lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-24 03:57:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

Challenge-Response Authentication

Browse Source
This commit is contained in:
xiaomlove
2025-04-05 15:38:40 +07:00
parent bd9b4d7e1d
commit 97dc956c20
28 changed files with 538 additions and 329 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Auth/NexusWebGuard.php
+6 -20
View File
@@ -46,9 +46,11 @@ class NexusWebGuard implements StatefulGuard
}
$credentials = $this->request->cookie();
if ($this->validate($credentials)) {
$user = $this->user;
$user = $this->provider->retrieveByCredentials($credentials);
if ($this->provider->validateCredentials($user, $credentials)) {
return $user;
if ($user->checkIsNormal()) {
return $this->user = $user;
}
}
}
}
@@ -62,29 +64,13 @@ class NexusWebGuard implements StatefulGuard
*/
public function validate(array $credentials = [])
{
$required = ['c_secure_pass', 'c_secure_uid', 'c_secure_login'];
$required = ['c_secure_pass'];
foreach ($required as $value) {
if (empty($credentials[$value])) {
return false;
}
}
$b_id = base64($credentials["c_secure_uid"],false);
$id = intval($b_id ?? 0);
if (!$id || !is_valid_id($id) || strlen($credentials["c_secure_pass"]) != 32) {
return false;
}
$user = $this->provider->retrieveById($id);
if (!$user) {
return false;
}
try {
$user->checkIsNormal();
$this->user = $user;
return true;
} catch (\Throwable $e) {
do_log($e->getMessage());
return false;
}
return true;
}
public function logout()
app/Auth/NexusWebUserProvider.php
+11 -17
View File
@@ -61,10 +61,15 @@ class NexusWebUserProvider implements UserProvider
*/
public function retrieveByCredentials(array $credentials)
{
if (!empty($credentials['c_secure_uid'])) {
$b_id = base64($credentials["c_secure_uid"],false);
return $this->query->find($b_id);
list($tokenJson, $signature) = explode('.', base64_decode($credentials["c_secure_pass"]));
if (empty($tokenJson) || empty($signature)) {
return null;
}
$tokenData = json_decode($tokenJson, true);
if (!isset($tokenData['user_id'])) {
return null;
}
return $this->retrieveById($tokenData['user_id']);
}
/**
@@ -76,20 +81,9 @@ class NexusWebUserProvider implements UserProvider
*/
public function validateCredentials(Authenticatable $user, array $credentials)
{
if ($credentials["c_secure_login"] == base64("yeah")) {
/**
* Not IP related
* @since 1.8.0
*/
if ($credentials["c_secure_pass"] != md5($user->passhash)) {
return false;
}
} else {
if ($credentials["c_secure_pass"] !== md5($user->passhash)) {
return false;
}
}
return true;
list($tokenJson, $signature) = explode('.', base64_decode($credentials["c_secure_pass"]));
$expectedSignature = hash_hmac('sha256', $tokenJson, $user->auth_key);
return hash_equals($expectedSignature, $signature);
}
public function rehashPasswordIfRequired(Authenticatable $user, #[\SensitiveParameter] array $credentials, bool $force = false)