Skip to content
GitLab
Select Git revision
  • 89-orchestrator-lifecycle-adaptation-to-regex-supann-selection
  • dev default
  • 73-orchestrator-create-a-librabry-in-core-orchestrator
  • revert-55863b23
  • 70-create-unitests-for-orchestrator
  • 81-redesign-reminders-class
  • 80-redesign-notifications-class
  • 79-redesign-mail
  • 78-redesign-audit-class
  • 82-redesign-lifecycle-class
  • main
  • 63-orchestrator-mail-controller-format-of-mail-text-and-signature-are-not-utf8-usage-of-accents-is
  • 61-orchestrator-lifecycle-array-supann-is-analyzed-with-static-numbering
  • 1.1
  • 0.9
  • 1.0
Find file BlameHistoryPermalink
ReminderTokenUtils.php 5.94 KiB
1 
<?php
2
3 
class ReminderTokenUtils
4 
{
5 
  public function __construct ()
6 
  {
7 
  }
8
9 
  /**
10 
   * @param string $userDN
11 
   * @param int $timeStamp
12 
   * @return string
13 
   * @throws Exception
14 
   */
15 
  public function generateToken (string $userDN, int $timeStamp, TaskGateway $gateway): string
16 
  {
17 
    $token = NULL;
18 
    // Salt has been generated with APG.
19 
    $salt  = '8onOlEsItKond';
20 
    $payload = json_encode($userDN . $salt);
21 
    // This allows the token to be different every time.
22 
    $time = time();
23
24 
    // Create hmac with sha256 alg and the key provided for JWT token signature in ENV.
25 
    $token_hmac = hash_hmac("sha256", $time . $payload, $_ENV["SECRET_KEY"], TRUE);
26
27 
    // We need to have a token allowed to be used within an URL.
28 
    $token = $this->base64urlEncode($token_hmac);
29
30 
    // Save token within LDAP
31 
    $this->saveTokenInLdap($userDN, $token, $timeStamp, $gateway);
32
33 
    return $token;
34 
  }
35
36 
  /**
37 
   * @param string $userDN
38 
   * @param string $token
39 
   * NOTE : UID is the full DN of the user. (uid=...).
40 
   * @param int $days
41 
   * @return bool
42 
   * @throws Exception
43 
   */
44 
  private function saveTokenInLdap (string $userDN, string $token, int $days, TaskGateway $gateway): bool
45 
  {
46 
    $result = FALSE;
47
48 
    $currentTimestamp = time();
49 
    // Calculate the future timestamp by adding days to the current timestamp (We actually adds number of seconds).
50 
    $futureTimestamp = $currentTimestamp + ($days * 24 * 60 * 60);
51
52 
    preg_match('/uid=([^,]+),ou=/', $userDN, $matches);
53 
    $uid = $matches[1];
54 
    $dn  = 'cn=' . $uid . ',' . 'ou=tokens' . ',' . $_ENV["LDAP_BASE"];
55
56 
    $ldap_entry["objectClass"]    = ['top', 'fdTokenEntry'];
57 
    $ldap_entry["fdTokenUserDN"]  = $userDN;
58 
    $ldap_entry["fdTokenType"]    = 'reminder';
59 
    $ldap_entry["fdToken"]      = $token;
60 
    $ldap_entry["fdTokenTimestamp"] = $futureTimestamp;
61 
    $ldap_entry["cn"]         = $uid;
62
63 
    // set the dn for the token, only take what's between "uid=" and ",ou="
64
65
66 
    // Verify if token ou branch exists
67 
    if (!$this->tokenBranchExist('ou=tokens' . ',' . $_ENV["LDAP_BASE"], $gateway)) {
68 
      // Create the branch
69 
      $this->createBranchToken($gateway);
70 
    }
7172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140
// The user token DN creation $userTokenDN = 'cn=' . $uid . ',ou=tokens' . ',' . $_ENV["LDAP_BASE"]; // Verify if a token already exists for specified user and remove it to create new one correctly. if ($this->tokenBranchExist($userTokenDN, $gateway)) { // Remove the user token $this->removeUserToken($userTokenDN, $gateway); } // Add token to LDAP for specific UID try { $result = ldap_add($gateway->ds, $dn, $ldap_entry); // bool returned } catch (Exception $e) { echo json_encode(["Ldap Error - Token could not be saved!" => "$e"]); // string returned exit; } return $result; } /** * @param int $subTaskCall * @param int $firstCall * @param int $secondCall * @return int * Note : Simply return the difference between first and second call. (First call can be null). */ public function getTokenExpiration (int $subTaskCall, int $firstCall, int $secondCall): int { // if firstCall is empty, secondCall is the timestamp expiry for the token. $result = $secondCall; if (!empty($firstCall)) { // Verification if the subTask is the second reminder or the first reminder. if ($subTaskCall === $firstCall) { $result = $firstCall - $secondCall; } } return $result; } /** * @param $userTokenDN * @return void * Note : Simply remove the token for specific user DN */ private function removeUserToken ($userTokenDN, TaskGateway $gateway): void { // Add token to LDAP for specific UID try { $result = ldap_delete($gateway->ds, $userTokenDN); // bool returned } catch (Exception $e) { echo json_encode(["Ldap Error - User token could not be removed!" => "$e"]); // string returned exit; } } /** * Create ou=pluginManager LDAP branch * @throws Exception */ private function createBranchToken (TaskGateway $gateway): void { try { ldap_add( $gateway->ds, 'ou=tokens' . ',' . $_ENV["LDAP_BASE"], [ 'ou' => 'tokens', 'objectClass' => 'organizationalUnit',
141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208
] ); } catch (Exception $e) { echo json_encode(["Ldap Error - Impossible to create the token branch" => "$e"]); // string returned exit; } } /** * @param string $token * @param array $mailTemplateForm * @param string $taskDN * @return array */ public function generateTokenUrl (string $token, array $mailTemplateForm, string $taskDN): array { //Only take the cn of the main task name : preg_match('/cn=([^,]+),ou=/', $taskDN, $matches); $taskName = $matches[1]; // Remove the API URI $cleanedUrl = preg_replace('#/rest\.php/v1$#', '', $_ENV['FUSION_DIRECTORY_API_URL']); $url = $cleanedUrl . '/accountProlongation.php?token=' . $token . '&task=' . $taskName; $mailTemplateForm['body'] .= $url; return $mailTemplateForm; } /** * @param string $dn * @return bool * Note : Simply inspect if the branch for token is existing. */ private function tokenBranchExist (string $dn, TaskGateway $gateway): bool { $result = FALSE; try { $search = ldap_search($gateway->ds, $dn, "(objectClass=*)"); // Check if the search was successful if ($search) { // Get the number of entries found $entries = ldap_get_entries($gateway->ds, $search); // If entries are found, set result to true if ($entries["count"] > 0) { $result = TRUE; } } } catch (Exception $e) { $result = FALSE; } return $result; } /** * @param string $text * @return string * Note : This come from jwtToken, as it is completely private - it is cloned here for now. */ private function base64urlEncode (string $text): string { return str_replace(["+", "/", "="], ["A", "B", ""], base64_encode($text)); } }