From a1c01e4b938a7c42757b7bf423545e1c3894851f Mon Sep 17 00:00:00 2001 From: Tomo Norman Date: Thu, 26 May 2022 17:22:11 +0900 Subject: [PATCH 1/6] DP-506 Require password on profile email change --- src/Resources/UserProfileResource.php | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/src/Resources/UserProfileResource.php b/src/Resources/UserProfileResource.php index b64ebdd..1d22b0e 100644 --- a/src/Resources/UserProfileResource.php +++ b/src/Resources/UserProfileResource.php @@ -80,7 +80,8 @@ protected function handlePOST() 'phone' => array_get($payload, 'phone'), 'security_question' => array_get($payload, 'security_question'), 'security_answer' => array_get($payload, 'security_answer'), - 'default_app_id' => array_get($payload, 'default_app_id') + 'default_app_id' => array_get($payload, 'default_app_id'), + 'current_password' => array_get($payload, 'current_password') ]; $data = array_filter($data, function ($value) { @@ -95,6 +96,27 @@ protected function handlePOST() $oldToken = Session::getSessionToken(); $email = $user->email; + + // require password on email change + if (!empty(array_get($data, 'email')) && $email !== array_get($data, 'email')) { + $provided = array_get($data, 'current_password'); + + if (empty($provided)) { + throw new BadRequestException('Current Password required to change email'); + } + + try { + //validate password + $isValid = \Hash::check($provided, $user->password); + } catch (\Exception $ex) { + throw new InternalServerErrorException("Error validating current password.\n{$ex->getMessage()}"); + } + + if (!$isValid) { + throw new BadRequestException("The password supplied does not match."); + } + } + $user->update($data); if (!empty($oldToken) && $email !== array_get($data, 'email', $email)) { From 03281fa045dc081e1cbd3addcc0092c081d57a71 Mon Sep 17 00:00:00 2001 From: Tomo Norman Date: Mon, 23 May 2022 16:55:49 +0900 Subject: [PATCH 2/6] DP-525 Remove env variables being sent back to client --- src/Resources/Environment.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/Resources/Environment.php b/src/Resources/Environment.php index 6de0e3c..ca69d91 100644 --- a/src/Resources/Environment.php +++ b/src/Resources/Environment.php @@ -96,6 +96,9 @@ protected function handleGET() $result['platform']['packages'] = $packages; $result['php'] = EnvUtilities::getPhpInfo(); + // Remove environment variables being kicked back to the client + unset($result['php']['environment']); + unset($result['php']['php_variables']); } } From 740345b02eabaf8e2e4df3aaf8e9069728066c71 Mon Sep 17 00:00:00 2001 From: Tomo Norman Date: Wed, 6 Apr 2022 18:23:49 +0900 Subject: [PATCH 3/6] DP-499 Validation Added for Integrate SSO --- src/Resources/UserSessionResource.php | 66 +++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) diff --git a/src/Resources/UserSessionResource.php b/src/Resources/UserSessionResource.php index 8669e13..9c32076 100644 --- a/src/Resources/UserSessionResource.php +++ b/src/Resources/UserSessionResource.php @@ -52,6 +52,18 @@ protected function handleGET() */ protected function handlePOST() { + // IntegrateIo Hosted Trial Login + if ($this->getPayloadData('integrateio_id') !== null) { + $credentials = [ + 'integrateio_id' => $this->getPayloadData('integrateio_id'), + 'email' => $this->getPayloadData('email'), + 'sso_token' => $this->getPayloadData('sso_token'), + 'timestamp' => $this->getPayloadData('timestamp') + ]; + + return $this->handleIntegrateLogin($credentials, boolval($this->getPayloadData('remember_me'))); + } + $serviceName = $this->getOAuthServiceName(); if (empty($serviceName)) { @@ -201,6 +213,60 @@ protected function handleLogin(array $credentials = [], $remember = false) } } + /** + * @param array $credentials + * @return string + */ + private function generateToken($credentials) { + $integrateio_id = $credentials['integrateio_id']; + $email = $credentials['email']; + $timestamp = $credentials['timestamp']; + $secret = getenv('INTEGRATEIO_SSO_SECRET'); + + $hashedToken = sha1($integrateio_id . ':' . $email . ':' . $secret . ':' . $timestamp); + return $hashedToken; + } + /** + * Performs login for Integrate Io Hosted trial Users. + * + * @param array $credentials + * @param bool $remember + * + * @return array + * @throws BadRequestException + * @throws UnauthorizedException + * @throws \Exception + */ + protected function handleIntegrateLogin(array $credentials = [], $remember = false) + { + // Check all params are there: + $requiredParams = array('integrateio_id', 'email', 'sso_token', 'timestamp'); + + // Make sure that all params are in the request. + foreach ($requiredParams as $requiredParam) { + if (!isset($credentials[$requiredParam])) { + throw new BadRequestException('Missing Parameters'); + } + } + + if ($this->generateToken($credentials) === $credentials['sso_token'] && ($credentials['timestamp'] > (time() - 120))) { + $credentials['is_active'] = 1; + + // if user management not available then only system admins can login. + if (!class_exists('\DreamFactory\Core\User\Resources\System\User')) { + $credentials['is_sys_admin'] = 1; + } + + if (Session::authenticate($credentials, $remember, true, $this->getAppId())) { + return Session::getPublicInfo(); + } else { + throw new UnauthorizedException('Invalid credentials supplied.'); + } + } else { + throw new UnauthorizedException('Invalid token supplied'); + } + } + /** * @return int|null */ From 02f62c548e0414576740b2adaf50e13796a1da12 Mon Sep 17 00:00:00 2001 From: Tomo Norman Date: Thu, 9 Jun 2022 14:57:35 +0900 Subject: [PATCH 4/6] DP-499 Relocate integrate login check --- src/Resources/Session.php | 12 ++++++++++++ src/Resources/UserSessionResource.php | 12 ------------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/src/Resources/Session.php b/src/Resources/Session.php index 4bb0b30..af8be95 100644 --- a/src/Resources/Session.php +++ b/src/Resources/Session.php @@ -29,6 +29,18 @@ protected function handleGET() */ protected function handlePOST() { + // IntegrateIo Hosted Trial Login + if ($this->getPayloadData('integrateio_id') !== null) { + $credentials = [ + 'integrateio_id' => $this->getPayloadData('integrateio_id'), + 'email' => $this->getPayloadData('email'), + 'sso_token' => $this->getPayloadData('sso_token'), + 'timestamp' => $this->getPayloadData('timestamp') + ]; + + return $this->handleIntegrateLogin($credentials, boolval($this->getPayloadData('remember_me'))); + } + $credentials = [ 'email' => $this->getPayloadData('email'), 'username' => $this->getPayloadData('username'), diff --git a/src/Resources/UserSessionResource.php b/src/Resources/UserSessionResource.php index 9c32076..e70c319 100644 --- a/src/Resources/UserSessionResource.php +++ b/src/Resources/UserSessionResource.php @@ -52,18 +52,6 @@ protected function handleGET() */ protected function handlePOST() { - // IntegrateIo Hosted Trial Login - if ($this->getPayloadData('integrateio_id') !== null) { - $credentials = [ - 'integrateio_id' => $this->getPayloadData('integrateio_id'), - 'email' => $this->getPayloadData('email'), - 'sso_token' => $this->getPayloadData('sso_token'), - 'timestamp' => $this->getPayloadData('timestamp') - ]; - - return $this->handleIntegrateLogin($credentials, boolval($this->getPayloadData('remember_me'))); - } - $serviceName = $this->getOAuthServiceName(); if (empty($serviceName)) { From f88ac9311366412dcb1b4eb387b43c4d7238e4b4 Mon Sep 17 00:00:00 2001 From: Tomo Norman Date: Wed, 15 Jun 2022 14:20:04 +0900 Subject: [PATCH 5/6] DP-499 add return integrateio_id to profile call --- src/Resources/UserProfileResource.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/Resources/UserProfileResource.php b/src/Resources/UserProfileResource.php index 1d22b0e..9b87576 100644 --- a/src/Resources/UserProfileResource.php +++ b/src/Resources/UserProfileResource.php @@ -52,7 +52,8 @@ protected function handleGET() 'security_question' => $user->security_question, 'default_app_id' => $user->default_app_id, 'oauth_provider' => (!empty($user->oauth_provider)) ? $user->oauth_provider : '', - 'adldap' => (!empty($user->adldap)) ? $user->adldap : '' + 'adldap' => (!empty($user->adldap)) ? $user->adldap : '', + 'integrateio_id' => (!empty($user->integrateio_id)) ? $user->integrateio_id : '' ]; return $data; From 21c109b92a9ccfada404af1278725ff3e7cc358c Mon Sep 17 00:00:00 2001 From: Tomo Norman Date: Mon, 4 Jul 2022 16:37:07 +0900 Subject: [PATCH 6/6] DP-499 Cleanup integrate login check logic --- src/Resources/Session.php | 2 +- src/Resources/UserSessionResource.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Resources/Session.php b/src/Resources/Session.php index af8be95..3389a04 100644 --- a/src/Resources/Session.php +++ b/src/Resources/Session.php @@ -30,7 +30,7 @@ protected function handleGET() protected function handlePOST() { // IntegrateIo Hosted Trial Login - if ($this->getPayloadData('integrateio_id') !== null) { + if (!empty($this->getPayloadData('integrateio_id'))) { $credentials = [ 'integrateio_id' => $this->getPayloadData('integrateio_id'), 'email' => $this->getPayloadData('email'), diff --git a/src/Resources/UserSessionResource.php b/src/Resources/UserSessionResource.php index e70c319..f1edf78 100644 --- a/src/Resources/UserSessionResource.php +++ b/src/Resources/UserSessionResource.php @@ -237,7 +237,7 @@ protected function handleIntegrateLogin(array $credentials = [], $remember = fal } } - if ($this->generateToken($credentials) === $credentials['sso_token'] && ($credentials['timestamp'] > (time() - 120))) { + if (($this->generateToken($credentials) === $credentials['sso_token']) && ($credentials['timestamp'] > (time() - 120))) { $credentials['is_active'] = 1; // if user management not available then only system admins can login.