Fingerprint() : string
|
||||
{
|
||||
return \sha1(\preg_replace('/[^a-z]+/i', '', \explode(')', $_SERVER['HTTP_USER_AGENT'])[0]));
|
||||
|
|
@ -112,13 +93,16 @@ class Utils
|
|||
return \md5('Session'.APP_SALT.$sToken.'Token'.APP_SALT);
|
||||
}
|
||||
|
||||
public static function UpdateConnectionToken() : void
|
||||
public static function GetConnectionToken() : string
|
||||
{
|
||||
$sToken = static::GetCookie(self::CONNECTION_TOKEN, '');
|
||||
if (!empty($sToken))
|
||||
$sToken = static::GetCookie(self::CONNECTION_TOKEN);
|
||||
if (!$sToken)
|
||||
{
|
||||
static::SetCookie(self::CONNECTION_TOKEN, $sToken, \time() + 60 * 60 * 24 * 30);
|
||||
$sToken = \MailSo\Base\Utils::Sha1Rand(APP_SALT);
|
||||
static::SetCookie(self::CONNECTION_TOKEN, $sToken, \time() + 3600 * 24 * 30);
|
||||
}
|
||||
|
||||
return \md5('Connection'.APP_SALT.$sToken.'Token'.APP_SALT);
|
||||
}
|
||||
|
||||
public static function GetCsrfToken() : string
|
||||
|
|
@ -126,6 +110,15 @@ class Utils
|
|||
return \md5('Csrf'.APP_SALT.self::GetConnectionToken().'Token'.APP_SALT);
|
||||
}
|
||||
|
||||
public static function UpdateConnectionToken() : void
|
||||
{
|
||||
$sToken = static::GetCookie(self::CONNECTION_TOKEN);
|
||||
if ($sToken)
|
||||
{
|
||||
static::SetCookie(self::CONNECTION_TOKEN, $sToken, \time() + 3600 * 24 * 30);
|
||||
}
|
||||
}
|
||||
|
||||
public static function PathMD5(string $sPath) : string
|
||||
{
|
||||
$sResult = '';
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ abstract class Crypt
|
|||
/**
|
||||
* Or use 'aes-256-xts' ?
|
||||
*/
|
||||
protected static $cipher = 'aes-256-cbc-hmac-sha1';
|
||||
protected static $cipher = '';
|
||||
|
||||
public static function listCiphers() : array
|
||||
{
|
||||
|
|
@ -77,7 +77,7 @@ abstract class Crypt
|
|||
|
||||
if (static::$cipher && \is_callable('openssl_encrypt')) {
|
||||
$iv = \random_bytes(\openssl_cipher_iv_length(static::$cipher));
|
||||
return ['openssl', $nonce, static::OpenSSLEncrypt($data, $iv)];
|
||||
return ['openssl', $iv, static::OpenSSLEncrypt($data, $iv)];
|
||||
}
|
||||
|
||||
$salt = \random_bytes(16);
|
||||
|
|
@ -164,3 +164,5 @@ abstract class Crypt
|
|||
}
|
||||
|
||||
}
|
||||
|
||||
\SnappyMail\Crypt::setCipher(\RainLoop\API::Config()->Get('security', 'encrypt_cipher', 'aes-256-cbc-hmac-sha1'));
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue