From 37690ee5af14ee0e775dcf6910f4b3ec134565da Mon Sep 17 00:00:00 2001 From: kiswa Date: Sun, 22 May 2016 11:07:16 +0000 Subject: [PATCH] Various changes WIP --- src/api/composer.json | 3 +- src/api/controllers/Auth.php | 20 +++--- src/api/models/User.php | 3 - src/app/settings/settings.template.html | 94 ++++++++++++++----------- test/api/Mocks.php | 10 ++- test/api/controllers/AuthTest.php | 31 ++++++++ test/api/models/UserTest.php | 3 - 7 files changed, 103 insertions(+), 61 deletions(-) create mode 100644 test/api/controllers/AuthTest.php diff --git a/src/api/composer.json b/src/api/composer.json index 39ee7f1..582bc48 100644 --- a/src/api/composer.json +++ b/src/api/composer.json @@ -19,5 +19,6 @@ ], "autoload": { "classmap": [ "controllers", "models" ] - } + }, + "minimum-stability": "stable" } diff --git a/src/api/controllers/Auth.php b/src/api/controllers/Auth.php index 77cb8ed..2237c25 100644 --- a/src/api/controllers/Auth.php +++ b/src/api/controllers/Auth.php @@ -3,17 +3,18 @@ use RedBeanPHP\R; use Firebase\JWT; class Auth extends BaseController { - public function authenticate($request, $response, $args) { - if (!$request->hasHeader('Authorization') { - $apiJson = new ApiJson(); + public function authenticate($request, $response, $args) { + if (!$request->hasHeader('Authorization')) { return $response->withStatus(400); // Bad Request } - $jwt = $response->getHeader('Authorization'); + $jwt = $request->getHeader('Authorization'); // Validate token // Issue new token with extended expiration + + return $response->withJson(json_encode($jwt)); } public function login($request, $response, $args) { @@ -26,7 +27,7 @@ class Auth extends BaseController { return $this->jsonResponse($response); } - if ($user->password !== $this->hashPassword($data->password, $user->salt) { + if (!password_verify($data->password, $user->password_hash)) { $this->apiJson->addAlert('error', 'Invalid username or password.'); return $this->jsonResponse($response); @@ -43,16 +44,15 @@ class Auth extends BaseController { $key = R::load('jwt', 1); if ($key->id === 0) { + // Generate a JWT key by hashing the current time. + // This should make (effectively) every instance of TaskBoard + // have a unique secret key for JWTs. $key->token = password_hash(strval(time()), PASSWORD_BCRYPT); + R::store($key); } return $key->token; } - - private function hashPassword($password, $salt) { - return password_hash($data->password, PASSWORD_BCRYPT, - array('salt' => $salt)); - } } diff --git a/src/api/models/User.php b/src/api/models/User.php index 1238771..59fa079 100644 --- a/src/api/models/User.php +++ b/src/api/models/User.php @@ -11,7 +11,6 @@ class User extends BaseModel { public $id = 0; public $security_level; public $username = ''; - public $salt = ''; public $password_hash = ''; public $email = ''; public $default_board_id = 0; @@ -32,7 +31,6 @@ class User extends BaseModel { $bean->id = $this->id; $bean->security_level = $this->security_level->getValue(); $bean->username = $this->username; - $bean->salt = $this->salt; $bean->password_hash = $this->password_hash; $bean->email = $this->email; $bean->default_board_id = $this->default_board_id; @@ -73,7 +71,6 @@ class User extends BaseModel { $this->id = (int) $obj->id; $this->security_level = new SecurityLevel((int) $obj->security_level); $this->username = $obj->username; - $this->salt = $obj->salt; $this->password_hash = $obj->password_hash; $this->email = $obj->email; $this->default_board_id = (int) $obj->default_board_id; diff --git a/src/app/settings/settings.template.html b/src/app/settings/settings.template.html index c6ef5bf..ad18fb7 100644 --- a/src/app/settings/settings.template.html +++ b/src/app/settings/settings.template.html @@ -18,12 +18,13 @@ -

Select Default Board

- - -

All Boards Options

+

All Boards Options

+ - - +
+ + + +
@@ -169,25 +172,30 @@ - + @@ -218,7 +226,7 @@ - + @@ -227,13 +235,13 @@ - + - +
    -
  • Cat1
    • -
  • Cat2
    • -
  • Cat3
    • +
  • Cat1 
    • +
  • Cat2 
    • +
  • Cat3 
  • admin
    • +
  • other_guy
 - Edit - Remove + +
Other Board +
    +
  • One0
    • +
+
    @@ -195,8 +203,8 @@
- Edit - Remove + +
Board TriggerActionsAction Remove
Example Board Item assigned to user: admin Set item color: #debee8Remove
Example Board Item moved to column: Col3 Set item color: #debee8Remove
diff --git a/test/api/Mocks.php b/test/api/Mocks.php index 8a58e4e..a01c3b2 100644 --- a/test/api/Mocks.php +++ b/test/api/Mocks.php @@ -58,7 +58,6 @@ class DataMock { $user->id = 1; $user->security_level = SecurityLevel::BoardAdmin; $user->username = 'tester'; - $user->salt = 'salty1234'; $user->password_hash = 'hashpass1234'; $user->email = 'user@example.com'; $user->default_board_id = 1; @@ -162,6 +161,7 @@ class ContainerMock { class RequestMock { public $invalidPayload = false; public $payload = null; + public $hasHeader = true; public function getBody() { if ($this->invalidPayload) { @@ -174,6 +174,10 @@ class RequestMock { return json_encode(DataMock::getBoard()); } + + public function hasHeader() { + return $this->hasHeader; + } } class ResponseMock { @@ -182,5 +186,9 @@ class ResponseMock { return $apiJson; } + public function withStatus($status) { + return $status; + } + } diff --git a/test/api/controllers/AuthTest.php b/test/api/controllers/AuthTest.php new file mode 100644 index 0000000..3d6079d --- /dev/null +++ b/test/api/controllers/AuthTest.php @@ -0,0 +1,31 @@ +auth = new Auth(new ContainerMock()); + } + + /** + * @group single + */ + public function testAuthenticate() { + $request = new RequestMock(); + $request->hasHeader = false; + + $actual = $this->auth->authenticate($request, + new ResponseMock(), null); + + $this->assertTrue($actual === 400); + } +} + diff --git a/test/api/models/UserTest.php b/test/api/models/UserTest.php index af1555c..3258553 100644 --- a/test/api/models/UserTest.php +++ b/test/api/models/UserTest.php @@ -62,7 +62,6 @@ class UserTest extends PHPUnit_Framework_TestCase { $this->assertTrue($bean->security_level === $user->security_level->getValue()); $this->assertTrue($bean->username === $user->username); - $this->assertTrue($bean->salt === $user->salt); $this->assertTrue($bean->password_hash === $user->password_hash); $this->assertTrue($bean->email === $user->email); $this->assertTrue($bean->default_board_id === $user->default_board_id); @@ -74,7 +73,6 @@ class UserTest extends PHPUnit_Framework_TestCase { $this->assertTrue($user->security_level->getValue() === SecurityLevel::User); $this->assertTrue($user->username === ''); - $this->assertTrue($user->salt === ''); $this->assertTrue($user->password_hash === ''); $this->assertTrue($user->email === ''); $this->assertTrue($user->default_board_id === 0); @@ -86,7 +84,6 @@ class UserTest extends PHPUnit_Framework_TestCase { $this->assertTrue($user->security_level->getValue() === SecurityLevel::BoardAdmin); $this->assertTrue($user->username === 'tester'); - $this->assertTrue($user->salt === 'salty1234'); $this->assertTrue($user->password_hash === 'hashpass1234'); $this->assertTrue($user->email === 'user@example.com'); $this->assertTrue($user->default_board_id === 1);