separate token hash cost, Authenticator->userHasPermission now takes user as second parameter

This commit is contained in:
crispycat 2024-05-23 00:00:19 -04:00
parent 7347fbe32f
commit bfe7b0c1b4
26 changed files with 37 additions and 35 deletions

1
.gitignore vendored
View File

@ -8,3 +8,4 @@ packages/**
!packages/crispage.core/**
!packages/.htaccess
crispage_*.tar.gz
_build/**

View File

@ -76,7 +76,7 @@
// Check perms
$perm = $class::getPermissions()["create"];
if (!$this->app->auth->userHasPermission(null, $perm)) {
if (!$this->app->auth->userHasPermission($perm)) {
http_response_code(401);
$out = ["error" => "Unauthorized"];
break;
@ -132,7 +132,7 @@
$perm = $asset::getPermissions()["modify_own"];
else $perm = $asset::getPermissions()["modify"];
if (!$this->app->auth->userHasPermission(null, $perm)) {
if (!$this->app->auth->userHasPermission($perm)) {
http_response_code(401);
$out = ["error" => "Unauthorized"];
break;
@ -186,7 +186,7 @@
$perm = $asset::getPermissions()["delete_own"];
else $perm = $asset::getPermissions()["delete"];
if (!$this->app->auth->userHasPermission(null, $perm)) {
if (!$this->app->auth->userHasPermission($perm)) {
http_response_code(401);
$out = ["error" => "Unauthorized"];
break;

View File

@ -76,7 +76,7 @@
$perm = $asset::getPermissions()["modify_own"];
else $perm = $asset::getPermissions()["modify"];
if (!$this->app->auth->userHasPermission(null, $perm)) {
if (!$this->app->auth->userHasPermission($perm)) {
http_response_code(401);
$out = ["error" => "Unauthorized"];
break;

View File

@ -58,7 +58,7 @@
$this->app->search->fromText($query);
if (!$this->app->auth->userHasPermission(null, CorePermissions::VIEW_UNPUBLISHED))
if (!$this->app->auth->userHasPermission(CorePermissions::VIEW_UNPUBLISHED))
$this->app->search->addFilter(new SearchFilter("state", 0, SearchFilter::FOP_GREATER));
$this->app->search->collect();

View File

@ -87,7 +87,7 @@
}
// Check that user has required permissions
if (!$this->app->auth->userHasPermission(null, $perm)) {
if (!$this->app->auth->userHasPermission($perm)) {
http_response_code(401);
header("Content-Type: application/json");
$com = $this->app->page->createComponent(

View File

@ -44,7 +44,7 @@
// If not published and user does not have unpublished perms, error 404
$show_unpublished = $this->app->auth->userHasPermission(
null, CorePermissions::VIEW_UNPUBLISHED
CorePermissions::VIEW_UNPUBLISHED
);
if ($article->state < Article::PUBLISHED && !$show_unpublished) {
$this->app->handleException(new CrispageException(

View File

@ -73,7 +73,7 @@
$perm = $this->data["asset"]::getPermissions()["delete_own"];
else $perm = $this->data["asset"]::getPermissions()["delete"];
if (!$this->app->auth->userHasPermission(null, $perm)) {
if (!$this->app->auth->userHasPermission($perm)) {
$this->app->page->setPersistentMessage(
"no_permission",
$this->app->i18n->translate(

View File

@ -80,7 +80,7 @@
$perm = $this->data["asset"]::getPermissions()["modify_own"];
else $perm = $this->data["asset"]::getPermissions()["modify"];
if (!$this->app->auth->userHasPermission(null, $perm)) {
if (!$this->app->auth->userHasPermission($perm)) {
$this->app->page->setPersistentMessage(
"no_permission",
$this->app->i18n->translate(
@ -96,7 +96,7 @@
$this->data["asset"] = null;
$perm = $this->data["classname"]::getPermissions()["create"];
if (!$this->app->auth->userHasPermission(null, $perm)) {
if (!$this->app->auth->userHasPermission($perm)) {
$this->app->page->setPersistentMessage(
"no_permission",
$this->app->i18n->translate(

View File

@ -37,7 +37,7 @@
// Check perms
$perm = Comment::getPermissions()["modify"];
if (!$this->app->auth->userHasPermission(null, $perm)) {
if (!$this->app->auth->userHasPermission($perm)) {
$this->app->page->setPersistentMessage(
"no_permission",
$this->app->i18n->translate(

View File

@ -37,7 +37,7 @@
// Check perms
$perm = Comment::getPermissions()["modify"];
if (!$this->app->auth->userHasPermission(null, $perm)) {
if (!$this->app->auth->userHasPermission($perm)) {
$this->app->page->setPersistentMessage(
"no_permission",
$this->app->i18n->translate(

View File

@ -34,7 +34,7 @@
"route" => "extensions/list"
]);
if (!$this->app->auth->userHasPermission(null, CorePermissions::MANAGE_EXTENSIONS)) {
if (!$this->app->auth->userHasPermission(CorePermissions::MANAGE_EXTENSIONS)) {
$this->app->page->setPersistentMessage(
"no_permission",
$this->app->i18n->translate(

View File

@ -36,7 +36,7 @@
$this->data["package"] = strval($this->app->request->params["package"] ?? "");
if (!$this->app->auth->userHasPermission(null, CorePermissions::MANAGE_EXTENSIONS)) {
if (!$this->app->auth->userHasPermission(CorePermissions::MANAGE_EXTENSIONS)) {
$this->app->page->setPersistentMessage(
"no_permission",
$this->app->i18n->translate(

View File

@ -38,7 +38,7 @@
"folder" => $this->data["folder"]->path
]);
if (!$this->app->auth->userHasPermission(null, CorePermissions::MANAGE_MEDIA)) {
if (!$this->app->auth->userHasPermission(CorePermissions::MANAGE_MEDIA)) {
$this->app->page->setPersistentMessage(
"no_permission",
$this->app->i18n->translate(

View File

@ -38,7 +38,7 @@
"folder" => $this->data["folder"]
]);
if (!$this->app->auth->userHasPermission(null, CorePermissions::MANAGE_MEDIA)) {
if (!$this->app->auth->userHasPermission(CorePermissions::MANAGE_MEDIA)) {
$this->app->page->setPersistentMessage(
"no_permission",
$this->app->i18n->translate(

View File

@ -38,7 +38,7 @@
"folder" => $this->data["folder"]->path
]);
if (!$this->app->auth->userHasPermission(null, CorePermissions::MANAGE_MEDIA)) {
if (!$this->app->auth->userHasPermission(CorePermissions::MANAGE_MEDIA)) {
$this->app->page->setPersistentMessage(
"no_permission",
$this->app->i18n->translate(

View File

@ -40,7 +40,7 @@
// Check perms
$perm = Module::getPermissions()["create"];
if (!$this->app->auth->userHasPermission(null, $perm)) {
if (!$this->app->auth->userHasPermission($perm)) {
$this->app->page->setPersistentMessage(
"no_permission",
$this->app->i18n->translate(

View File

@ -33,7 +33,7 @@
if (!is_array($settings)) $settings = [];
if (!empty($settings)) {
if (!$this->app->auth->userHasPermission(null, CorePermissions::MODIFY_SETTINGS)) {
if (!$this->app->auth->userHasPermission(CorePermissions::MODIFY_SETTINGS)) {
$this->app->page->data["messages"]["no_permission"] = [
"content" => $this->app->i18n->translate("{%YOU_DO_NOT_HAVE_PERMISSION_TO_PERFORM_}"),
"color" => "danger"
@ -53,7 +53,7 @@
if (!is_array($tools)) $tools = [];
if (!empty($tools)) {
if (!$this->app->auth->userHasPermission(null, CorePermissions::MODIFY_SETTINGS)) {
if (!$this->app->auth->userHasPermission(CorePermissions::MODIFY_SETTINGS)) {
$this->app->page->data["messages"]["no_permission"] = [
"content" => $this->app->i18n->translate("{%YOU_DO_NOT_HAVE_PERMISSION_TO_PERFORM_}"),
"color" => "danger"

View File

@ -40,7 +40,7 @@
// Check perms
$perm = User::getPermissions()["create"];
if (!$this->app->auth->userHasPermission(null, $perm)) {
if (!$this->app->auth->userHasPermission($perm)) {
$this->app->page->setPersistentMessage(
"no_permission",
$this->app->i18n->translate(

View File

@ -37,7 +37,7 @@
]);
if (!$this->app->auth->userHasPermission(null, CorePermissions::SEND_MESSAGES)) {
if (!$this->app->auth->userHasPermission(CorePermissions::SEND_MESSAGES)) {
$this->app->page->setPersistentMessage(
"no_permission",
$this->app->i18n->translate(

View File

@ -37,7 +37,7 @@
$this->app->page->redirect(URIUtils::iuri("/login", ["rl" => "/backend"]));
// Check that user has backend perms
if (!$this->app->auth->userHasPermission(null, CorePermissions::BACKEND)) {
if (!$this->app->auth->userHasPermission(CorePermissions::BACKEND)) {
$this->app->page->setPersistentMessage(
"backend_access_denied",
$this->app->i18n->getTranslation("BACKEND_ACCESS_DENIED"),

View File

@ -43,7 +43,7 @@
}
$perm = Comment::getPermissions()["create"];
if (!$this->app->auth->userHasPermission(null, $perm)) {
if (!$this->app->auth->userHasPermission($perm)) {
$this->app->page->setPersistentMessage(
"no_permission",
$this->app->i18n->translate("{%YOU_DO_NOT_HAVE_PERMISSION_TO_PERFORM_}"),

View File

@ -51,7 +51,7 @@
$this->app->search->fromText($query);
if (!$this->app->auth->userHasPermission(null, CorePermissions::VIEW_UNPUBLISHED))
if (!$this->app->auth->userHasPermission(CorePermissions::VIEW_UNPUBLISHED))
$this->app->search->addFilter(new SearchFilter("state", 0, SearchFilter::FOP_GREATER));
$this->app->search->collect();

View File

@ -70,11 +70,12 @@
return $this->currentUser && $this->sessionId;
}
public function password_hash(string $passwd): string {
public function password_hash(string $passwd, bool $token = false): string {
$ckey = ($token) ? "crispage.security.token_opts" : "crispage.security.password_opts";
return password_hash(
$passwd,
ApplicationConfig::get("crispage.security.password_algo"),
ApplicationConfig::get("crispage.security.password_opts")
ApplicationConfig::get($ckey)
);
}
@ -89,7 +90,7 @@
$sessid = uniqid("cspg_", true);
$token = $this->token();
$token_hash = $this->password_hash($token);
$token_hash = $this->password_hash($token, true);
$expire_time = time() + (int)$this->app->settings->get(
"crispage.auth.session_timeout", 3600
);
@ -564,7 +565,7 @@
return $this->setPassword($user, $password);
}
public function getRank(User $user = null): int {
public function getRank(?User $user = null): int {
// Default to current user
$user ??= $this->currentUser;
if (!$user) return -1;
@ -584,7 +585,7 @@
return $rank;
}
public function getPermissions(User $user = null): int {
public function getPermissions(?User $user = null): int {
// Default to current user
$user ??= $this->currentUser;
if (!$user) return 0;
@ -605,7 +606,7 @@
return $perms;
}
public function userHasPermission(?User $user, int $perms = null): bool {
public function userHasPermission(?int $perms = null, ?User $user = null): bool {
if ($perms === CorePermissions::NEVER) return false;
return ($this->getPermissions($user) & $perms) == $perms;
}

View File

@ -14,7 +14,7 @@
defined("ROOT") or die();
use \Crispage\Config;
use \Crispage\ApplicationConfig;
use \Crispage\Framework\Asset;
use \Crispage\Framework\ApplicationFeature;

View File

@ -64,7 +64,7 @@
($this->app->i18n)("<p class=\"title is-3\">{%COMMENTS}</p>");
if ($this->data["module"]->config("show_form", true)) {
if ($this->app->auth->userHasPermission(null, CorePermissions::POST_COMMENT)) {
if ($this->app->auth->userHasPermission(CorePermissions::POST_COMMENT)) {
$com_body = $this->app->page->createComponent(
"\\Crispage\\Components\\Fields\\TextareaFieldComponent", [
"name" => "body",
@ -98,7 +98,7 @@
}
$perm = Comment::getPermissions()["modify"];
$is_mod = $this->app->auth->userHasPermission(null, $perm);
$is_mod = $this->app->auth->userHasPermission($perm);
$count = 0;
foreach ($comments as $comment) {

View File

@ -34,7 +34,7 @@
$Crispage->init();
$Crispage->auth->refreshSession();
if (!$Crispage->auth->userHasPermission(null, CorePermissions::MANAGE_EXTENSIONS)) {
if (!$Crispage->auth->userHasPermission(CorePermissions::MANAGE_EXTENSIONS)) {
http_response_code(401);
die("Unauthorized");
}