From 7e9219db22973ac5cf4f5bd64984be453db3d2d3 Mon Sep 17 00:00:00 2001 From: lewmilburn Date: Thu, 26 Oct 2023 14:50:34 +0100 Subject: [PATCH 01/30] Setup basic file and method structure for authentication. --- Web/authentication/authenticationManager.php | 12 +++++++++ Web/authentication/tokenManager.php | 19 +++++++++++++ Web/data/dataManager.php | 28 ++++++++++++++++++++ Web/data/databaseManager.php | 9 +++++++ Web/data/fileManager.php | 9 +++++++ Web/index.php | 6 +++++ Web/settings.php | 8 ++++++ 7 files changed, 91 insertions(+) create mode 100644 Web/authentication/authenticationManager.php create mode 100644 Web/authentication/tokenManager.php create mode 100644 Web/data/dataManager.php create mode 100644 Web/data/databaseManager.php create mode 100644 Web/data/fileManager.php create mode 100644 Web/settings.php diff --git a/Web/authentication/authenticationManager.php b/Web/authentication/authenticationManager.php new file mode 100644 index 0000000..cf7a8d8 --- /dev/null +++ b/Web/authentication/authenticationManager.php @@ -0,0 +1,12 @@ +getUserData($username); + } +} \ No newline at end of file diff --git a/Web/authentication/tokenManager.php b/Web/authentication/tokenManager.php new file mode 100644 index 0000000..11556c0 --- /dev/null +++ b/Web/authentication/tokenManager.php @@ -0,0 +1,19 @@ +dataType = DATA_TYPE; + } + + /** + * @throws \Exception Invalid data type. + */ + public function getUserData(string $username) { + if ($this->dataType == 1) { + $dm = new databaseManager(); + } elseif ($this->dataType == 2) { + $dm = new fileManager(); + } else { + throw new \Exception('Data type is invalid.'); + } + return $dm->getUserData($username); + } +} \ No newline at end of file diff --git a/Web/data/databaseManager.php b/Web/data/databaseManager.php new file mode 100644 index 0000000..3baea25 --- /dev/null +++ b/Web/data/databaseManager.php @@ -0,0 +1,9 @@ + Date: Thu, 26 Oct 2023 14:51:59 +0100 Subject: [PATCH 02/30] Add gitignore for JetBrains IDEs --- .gitignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57f1cb2 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/.idea/ \ No newline at end of file From a9c91195fd6dae812d0a54ed5629ab5c53f3a256 Mon Sep 17 00:00:00 2001 From: lewmilburn Date: Thu, 26 Oct 2023 15:03:23 +0100 Subject: [PATCH 03/30] Update SonarCloud Java version --- .github/workflows/sonarcloud.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 49b071d..0d0f16a 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -43,6 +43,12 @@ jobs: runs-on: ubuntu-latest steps: + - name: Set up JDK 17 + uses: actions/setup-java@v2 + with: + distribution: 'temurin' + java-version: '17' + overwrite-settings: false - name: Analyze with SonarCloud # You can pin the exact commit or the version. From 71d5a2f0cbc0a46100ca5cdb86e999a5481d524b Mon Sep 17 00:00:00 2001 From: lewmilburn Date: Thu, 26 Oct 2023 15:10:20 +0100 Subject: [PATCH 04/30] Added token generation code --- Web/authentication/authenticationManager.php | 28 ++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/Web/authentication/authenticationManager.php b/Web/authentication/authenticationManager.php index cf7a8d8..b227634 100644 --- a/Web/authentication/authenticationManager.php +++ b/Web/authentication/authenticationManager.php @@ -2,11 +2,35 @@ namespace Vault\Authentication; +use mysql_xdevapi\Exception; use Vault\Data\dataManager; class authenticationManager { public function Login(string $username, string $password) { - $data = new dataManager(); - $data->getUserData($username); + if (session_status() == PHP_SESSION_ACTIVE) { + $data = new dataManager(); + $user = $data->getUserData($username); + if (password_verify($password, $user->password)) { + $tm = new tokenManager(); + $token = $tm->generateToken($user->uuid); + $_SESSION['uuid'] = $user->uuid; + $_SESSION['token'] = $token; + return true; + } else { + return false; + } + } else { + throw new Exception('No active session.'); + } + } + + public function Logout() { + if (session_status() == PHP_SESSION_ACTIVE) { + session_unset(); + session_destroy(); + return true; + } else { + throw new Exception('No active session.'); + } } } \ No newline at end of file From cc74627e2191d402981c7922199e8bac9391a06b Mon Sep 17 00:00:00 2001 From: StyleCI Bot Date: Thu, 26 Oct 2023 14:19:00 +0000 Subject: [PATCH 05/30] Apply fixes from StyleCI --- Web/authentication/authenticationManager.php | 13 +++++++++---- Web/authentication/tokenManager.php | 9 +++++---- Web/data/dataManager.php | 16 +++++++++------- Web/data/databaseManager.php | 8 +++++--- Web/data/fileManager.php | 8 +++++--- Web/index.php | 2 +- Web/settings.php | 2 +- 7 files changed, 35 insertions(+), 23 deletions(-) diff --git a/Web/authentication/authenticationManager.php b/Web/authentication/authenticationManager.php index b227634..a41343a 100644 --- a/Web/authentication/authenticationManager.php +++ b/Web/authentication/authenticationManager.php @@ -5,8 +5,10 @@ use mysql_xdevapi\Exception; use Vault\Data\dataManager; -class authenticationManager { - public function Login(string $username, string $password) { +class authenticationManager +{ + public function Login(string $username, string $password) + { if (session_status() == PHP_SESSION_ACTIVE) { $data = new dataManager(); $user = $data->getUserData($username); @@ -15,6 +17,7 @@ public function Login(string $username, string $password) { $token = $tm->generateToken($user->uuid); $_SESSION['uuid'] = $user->uuid; $_SESSION['token'] = $token; + return true; } else { return false; @@ -24,13 +27,15 @@ public function Login(string $username, string $password) { } } - public function Logout() { + public function Logout() + { if (session_status() == PHP_SESSION_ACTIVE) { session_unset(); session_destroy(); + return true; } else { throw new Exception('No active session.'); } } -} \ No newline at end of file +} diff --git a/Web/authentication/tokenManager.php b/Web/authentication/tokenManager.php index 11556c0..caace10 100644 --- a/Web/authentication/tokenManager.php +++ b/Web/authentication/tokenManager.php @@ -2,18 +2,19 @@ namespace Vault\Authentication; -class tokenManager { +class tokenManager +{ public function generateToken(string $uuid): string { - return hash('sha3-512',$uuid.date('Y-m-d')); + return hash('sha3-512', $uuid.date('Y-m-d')); } public function validateToken(string $token, string $uuid): string { - if ($token == hash('sha3-512',$uuid.date('Y-m-d'))) { + if ($token == hash('sha3-512', $uuid.date('Y-m-d'))) { return true; } else { return false; } } -} \ No newline at end of file +} diff --git a/Web/data/dataManager.php b/Web/data/dataManager.php index 6c6965c..94d1411 100644 --- a/Web/data/dataManager.php +++ b/Web/data/dataManager.php @@ -2,20 +2,21 @@ namespace Vault\Data; -use http\Exception; - -class dataManager { +class dataManager +{ private int $dataType; - public function __construct() { - require_once __DIR__ . '/../settings.php'; + public function __construct() + { + require_once __DIR__.'/../settings.php'; $this->dataType = DATA_TYPE; } /** * @throws \Exception Invalid data type. */ - public function getUserData(string $username) { + public function getUserData(string $username) + { if ($this->dataType == 1) { $dm = new databaseManager(); } elseif ($this->dataType == 2) { @@ -23,6 +24,7 @@ public function getUserData(string $username) { } else { throw new \Exception('Data type is invalid.'); } + return $dm->getUserData($username); } -} \ No newline at end of file +} diff --git a/Web/data/databaseManager.php b/Web/data/databaseManager.php index 3baea25..e2fd878 100644 --- a/Web/data/databaseManager.php +++ b/Web/data/databaseManager.php @@ -2,8 +2,10 @@ namespace Vault\Data; -class databaseManager { - public function getUserData(string $username) { +class databaseManager +{ + public function getUserData(string $username) + { return ''; //temp } -} \ No newline at end of file +} diff --git a/Web/data/fileManager.php b/Web/data/fileManager.php index bbee306..08bff23 100644 --- a/Web/data/fileManager.php +++ b/Web/data/fileManager.php @@ -2,8 +2,10 @@ namespace Vault\Data; -class fileManager { - public function getUserData(string $username) { +class fileManager +{ + public function getUserData(string $username) + { return ''; //temp } -} \ No newline at end of file +} diff --git a/Web/index.php b/Web/index.php index d3a4d4b..e344ba6 100644 --- a/Web/index.php +++ b/Web/index.php @@ -3,4 +3,4 @@ /** * @author Lewis Milburn * @license Apache 2.0 International License - */ \ No newline at end of file + */ diff --git a/Web/settings.php b/Web/settings.php index 25ad67f..2f15b89 100644 --- a/Web/settings.php +++ b/Web/settings.php @@ -5,4 +5,4 @@ * 1 = MySQL * 2 = File System */ -const DATA_TYPE = 1; \ No newline at end of file +const DATA_TYPE = 1; From 13e98f73b9a05a6c7544ff368a8d17cd7de4e678 Mon Sep 17 00:00:00 2001 From: lewmilburn Date: Thu, 26 Oct 2023 15:42:05 +0100 Subject: [PATCH 06/30] Modified session errors --- Web/assets/images/vault.png | Bin 0 -> 8289 bytes Web/authentication/authenticationManager.php | 10 +++-- Web/event/errorHandler.php | 43 +++++++++++++++++++ 3 files changed, 50 insertions(+), 3 deletions(-) create mode 100644 Web/assets/images/vault.png create mode 100644 Web/event/errorHandler.php diff --git a/Web/assets/images/vault.png b/Web/assets/images/vault.png new file mode 100644 index 0000000000000000000000000000000000000000..5384d8a4724173def11cf33f488f96989946adce GIT binary patch literal 8289 zcmdT~MNk|7ki=aB!9#+(vp|sG?ksKz4vQx&Zoz}QyDThDupkQwE{lZ)0)gNJ7I%ls z-TNL_b@#dXbX9jvPrs(-F<*4FlnL=@@K8`t2vt=S^iWVxktir=C^+c<82^Y>&wtRQ zqoJ?(5C4A^^KZ1D{}PLP>1hE`xHt}gw=NHzriaGoto-)Ql_3vZuZzKn zaUk79J=Nz@(kyLTJbwNFbL{dLkf&40g*RUN)L1^oSy6d}E?1wP1d4wX5!C#3wC+Ve zWN@Pre&Wb5n+_&Gzag<)_DFV`a2j~!+pw0(C?w;LyC!8SPnpB8yiSjoSDQl3Tp%N$ zik@RdgG)|w{>$}^XjFGMo2^o;^;fTn7G84zz<5$vSRd7 zRJ@zSOe-b!UsVOOKHuZN0`p9gbf?kn)A8`C-&B_tqrus~M&);=ivg(fa|yIGu_{@^ zfoVUWqiYCT50K#hl=iK$()msFe4@KX{G5B`S4n_wTUk&4N`G6aJ0#~y5UA}6|9-EX z%fWTYwX-$wy(KfnKdfW%Aw&u`3dE+^@j-_O`5}2IX0Rawen=6{wG~}Bqvp!T#u#e; z1XW;C6A5MZP&t&#IEGNe=6{j%`6SHqSiD-Z@1*02E-GzlcZv46ONSl-Z0Bsf+xHV_ z)){NEk2~)_uUbOgoY92sX+I8=8`M$iKGKB#P=U}R=xI18PF;hkbC&WG`*w9W%)c5wOF@{;9UA zy})^1C*)e{hLM=Y<*Q-!9RKsJ4WlOBPTu@Xe(=Wcn~Y^_DVr?bONfjkO_O@2xUXv| zQEf)>-vhmhBNq$Apg6)+#1euyMa5UumM(P_d%-uk)9UeZ!kvObaMopN?yUSs%G%QV z-p-(=WvxBxq=UHkFyM4s@)LhUhhcl`c&h*FZ7!>#(#F3(q)njDdlz!Ohac!CN|dI` zGnm2MN?hLcs<942ANrWD!10g0lRArWyp)!9Dvt-H zxjT|{p)w4u>`+k`{j_-*{GCcIir9jX0Ui?eN(#&p&|w(`cH1eGjhEAdVx1o2Eiex2 zlC0Wz{{+O@55!j1KXJ_tE!F|)ZgVJN&MasTPH4d-)-1Ga5SZ-QrjeA=8$r!{A*`cY zh?R`+>u)nu3WLD$%itwnZJ~&6u}i+Iqn0`YI)cp`AV-Bxr_OGe#X*m$GiB?a)#vaD zICVi&1Pe!t^~tsWj(FDJDS_mOlagiS^idZ@ayEeIUrXh5`N)9>$kW2dM0U7&h6f0> zhOAWI;>B6sT~gu~l_{@&M2jr*AS-Dv^x6L4yNzc*f_SZXLgl+VsMLVe+_EmOq8|QZ z+m@t#6(M}^8F+3FrCk$dCu>+mT;lrHxr4Fa3IA~3dQl0lYy+PJ^y(tnPVx|6wC907 z!ZMaaLG)skJSp-;{^MA?CRvs{A%m_YlevI&1wsvPjlIb{q&eMjirOW%||G z8k$t-d5Ne27(;#|U z@(K|j2g*^DUW(l!)JDUO)};+zKi^ z7ByBBNTgnOr2k^1$If>)55}e6jf2IaRBM(9=5$ste78yLsdoO502=sVvRPvpDV7dy zgmVO4mc9wKtR%_NfC-a+*q`or5eSbN-f(XFqAsa+A^`bxgo8TIi#cu$GLj7qj+CT( z#l6BnfBBr|5*_#)jWutRAUS4+L6yOwLIKQD#?kpIhCM~*2@T43x*oe{d_Z}3Hc)jz z`Tj1G=^aNJ5yXDT0jT{Ud8bwyklI3VJ8p`MtQ|@8-l0H^(l*_r#Y*FjPZf8U}N>9T11{CMM?lKFw@YI5p;mp%MdlXb4 z6mR^$Mu^(y0Xw5ASi29q+denE5D-l7B(dR~$r1ALT$uiDG^ZBtWa*tgrG=CbnnaUz z>*EEmOmVJ*Im)rao|wgn#?E#3CIsn#@l%V)0(29v;B+YX4k>8wRxdA21T;e^v&g zRaR@7*Oo=?>s=49J+psYYdU~heCBoMRW!RKRSr|W{)@E+X^64awg^LM)h)s4=XA3o z$$>1-zxkk~@UhZc11HCeQ5wgC7RC_SgohWQL9hr+Vn8kyf8Y~$vr8@eknv6d%&hII z@#ar1TC2u#q8@R;C*xmSDF~>iFEraFMo?;Y2^A8L@NJ3*4%=P(~XLEX8} zi9Vc0zzZYCr!TmKXIs;PKnerS;dIh|8qj&mi)}60SF~6a0hUo+LL^e0&dy_ZE30>J z-jn-g*%d{RE_7Ir#R&>$rLxa zvUj7ECRlLpmu@N)tz-6yzmP>!YAX*X?_GbtJ@NdFrMqr4b5+;Nh4fsL6d^Dr0j#en z?_P!e`o?YIq+;>u)v;QTEhzuYRHg+TPUc5Esh5K6%92YQ4d^HRi{d?3+n&uB>^Q-Lr{C;woG^)S zA5jly6^JUZDQj$GpB}^L@9_rt53;D?9^(f09+;O4>*U*d>$Ei#cE+i9Pj7?l1ZGL+yi`_bGQDs~EdRwERl`Cd!Xz zq^+rpqjyfO3`jXG4!v+>`MQccyn{Nq%MC0+#PStb@14oYhn-)%CJc46kOp*MKm8gD z$gv(}6AYSG%-te0!Kzw)1JE7hjh8<7?wBMEzrqi<2C+4fcD5XY4`1YaYegU`+7 z(V%FB!xUbTFQ#FqtR~2e%e_iiUcPlK>aJ`8+6cKNL|V3x*S4Az7Spp0 z+t>!2+~to7bZJECQKC4GuYa_Yb~;%OTHY)X!fV)Y6w!*SIT<%4f|UX1l$<=<#i= z#)_$Mti*)GAxF|W(T83|s?Xv3m1Lg2mZUr@f7hojRPKxD-12nBQBp2Mu=q-i3F^m% z%pi2u0hw%Ifh#q4mLT<4MXbz@7!9eC(10dUIA4mT)&YJmpEl@~rSgke1^-3n9h3$m zC%uL5j%uHbu)J)vu{6t7r4o8Af8B?|M#foXdyr|z?iNtC= zwG&@JJEKSl{YV1el3qr`G818g!%4#tydZMtX>AZ$oX8EOCAple%_`3kMUW`~>{Mal z?1x8x;l(H`zeFi8P4wQARBJk@sWej;?8zG&Wg<#Teko3(|2$B6Kc|nAXD0?QyqFXE zc~F=`OAg3nx#YMqBhyxC_PIlDi?&kz9e%2@w0{f6?Yk%vHWb~h5fqd(Y`1a$CC)H0 z=S$kq8$-?i@R-24nLJ7vG*x4@mw= zQO0&^dy^EII+sx=rBGEdM=UnP`A|{5mzFtkiNxlwMitRs;b{7((%k#2>l`wWA{M_% zEQd3|OhSa(kph&F(a-<;*xOiFx8kXkmV87hPgZ9&x9x?uPbLg!T%UWyp`xia;k^sUHLb1nA537qq?x z20l*HTrt*}pO-P_TmSPrDBSM3*ZP~nA#0w$jNgQqvaMIifXt!+!Rx$*7n+Y_Bygqp ztTopv4~*4;#-Kub=3M_N{vClyre##T?vcRHwSeC0H!}#oDBal8$Y^`6#(?N|aaK7) z0i{sdl;|y`RSV?HuXh@GvUIbBg=CsR{W=;E1~}jY^~aMu3Tt0ipt>+PvBc3ck$Ocg z)55+}BcDnH8$j5qXG7LMN^`A|^;gVLKe5;tX+x*nn=>SAVzeoS4KPp-`s?TL2wU}o zGq}oRb%LN0@tcv8+?q+c^CGqenn~x`AZSy}_IU>SY#Fu_Pp3}0LW;@yJ8cO@n$3@SzDdSnYDr+Q-UHy+NZM)P!F2mD7ZbBn_TH5!L zllROyA-yRkp`~V=kRhc9)tQ?wy_%q#jhqD|AG`cuL|1Es(XS>97T|N~_|RwUE~hi% z=0rZV?l!Z)nYml#4u|jkWvW>Y0AK?~Zx}W2jjCV#6pgc`(dv)`S3=Q+ne|lEWmGP- ziIkeRY3Zy+cFf+)2@trWe>1nHWIHm96AS67jGO zY?l>l!t35i;QdUCz@#|q)=rg|iL`gm6Ny4V*<#{!ey$S<87=f@Xw z5GkgcMMG#Mys$ek#F-ZK!`)w#9#MFbs#=2XlZzfQ8oQ2dT}t5CUW}1Ld{E|qn+aiX z2q9?#Pui8Od<3{=+=Z|>5Q#RJFHT}hm(3nTq}!ST|0XmClnBDB>XwsZnA&p5Oy*yX zNix%s0z?s{hj_oS6S3C2N=nuX62Nr$04)+f88&q{OWwZFV6~EpXj#-fi8j4O$U5x* zB7~xIxqmRg8A-gV(h(Z1n778@MpZVF6M_q1XIK-XXSgNcEy#Y5~riFN&^ah$}jdk ze@&)ozep}(AlmfKnc2!C94LVl6lJD;K^PX&D-l^+O|TI(oVhSj%)OJ+sJ{7kr?dZ5 zC-#I&I}wyU^vIbneeUNJN?EF!4sVllsqISDdb{J~$RrY3T**eQno!{oJ<4Ql3%>S? z&F!Id8F0+6#BL6k7EJv&^P^mM{@g>0eez(Bv3z&D#TrIGygWGnpZn=Pxuq6af+hTE zR^B=4rgg8vdd>Zx8yal4K_yDaj3{p6>PeVAK`nf?XN8-{h>*Elo$n5>$d(0AxXU6P z#orZRMk6&Lp<;Nn4iy$_A;2-qVKf8Sv9-2d-B%mL&y1f-hYO^paXsGNsZG1c@;!3C z8`T1l?>eo?3~a`{9s@JmIiB^;gyP(5o}3gEAjE#oqN2s~JeTs2N?#AdlyN+?N+kex z?3bHSg|RsETWt8Ws*YRRqK^{Ovy-7__IftZ**Hs?LD4uvS`(IdvUw<@aQZPwZrsXXm_gR$WPe^%iE0kA10Uug@4u=fY2a^m)p)_ z{k!jXGG>|&?qfTZv@@%PsVJ z^m9^eg}0O-k^di)SZ^VlUqlKMgGSfh0KK!4;48iRq!a{RY0~5>#`*RVS%K+xFag6H z;mSomyee^zDp)XkDI~t!l6*PD377P0c=%`uM*5TiSF!$;+7Z^k4H*)8q@zo*LDDnU z;ytr3k_f!$D6K!jR5Iwa69gRX{k6qD&TyQRtGyPNRnV;b4T?HzWH{jd`$W{VKlu}5iqkX>W=JM+$ znb3a{tYZAH#l?YQM4bw@RZ;`b-MfMs?Y(_+WAQHN>9_6Ma9^P@f?>Vg_iu}%c|R=g z?{PfB^okxk?43kJ_6*&a3-6T5e)skG*?MbHljRZ<8f#~G3v?W04Y*J5y1veNr z@FtCJ>!JLqPQbcYcf3OeRCdqW;+|Aqgm|4#S@4-vifbK_kcEk!GnIUmcE{I%k0rF4 zHCo|q%9ils?(N9E>Z7Q$HtA!uCnHp10uysLnzR0>s}d{9FLqkl#}E!3hP{g9Myh;1 zE}}^w<1p?Li{rVR2vnDCPf|h0)I;wFD8c|)N?VAzJ1aTeJpBiinpB#3iNOqPST313 z7<{WE$f5CU$HanAA?&{5C^HAO(fouCN4{rD6Z8g@M{z=};N$7SJS#rVZ8{)lun+q- zhf~nsH&W@Ugz!Xh`E0kOi7rD|^Gg-iBRqa>h zaeC0thLL-X7L2as>Vytr>zA;KZ7lU|MCc66`=A}|rwR=5JalyK@6A)577InKY}^K? zTc#L-AXtq{&fUW2S9cAZ&sN8inX_17>;$hV7%;@_h2kQAP<3N9ezEbGyq7kv{;FTW zU4o;ksyX{;@##8?Y7Rclu0gnL$$cwbcQm>7l}w9JxEfsa9Nm80(IN!l1%%#iL_Pnx z9XP}`RRp0BmrXrn8D{Y|OjqlnC;V|74Y6qjyPIiz0-+Q{$9j=EE}ais8Jn3W=JMq|dWo;NTjrLH4`!J( z1aRHFZ9}M;fB@XBG?}J^>UB{ShW&aqR?xW^O$&Qg9;)a;$dOPQOMJgIu&j?8$xjrg z{W!+W`d|2+01dUB6%ePLK$z4X>bdwC;lM>-b99&Cb4XM^^sw{m=SI?z_DTuD7j&n= z_pRAs35*Ry-;BF-n0k&ReRBWvm3Q5T8#!2^buI9D!3Nxn02%)`NgDs}Xgv`+p$$@{ zbY7;hm`*zdVx@FZB{=Ej7gBU8T{$I52Bo;yLE)s^jN7$Ow8374Ok)6PQwFVq*M1^S zdg8yRdYz*cngQVzA8FAk{2UoRH5i0!-V3(XU$`b!qKwk8O%Wwi0oPs^7| z5qB;bj=NGhw2aRkz9r6OTy*`eU^yt(XH)tiv6pH(KZ5V3Mrr~#8}eHnuu(UeEXPqy z%Dc;$QK-z6yCAP7RHVco5{0n8GRNPE7VB$NWYTwzDf2pZQs@jBNV!`OMzgr~Y?EEgb6wkGaUjIud6**0a~W)`oT z{p8Zp1|-48+@GmU>MH<8uNQll`%pkEKm8hT(B*8^$69aPM;uOSqsDDqz1${@`-ob? zYmyAezZwbiZ6`s_+Xz&9{079GqBZ?7i7`NTqZN!x%SAP@W;j~w?r0 zMXuDmYl7;zbAQK~bmq%hh3)U_e|6X~in>42uLXXwmrR|;1!;ed0(0s*43@`M9i38DijkcFBX0vg6Y$Z@Lv1PH6^wQ?>RGo043@ov=@G;x)j~;mL|e{+ z*dat5{_wIWGXATa6|9f>LR~Ur;u$Ve2lQ{0N4&IrPd3qoe#<5gNj0AhixE28zm!YG z1-{)Lg&EklqyuER?vHk9wFa)wj#x0Q*rWP9^z~~mF)sy@IXShKQuu`L-)GZ`=@U{q zY4vDg96icYV7GRB;p1z~!A*$Ey}&=+?&^!ZGhFZ1i>vWH*N+=p$Om~dYlNj})iP7% zY~7I#HVp~(<%8N7{&4}d%wjY9j)!OHYou0M6_(zMvC0x{a~aayUGag1w_`{hRsNR0 z>R~0a|C&v(Z&9+Z-W?HD7f~YxhqYNWd`SrF+Qa>sessionRequired('Vault\Authentication\authenticationManager()::Login'); + exit; } } @@ -35,7 +37,9 @@ public function Logout() return true; } else { - throw new Exception('No active session.'); + $eh = new errorHandler(); + $eh->sessionRequired('Vault\Authentication\authenticationManager()::Logout'); + exit; } } } diff --git a/Web/event/errorHandler.php b/Web/event/errorHandler.php new file mode 100644 index 0000000..ec2b26e --- /dev/null +++ b/Web/event/errorHandler.php @@ -0,0 +1,43 @@ + + + + + + Vault Error + + + +
+ Vault +

Error '.$code.'

+
+ + + + + + + + + +
Function'.$function.'
Error'.$message.'
+ + '; + exit; + } + + public function sessionRequired(string $function): void + { + $this->error($function,'Internal Server Error - An active PHP session is required to run this function.', 500); + } +} \ No newline at end of file From 3dda7c4330982d2904156c6d49416a1548e4d2d3 Mon Sep 17 00:00:00 2001 From: lewmilburn Date: Thu, 26 Oct 2023 15:42:19 +0100 Subject: [PATCH 07/30] Added fil loaders --- Web/index.php | 7 +++++++ Web/loader.php | 10 ++++++++++ 2 files changed, 17 insertions(+) create mode 100644 Web/loader.php diff --git a/Web/index.php b/Web/index.php index e344ba6..7081da9 100644 --- a/Web/index.php +++ b/Web/index.php @@ -4,3 +4,10 @@ * @author Lewis Milburn * @license Apache 2.0 International License */ + +ob_start(); +session_start(); + +require_once __DIR__ . '/loader.php'; + +ob_end_flush(); \ No newline at end of file diff --git a/Web/loader.php b/Web/loader.php new file mode 100644 index 0000000..5bea458 --- /dev/null +++ b/Web/loader.php @@ -0,0 +1,10 @@ + Date: Thu, 26 Oct 2023 14:42:40 +0000 Subject: [PATCH 08/30] Apply fixes from StyleCI --- Web/event/errorHandler.php | 4 ++-- Web/index.php | 5 ++--- Web/loader.php | 12 ++++++------ 3 files changed, 10 insertions(+), 11 deletions(-) diff --git a/Web/event/errorHandler.php b/Web/event/errorHandler.php index ec2b26e..91218dd 100644 --- a/Web/event/errorHandler.php +++ b/Web/event/errorHandler.php @@ -38,6 +38,6 @@ public function error(string $function, string $message, string $code): void public function sessionRequired(string $function): void { - $this->error($function,'Internal Server Error - An active PHP session is required to run this function.', 500); + $this->error($function, 'Internal Server Error - An active PHP session is required to run this function.', 500); } -} \ No newline at end of file +} diff --git a/Web/index.php b/Web/index.php index 7081da9..cf570d6 100644 --- a/Web/index.php +++ b/Web/index.php @@ -4,10 +4,9 @@ * @author Lewis Milburn * @license Apache 2.0 International License */ - ob_start(); session_start(); -require_once __DIR__ . '/loader.php'; +require_once __DIR__.'/loader.php'; -ob_end_flush(); \ No newline at end of file +ob_end_flush(); diff --git a/Web/loader.php b/Web/loader.php index 5bea458..e8973d5 100644 --- a/Web/loader.php +++ b/Web/loader.php @@ -1,10 +1,10 @@ Date: Mon, 30 Oct 2023 15:41:02 +0000 Subject: [PATCH 09/30] Fix PSR & add dev env settings --- Web/authentication/authenticationManager.php | 2 +- Web/authentication/tokenManager.php | 2 +- Web/data/const.php | 4 ++++ Web/data/dataManager.php | 2 +- Web/data/databaseManager.php | 2 +- Web/data/fileManager.php | 2 +- Web/event/errorHandler.php | 2 +- Web/event/routeHandler.php | 19 +++++++++++++++++++ Web/loader.php | 11 ++++++++++- Web/settings.php | 9 ++++----- 10 files changed, 43 insertions(+), 12 deletions(-) create mode 100644 Web/data/const.php create mode 100644 Web/event/routeHandler.php diff --git a/Web/authentication/authenticationManager.php b/Web/authentication/authenticationManager.php index 459dd69..925c3ff 100644 --- a/Web/authentication/authenticationManager.php +++ b/Web/authentication/authenticationManager.php @@ -1,6 +1,6 @@ error('Vault\Event\authenticationManager()::Login'); + } + } +} \ No newline at end of file diff --git a/Web/loader.php b/Web/loader.php index e8973d5..ac339db 100644 --- a/Web/loader.php +++ b/Web/loader.php @@ -1,5 +1,14 @@ Date: Mon, 30 Oct 2023 15:44:24 +0000 Subject: [PATCH 10/30] Change error handler parameters --- Web/authentication/authenticationManager.php | 4 ++-- Web/event/errorHandler.php | 13 +++++++++---- Web/event/routeHandler.php | 2 +- 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/Web/authentication/authenticationManager.php b/Web/authentication/authenticationManager.php index 925c3ff..4327658 100644 --- a/Web/authentication/authenticationManager.php +++ b/Web/authentication/authenticationManager.php @@ -24,7 +24,7 @@ public function Login(string $username, string $password) } } else { $eh = new errorHandler(); - $eh->sessionRequired('Vault\Authentication\authenticationManager()::Login'); + $eh->sessionRequired('authentication','authenticationManager','Login'); exit; } } @@ -38,7 +38,7 @@ public function Logout() return true; } else { $eh = new errorHandler(); - $eh->sessionRequired('Vault\Authentication\authenticationManager()::Logout'); + $eh->sessionRequired('authentication','authenticationManager','Logout'); exit; } } diff --git a/Web/event/errorHandler.php b/Web/event/errorHandler.php index 6365de9..8f4ff5a 100644 --- a/Web/event/errorHandler.php +++ b/Web/event/errorHandler.php @@ -4,7 +4,7 @@ class errorHandler { - public function error(string $function, string $message, string $code): void + public function error(string $namespace, string $class, string $function, string $message, string $code): void { http_response_code($code); ob_end_clean(); @@ -24,7 +24,7 @@ public function error(string $function, string $message, string $code): void - + @@ -36,8 +36,13 @@ public function error(string $function, string $message, string $code): void exit; } - public function sessionRequired(string $function): void + public function sessionRequired(string $namespace, string $class, string $function): void { - $this->error($function, 'Internal Server Error - An active PHP session is required to run this function.', 500); + $this->error($namespace, $class, $function, 'Internal Server Error - An active PHP session is required to run this function.', 500); + } + + public function fileNotFound(string $namespace, string $class, string $function) + { + $this->error($namespace, $class, $function, 'File Not Found - The requested file could not be found.', 404); } } diff --git a/Web/event/routeHandler.php b/Web/event/routeHandler.php index 12c2e5a..7721c31 100644 --- a/Web/event/routeHandler.php +++ b/Web/event/routeHandler.php @@ -13,7 +13,7 @@ public function displayFile($file) { require_once __DIR__ . $file; } else { $eh = new errorHandler(); - $eh->error('Vault\Event\authenticationManager()::Login'); + $eh->fileNotFound('event','routeHandler','displayFile'); } } } \ No newline at end of file From 15344c639a6c2f2e489a629e9c6f9d0af32d91ab Mon Sep 17 00:00:00 2001 From: lewmilburn Date: Mon, 30 Oct 2023 15:49:27 +0000 Subject: [PATCH 11/30] Added router & fixed some issues --- Web/data/dataManager.php | 2 +- Web/event/routeHandler.php | 19 +++++++++++++++---- Web/index.php | 8 ++++++++ Web/loader.php | 4 +++- Web/view/login.php | 9 +++++++++ 5 files changed, 36 insertions(+), 6 deletions(-) create mode 100644 Web/view/login.php diff --git a/Web/data/dataManager.php b/Web/data/dataManager.php index 89ff1f3..8ca030d 100644 --- a/Web/data/dataManager.php +++ b/Web/data/dataManager.php @@ -15,7 +15,7 @@ public function __construct() /** * @throws \Exception Invalid data type. */ - public function getUserData(string $username) + public function getUserData(string $username): string { if ($this->dataType == 1) { $dm = new databaseManager(); diff --git a/Web/event/routeHandler.php b/Web/event/routeHandler.php index 7721c31..e4ea937 100644 --- a/Web/event/routeHandler.php +++ b/Web/event/routeHandler.php @@ -4,16 +4,27 @@ class routeHandler { - public function getRequest() { + public function getRequest($url, $file): void + { + if ($_SERVER['REQUEST_URI'] === $url && $_SERVER['REQUEST_METHOD'] === 'GET') { + $this->displayFile($file); + } + } + public function endRouter(): void + { + $eh = new errorHandler(); + $eh->fileNotFound('event','routeHandler','endRouter'); } - public function displayFile($file) { - if (file_exists(__DIR__ . $file)) { - require_once __DIR__ . $file; + private function displayFile($file): void + { + if (file_exists(__DIR__ . '/../' .$file)) { + require_once __DIR__ . '/../' .$file; } else { $eh = new errorHandler(); $eh->fileNotFound('event','routeHandler','displayFile'); } + exit; } } \ No newline at end of file diff --git a/Web/index.php b/Web/index.php index cf570d6..4d33102 100644 --- a/Web/index.php +++ b/Web/index.php @@ -4,9 +4,17 @@ * @author Lewis Milburn * @license Apache 2.0 International License */ + +use Vault\event\routeHandler; + ob_start(); session_start(); require_once __DIR__.'/loader.php'; +$router = new routeHandler(); +$router->getRequest('/', 'view/login.php'); + +$router->endRouter(); + ob_end_flush(); diff --git a/Web/loader.php b/Web/loader.php index ac339db..ebe51d0 100644 --- a/Web/loader.php +++ b/Web/loader.php @@ -16,4 +16,6 @@ require_once __DIR__.'/authentication/authenticationManager.php'; require_once __DIR__.'/authentication/tokenManager.php'; -require_once __DIR__.'/event/errorHandler.php'; \ No newline at end of file +require_once __DIR__.'/event/errorHandler.php'; + +require_once __DIR__.'/event/routeHandler.php'; \ No newline at end of file diff --git a/Web/view/login.php b/Web/view/login.php new file mode 100644 index 0000000..d2079fe --- /dev/null +++ b/Web/view/login.php @@ -0,0 +1,9 @@ + + + + Vault + + + Login to Vault. + + \ No newline at end of file From 8d86ed093ec5b53a14f1fba47b45eff130618470 Mon Sep 17 00:00:00 2001 From: lewmilburn Date: Mon, 30 Oct 2023 17:54:56 +0000 Subject: [PATCH 12/30] Added encryptionManager.php and some file handling --- .gitignore | 4 ++- Web/data/const.php | 4 ++- Web/data/dataManager.php | 12 ++----- Web/data/fileManager.php | 40 ++++++++++++++++++++- Web/encryption/encryptionManager.php | 54 ++++++++++++++++++++++++++++ Web/event/errorHandler.php | 2 +- Web/loader.php | 10 +++++- Web/settings.php | 23 +++++++++--- 8 files changed, 130 insertions(+), 19 deletions(-) create mode 100644 Web/encryption/encryptionManager.php diff --git a/.gitignore b/.gitignore index 57f1cb2..57d5335 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,3 @@ -/.idea/ \ No newline at end of file +/.idea/ +users.json +default.vault \ No newline at end of file diff --git a/Web/data/const.php b/Web/data/const.php index c05eb5e..1b4e068 100644 --- a/Web/data/const.php +++ b/Web/data/const.php @@ -1,4 +1,6 @@ dataType = DATA_TYPE; - } - /** * @throws \Exception Invalid data type. */ public function getUserData(string $username): string { - if ($this->dataType == 1) { + if (STORAGE_TYPE == DATABASE) { $dm = new databaseManager(); - } elseif ($this->dataType == 2) { + } elseif (STORAGE_TYPE == FILESYSTEM) { $dm = new fileManager(); } else { throw new \Exception('Data type is invalid.'); diff --git a/Web/data/fileManager.php b/Web/data/fileManager.php index 44f9571..8a350eb 100644 --- a/Web/data/fileManager.php +++ b/Web/data/fileManager.php @@ -2,10 +2,48 @@ namespace Vault\data; +use Vault\encryption\encryptionManager; + class fileManager { + private string $usersFile; + private string $vaultFile; + + public function __construct() + { + $this->usersFile = __DIR__ . '/../' . USERS_FILE; + $this->vaultFile = __DIR__ . '/../' . VAULT_FILE; + + if (!file_exists($this->usersFile)) { + $this->initialiseUsers(); + } + + if (!file_exists($this->vaultFile)) { + $this->initialiseVault(); + } + } + public function getUserData(string $username) { - return ''; //temp + $usersFile = file_get_contents($this->usersFile); + return json_decode($usersFile); + } + + private function initialiseUsers(): void + { + $UserFile = fopen($this->usersFile, "w"); + fwrite($UserFile, '{"users" : []}'); + fclose($UserFile); + } + + private function initialiseVault(): void + { + $VaultFile = fopen($this->vaultFile, "w"); + + $em = new encryptionManager(); + $EncryptedData = $em->encrypt('"users" : []',hex2bin('000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f')); + + fwrite($VaultFile, $EncryptedData[0].'[!]'.$EncryptedData[1]); + fclose($VaultFile); } } diff --git a/Web/encryption/encryptionManager.php b/Web/encryption/encryptionManager.php new file mode 100644 index 0000000..d1c0af1 --- /dev/null +++ b/Web/encryption/encryptionManager.php @@ -0,0 +1,54 @@ +error('encryption', 'encryptionManager','encrypt',$e,'500'); + exit; + } + } + public function encrypt($string, $key): array + { + try { + $nonce = random_bytes(SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES); + $encryptedData = sodium_crypto_aead_xchacha20poly1305_ietf_encrypt($string, '', $nonce, $key); + + // Overwriting memory to prevent data leakage + sodium_memzero($string); + sodium_memzero($key); + + return array($encryptedData,$nonce); + } catch (SodiumException|\Exception $e) { + $eh = new errorHandler(); + $eh->error('encryption', 'encryptionManager','encrypt',$e,'500'); + exit; + } + } + public function decrypt($string, $key, $nonce): string|null + { + try { + $decryptedData = sodium_crypto_aead_xchacha20poly1305_ietf_decrypt($string, '', $nonce, $key); + + // Overwriting memory to prevent data leakage + sodium_memzero($string); + sodium_memzero($nonce); + sodium_memzero($key); + + return $decryptedData; + } catch (SodiumException|\Exception $e) { + $eh = new errorHandler(); + $eh->error('encryption', 'encryptionManager','decrypt',$e,'500'); + exit; + } + } +} \ No newline at end of file diff --git a/Web/event/errorHandler.php b/Web/event/errorHandler.php index 8f4ff5a..373f5ba 100644 --- a/Web/event/errorHandler.php +++ b/Web/event/errorHandler.php @@ -4,7 +4,7 @@ class errorHandler { - public function error(string $namespace, string $class, string $function, string $message, string $code): void + public function error(string|null $namespace, string|null $class, string|null $function, string $message, string $code): void { http_response_code($code); ob_end_clean(); diff --git a/Web/loader.php b/Web/loader.php index ebe51d0..4050b10 100644 --- a/Web/loader.php +++ b/Web/loader.php @@ -9,6 +9,8 @@ error_reporting(0); } +require_once __DIR__.'/encryption/encryptionManager.php'; + require_once __DIR__.'/data/fileManager.php'; require_once __DIR__.'/data/databaseManager.php'; require_once __DIR__.'/data/dataManager.php'; @@ -18,4 +20,10 @@ require_once __DIR__.'/event/errorHandler.php'; -require_once __DIR__.'/event/routeHandler.php'; \ No newline at end of file +require_once __DIR__.'/event/routeHandler.php'; + +if (!extension_loaded('sodium')) +{ + $eh = new \Vault\event\errorHandler(); + $eh->error(null, null, null, 'Sodium not installed.', '500'); +} \ No newline at end of file diff --git a/Web/settings.php b/Web/settings.php index e4303b7..06bc9e8 100644 --- a/Web/settings.php +++ b/Web/settings.php @@ -1,7 +1,22 @@ Date: Mon, 30 Oct 2023 17:55:19 +0000 Subject: [PATCH 13/30] Removed unused setting --- Web/settings.php | 3 --- 1 file changed, 3 deletions(-) diff --git a/Web/settings.php b/Web/settings.php index 06bc9e8..bc2688c 100644 --- a/Web/settings.php +++ b/Web/settings.php @@ -3,9 +3,6 @@ // DATA_TYPE - DEV or PROD const ENV = DEV; -// ENCRYPTION_METHOD -const ENCRYPTION_METHOD = 'aes-256-ctr'; - // STORAGE_TYPE = DATABASE or FILESYSTEM const STORAGE_TYPE = FILESYSTEM; From 96805e7e28edf5e32002ff45a969b555fbf086ad Mon Sep 17 00:00:00 2001 From: lewmilburn Date: Mon, 30 Oct 2023 17:58:57 +0000 Subject: [PATCH 14/30] Initialisation settings --- Web/data/fileManager.php | 2 +- Web/settings.php | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/Web/data/fileManager.php b/Web/data/fileManager.php index 8a350eb..6bf3968 100644 --- a/Web/data/fileManager.php +++ b/Web/data/fileManager.php @@ -41,7 +41,7 @@ private function initialiseVault(): void $VaultFile = fopen($this->vaultFile, "w"); $em = new encryptionManager(); - $EncryptedData = $em->encrypt('"users" : []',hex2bin('000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f')); + $EncryptedData = $em->encrypt('"users" : []',$em->generateKey(TEMPORARY_PASSWORD)); fwrite($VaultFile, $EncryptedData[0].'[!]'.$EncryptedData[1]); fclose($VaultFile); diff --git a/Web/settings.php b/Web/settings.php index bc2688c..6c8800c 100644 --- a/Web/settings.php +++ b/Web/settings.php @@ -5,6 +5,8 @@ // STORAGE_TYPE = DATABASE or FILESYSTEM const STORAGE_TYPE = FILESYSTEM; +// TEMPORARY_PASSWORD - first run password +const TEMPORARY_PASSWORD = 'Vault123!'; // Filesystem storage settings const USERS_FILE = 'users.json'; From 9bfbbe7393529797007b404068f2ed06441a9a82 Mon Sep 17 00:00:00 2001 From: lewmilburn Date: Mon, 30 Oct 2023 17:59:13 +0000 Subject: [PATCH 15/30] Replace qualifier with imports --- Web/loader.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Web/loader.php b/Web/loader.php index 4050b10..db5ae5d 100644 --- a/Web/loader.php +++ b/Web/loader.php @@ -1,5 +1,8 @@ error(null, null, null, 'Sodium not installed.', '500'); } \ No newline at end of file From daac17ea3cbffb41370b5ba52e307340ab9772a6 Mon Sep 17 00:00:00 2001 From: lewmilburn Date: Mon, 30 Oct 2023 18:16:08 +0000 Subject: [PATCH 16/30] Added more vault settings --- .gitignore | 2 +- Web/data/fileManager.php | 16 ++++++++-------- Web/settings.php | 4 +++- 3 files changed, 12 insertions(+), 10 deletions(-) diff --git a/.gitignore b/.gitignore index 57d5335..13ff460 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ /.idea/ users.json -default.vault \ No newline at end of file +admin.vault \ No newline at end of file diff --git a/Web/data/fileManager.php b/Web/data/fileManager.php index 6bf3968..d4978e0 100644 --- a/Web/data/fileManager.php +++ b/Web/data/fileManager.php @@ -7,18 +7,18 @@ class fileManager { private string $usersFile; - private string $vaultFile; + private string $defaultVault; public function __construct() { - $this->usersFile = __DIR__ . '/../' . USERS_FILE; - $this->vaultFile = __DIR__ . '/../' . VAULT_FILE; + $this->usersFile = __DIR__ . '/../' . SECURE_LOCATION . USERS_FILE; + $this->defaultVault = __DIR__ . '/../' . SECURE_LOCATION . DEFAULT_USER . '.vault'; if (!file_exists($this->usersFile)) { $this->initialiseUsers(); } - if (!file_exists($this->vaultFile)) { + if (!file_exists($this->defaultVault)) { $this->initialiseVault(); } } @@ -32,18 +32,18 @@ public function getUserData(string $username) private function initialiseUsers(): void { $UserFile = fopen($this->usersFile, "w"); - fwrite($UserFile, '{"users" : []}'); + fwrite($UserFile, '[{"user":"admin","passkey":"'.password_hash(TEMPORARY_PASSWORD,PASSWORD_DEFAULT).'"}]'); fclose($UserFile); } private function initialiseVault(): void { - $VaultFile = fopen($this->vaultFile, "w"); + $VaultFile = fopen($this->defaultVault, "w"); $em = new encryptionManager(); - $EncryptedData = $em->encrypt('"users" : []',$em->generateKey(TEMPORARY_PASSWORD)); + $EncryptedData = $em->encrypt('[{}]',$em->generateKey(PASSWORD_DEFAULT)); - fwrite($VaultFile, $EncryptedData[0].'[!]'.$EncryptedData[1]); + fwrite($VaultFile, $EncryptedData[0].FILE_SEPARATOR.$EncryptedData[1]); fclose($VaultFile); } } diff --git a/Web/settings.php b/Web/settings.php index 6c8800c..73c7cfe 100644 --- a/Web/settings.php +++ b/Web/settings.php @@ -10,7 +10,9 @@ // Filesystem storage settings const USERS_FILE = 'users.json'; -const VAULT_FILE = 'default.vault'; +const DEFAULT_USER = 'admin'; +const SECURE_LOCATION = ''; // relative to this file. +const FILE_SEPARATOR = '[SEP]'; // Database storage settings const DB_HOST = ''; From 8f75dfc09fa18bd8b316fbc55f74832e308e845e Mon Sep 17 00:00:00 2001 From: StyleCI Bot Date: Mon, 30 Oct 2023 18:21:34 +0000 Subject: [PATCH 17/30] Apply fixes from StyleCI --- Web/authentication/authenticationManager.php | 4 ++-- Web/data/const.php | 2 +- Web/data/fileManager.php | 13 +++++++------ Web/encryption/encryptionManager.php | 14 ++++++++------ Web/event/routeHandler.php | 10 +++++----- Web/loader.php | 6 ++---- Web/settings.php | 2 +- 7 files changed, 26 insertions(+), 25 deletions(-) diff --git a/Web/authentication/authenticationManager.php b/Web/authentication/authenticationManager.php index 4327658..2449fa7 100644 --- a/Web/authentication/authenticationManager.php +++ b/Web/authentication/authenticationManager.php @@ -24,7 +24,7 @@ public function Login(string $username, string $password) } } else { $eh = new errorHandler(); - $eh->sessionRequired('authentication','authenticationManager','Login'); + $eh->sessionRequired('authentication', 'authenticationManager', 'Login'); exit; } } @@ -38,7 +38,7 @@ public function Logout() return true; } else { $eh = new errorHandler(); - $eh->sessionRequired('authentication','authenticationManager','Logout'); + $eh->sessionRequired('authentication', 'authenticationManager', 'Logout'); exit; } } diff --git a/Web/data/const.php b/Web/data/const.php index 1b4e068..bcb886d 100644 --- a/Web/data/const.php +++ b/Web/data/const.php @@ -3,4 +3,4 @@ const DEV = 0; const PROD = 1; const DATABASE = 0; -const FILESYSTEM = 1; \ No newline at end of file +const FILESYSTEM = 1; diff --git a/Web/data/fileManager.php b/Web/data/fileManager.php index d4978e0..4853782 100644 --- a/Web/data/fileManager.php +++ b/Web/data/fileManager.php @@ -11,8 +11,8 @@ class fileManager public function __construct() { - $this->usersFile = __DIR__ . '/../' . SECURE_LOCATION . USERS_FILE; - $this->defaultVault = __DIR__ . '/../' . SECURE_LOCATION . DEFAULT_USER . '.vault'; + $this->usersFile = __DIR__.'/../'.SECURE_LOCATION.USERS_FILE; + $this->defaultVault = __DIR__.'/../'.SECURE_LOCATION.DEFAULT_USER.'.vault'; if (!file_exists($this->usersFile)) { $this->initialiseUsers(); @@ -26,22 +26,23 @@ public function __construct() public function getUserData(string $username) { $usersFile = file_get_contents($this->usersFile); + return json_decode($usersFile); } private function initialiseUsers(): void { - $UserFile = fopen($this->usersFile, "w"); - fwrite($UserFile, '[{"user":"admin","passkey":"'.password_hash(TEMPORARY_PASSWORD,PASSWORD_DEFAULT).'"}]'); + $UserFile = fopen($this->usersFile, 'w'); + fwrite($UserFile, '[{"user":"admin","passkey":"'.password_hash(TEMPORARY_PASSWORD, PASSWORD_DEFAULT).'"}]'); fclose($UserFile); } private function initialiseVault(): void { - $VaultFile = fopen($this->defaultVault, "w"); + $VaultFile = fopen($this->defaultVault, 'w'); $em = new encryptionManager(); - $EncryptedData = $em->encrypt('[{}]',$em->generateKey(PASSWORD_DEFAULT)); + $EncryptedData = $em->encrypt('[{}]', $em->generateKey(PASSWORD_DEFAULT)); fwrite($VaultFile, $EncryptedData[0].FILE_SEPARATOR.$EncryptedData[1]); fclose($VaultFile); diff --git a/Web/encryption/encryptionManager.php b/Web/encryption/encryptionManager.php index d1c0af1..2a51c36 100644 --- a/Web/encryption/encryptionManager.php +++ b/Web/encryption/encryptionManager.php @@ -10,13 +10,14 @@ class encryptionManager public function generateKey($password): string { try { - return sodium_crypto_pwhash(SODIUM_CRYPTO_SECRETBOX_KEYBYTES, $password, '0000000000000000',SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13); + return sodium_crypto_pwhash(SODIUM_CRYPTO_SECRETBOX_KEYBYTES, $password, '0000000000000000', SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13); } catch (SodiumException $e) { $eh = new errorHandler(); - $eh->error('encryption', 'encryptionManager','encrypt',$e,'500'); + $eh->error('encryption', 'encryptionManager', 'encrypt', $e, '500'); exit; } } + public function encrypt($string, $key): array { try { @@ -27,13 +28,14 @@ public function encrypt($string, $key): array sodium_memzero($string); sodium_memzero($key); - return array($encryptedData,$nonce); + return [$encryptedData, $nonce]; } catch (SodiumException|\Exception $e) { $eh = new errorHandler(); - $eh->error('encryption', 'encryptionManager','encrypt',$e,'500'); + $eh->error('encryption', 'encryptionManager', 'encrypt', $e, '500'); exit; } } + public function decrypt($string, $key, $nonce): string|null { try { @@ -47,8 +49,8 @@ public function decrypt($string, $key, $nonce): string|null return $decryptedData; } catch (SodiumException|\Exception $e) { $eh = new errorHandler(); - $eh->error('encryption', 'encryptionManager','decrypt',$e,'500'); + $eh->error('encryption', 'encryptionManager', 'decrypt', $e, '500'); exit; } } -} \ No newline at end of file +} diff --git a/Web/event/routeHandler.php b/Web/event/routeHandler.php index e4ea937..164a6c7 100644 --- a/Web/event/routeHandler.php +++ b/Web/event/routeHandler.php @@ -14,17 +14,17 @@ public function getRequest($url, $file): void public function endRouter(): void { $eh = new errorHandler(); - $eh->fileNotFound('event','routeHandler','endRouter'); + $eh->fileNotFound('event', 'routeHandler', 'endRouter'); } private function displayFile($file): void { - if (file_exists(__DIR__ . '/../' .$file)) { - require_once __DIR__ . '/../' .$file; + if (file_exists(__DIR__.'/../'.$file)) { + require_once __DIR__.'/../'.$file; } else { $eh = new errorHandler(); - $eh->fileNotFound('event','routeHandler','displayFile'); + $eh->fileNotFound('event', 'routeHandler', 'displayFile'); } exit; } -} \ No newline at end of file +} diff --git a/Web/loader.php b/Web/loader.php index db5ae5d..510f1f2 100644 --- a/Web/loader.php +++ b/Web/loader.php @@ -1,6 +1,5 @@ error(null, null, null, 'Sodium not installed.', '500'); -} \ No newline at end of file +} diff --git a/Web/settings.php b/Web/settings.php index 73c7cfe..b2eb5a2 100644 --- a/Web/settings.php +++ b/Web/settings.php @@ -20,4 +20,4 @@ const DB_USER = ''; const DB_PASS = ''; const DB_PORT = ''; -const DB_PREFIX = 'va_'; \ No newline at end of file +const DB_PREFIX = 'va_'; From 3836eb5af6cb7707f8f4600d41b8c9b26bef8243 Mon Sep 17 00:00:00 2001 From: Lewis Milburn <63267144+lewmilburn@users.noreply.github.com> Date: Mon, 30 Oct 2023 18:23:56 +0000 Subject: [PATCH 18/30] Update sonarcloud.yml --- .github/workflows/sonarcloud.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 0d0f16a..49b071d 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -43,12 +43,6 @@ jobs: runs-on: ubuntu-latest steps: - - name: Set up JDK 17 - uses: actions/setup-java@v2 - with: - distribution: 'temurin' - java-version: '17' - overwrite-settings: false - name: Analyze with SonarCloud # You can pin the exact commit or the version. From f17cbda99b7256e0523483fe6c0d3961abdcefa4 Mon Sep 17 00:00:00 2001 From: Lewis Milburn <63267144+lewmilburn@users.noreply.github.com> Date: Mon, 30 Oct 2023 18:26:48 +0000 Subject: [PATCH 19/30] Update sonarcloud.yml --- .github/workflows/sonarcloud.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 49b071d..bf07230 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -58,8 +58,7 @@ jobs: # mandatory -Dsonar.projectKey=lewmilburn_Vault -Dsonar.organization=lewmilburn - # Comma-separated paths to directories containing main source files. - #-Dsonar.sources= # optional, default is project base directory + -Dsonar.sources=Web,Client # When you need the analysis to take place in a directory other than the one from which it was launched #-Dsonar.projectBaseDir= # optional, default is . # Comma-separated paths to directories containing test source files. From 81cbc53c773b2121d1610122a03dffe110e0dfed Mon Sep 17 00:00:00 2001 From: Lewis Milburn <63267144+lewmilburn@users.noreply.github.com> Date: Mon, 30 Oct 2023 18:30:07 +0000 Subject: [PATCH 20/30] Update sonarcloud.yml --- .github/workflows/sonarcloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index bf07230..f6d8bc6 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -58,7 +58,7 @@ jobs: # mandatory -Dsonar.projectKey=lewmilburn_Vault -Dsonar.organization=lewmilburn - -Dsonar.sources=Web,Client + -Dsonar.sources=/Web,/Client # When you need the analysis to take place in a directory other than the one from which it was launched #-Dsonar.projectBaseDir= # optional, default is . # Comma-separated paths to directories containing test source files. From 685d955e3f5d272066e8519cb35f9aa6d6765f43 Mon Sep 17 00:00:00 2001 From: Lewis Milburn <63267144+lewmilburn@users.noreply.github.com> Date: Mon, 30 Oct 2023 18:31:21 +0000 Subject: [PATCH 21/30] Update sonarcloud.yml --- .github/workflows/sonarcloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index f6d8bc6..ce26b2e 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -58,7 +58,7 @@ jobs: # mandatory -Dsonar.projectKey=lewmilburn_Vault -Dsonar.organization=lewmilburn - -Dsonar.sources=/Web,/Client + -Dsonar.sources=./Web,./Client # When you need the analysis to take place in a directory other than the one from which it was launched #-Dsonar.projectBaseDir= # optional, default is . # Comma-separated paths to directories containing test source files. From 54e4fcc95c6f20ac21c0351b6d56ed8503724322 Mon Sep 17 00:00:00 2001 From: Lewis Milburn <63267144+lewmilburn@users.noreply.github.com> Date: Mon, 30 Oct 2023 18:32:30 +0000 Subject: [PATCH 22/30] Update sonarcloud.yml --- .github/workflows/sonarcloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index ce26b2e..f55cd2f 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -58,7 +58,7 @@ jobs: # mandatory -Dsonar.projectKey=lewmilburn_Vault -Dsonar.organization=lewmilburn - -Dsonar.sources=./Web,./Client + #-Dsonar.sources= # When you need the analysis to take place in a directory other than the one from which it was launched #-Dsonar.projectBaseDir= # optional, default is . # Comma-separated paths to directories containing test source files. From 0221ebbb73161684243eced49c59ed15a9bc8fd2 Mon Sep 17 00:00:00 2001 From: lewmilburn <63267144+lewmilburn@users.noreply.github.com> Date: Tue, 31 Oct 2023 22:20:34 +0000 Subject: [PATCH 23/30] Fixed user info --- Web/authentication/authenticationManager.php | 6 +++--- Web/data/dataManager.php | 2 +- Web/data/fileManager.php | 10 ++++++++-- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/Web/authentication/authenticationManager.php b/Web/authentication/authenticationManager.php index 2449fa7..d4a9786 100644 --- a/Web/authentication/authenticationManager.php +++ b/Web/authentication/authenticationManager.php @@ -12,10 +12,10 @@ public function Login(string $username, string $password) if (session_status() == PHP_SESSION_ACTIVE) { $data = new dataManager(); $user = $data->getUserData($username); - if (password_verify($password, $user->password)) { + if (password_verify($password, $user->passkey)) { $tm = new tokenManager(); - $token = $tm->generateToken($user->uuid); - $_SESSION['uuid'] = $user->uuid; + $token = $tm->generateToken($user->user); + $_SESSION['user'] = $user->user; $_SESSION['token'] = $token; return true; diff --git a/Web/data/dataManager.php b/Web/data/dataManager.php index 4f8e24b..acea7f4 100644 --- a/Web/data/dataManager.php +++ b/Web/data/dataManager.php @@ -7,7 +7,7 @@ class dataManager /** * @throws \Exception Invalid data type. */ - public function getUserData(string $username): string + public function getUserData(string $username): object|null { if (STORAGE_TYPE == DATABASE) { $dm = new databaseManager(); diff --git a/Web/data/fileManager.php b/Web/data/fileManager.php index 4853782..5ec99fd 100644 --- a/Web/data/fileManager.php +++ b/Web/data/fileManager.php @@ -23,11 +23,17 @@ public function __construct() } } - public function getUserData(string $username) + public function getUserData(string $username): object|null { $usersFile = file_get_contents($this->usersFile); + $users = json_decode($usersFile); + foreach ($users as $user) { + if ($user->user == $username) { + return $user; + } + } - return json_decode($usersFile); + return null; } private function initialiseUsers(): void From 02c8490639849faec2ffaf17991aac4cd6f7b405 Mon Sep 17 00:00:00 2001 From: lewmilburn <63267144+lewmilburn@users.noreply.github.com> Date: Tue, 31 Oct 2023 22:21:01 +0000 Subject: [PATCH 24/30] Added post request & refactored to prevent duplicate code --- Web/event/routeHandler.php | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/Web/event/routeHandler.php b/Web/event/routeHandler.php index 164a6c7..7857894 100644 --- a/Web/event/routeHandler.php +++ b/Web/event/routeHandler.php @@ -2,22 +2,39 @@ namespace Vault\event; +use JetBrains\PhpStorm\NoReturn; + class routeHandler { + #[NoReturn] public function getRequest($url, $file): void { - if ($_SERVER['REQUEST_URI'] === $url && $_SERVER['REQUEST_METHOD'] === 'GET') { - $this->displayFile($file); + $this->request($url, $file, 'GET'); + } + + #[NoReturn] + public function postRequest(string $url, string $file): void + { + $this->request($url, $file, 'POST'); + } + + #[NoReturn] + public function request(string $url, string $file, string $method): void + { + if ($_SERVER['REQUEST_URI'] === $url && $_SERVER['REQUEST_METHOD'] === $method) { + $this->runFile($file); } } + #[NoReturn] public function endRouter(): void { $eh = new errorHandler(); $eh->fileNotFound('event', 'routeHandler', 'endRouter'); } - private function displayFile($file): void + #[NoReturn] + private function runFile($file): void { if (file_exists(__DIR__.'/../'.$file)) { require_once __DIR__.'/../'.$file; From 68859187fe3633ae55225d46284bccce929b8c6c Mon Sep 17 00:00:00 2001 From: lewmilburn <63267144+lewmilburn@users.noreply.github.com> Date: Tue, 31 Oct 2023 22:21:16 +0000 Subject: [PATCH 25/30] Rearranged settings --- Web/settings.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Web/settings.php b/Web/settings.php index b2eb5a2..fd03599 100644 --- a/Web/settings.php +++ b/Web/settings.php @@ -5,12 +5,12 @@ // STORAGE_TYPE = DATABASE or FILESYSTEM const STORAGE_TYPE = FILESYSTEM; -// TEMPORARY_PASSWORD - first run password -const TEMPORARY_PASSWORD = 'Vault123!'; // Filesystem storage settings const USERS_FILE = 'users.json'; const DEFAULT_USER = 'admin'; +// TEMPORARY_PASSWORD - first run password +const TEMPORARY_PASSWORD = 'Vault123!'; const SECURE_LOCATION = ''; // relative to this file. const FILE_SEPARATOR = '[SEP]'; From e59b152ea514fdf23d00845089fe40584b031628 Mon Sep 17 00:00:00 2001 From: lewmilburn <63267144+lewmilburn@users.noreply.github.com> Date: Tue, 31 Oct 2023 22:23:29 +0000 Subject: [PATCH 26/30] Added login system --- Web/authentication/tokenManager.php | 4 ++-- Web/event/login.php | 0 Web/index.php | 10 +++++++++- Web/view/dashboard.php | 9 +++++++++ Web/view/login.php | 4 ++++ 5 files changed, 24 insertions(+), 3 deletions(-) create mode 100644 Web/event/login.php create mode 100644 Web/view/dashboard.php diff --git a/Web/authentication/tokenManager.php b/Web/authentication/tokenManager.php index e4f279e..9cd09a6 100644 --- a/Web/authentication/tokenManager.php +++ b/Web/authentication/tokenManager.php @@ -9,9 +9,9 @@ public function generateToken(string $uuid): string return hash('sha3-512', $uuid.date('Y-m-d')); } - public function validateToken(string $token, string $uuid): string + public function validToken(string $token, string $user): string { - if ($token == hash('sha3-512', $uuid.date('Y-m-d'))) { + if ($token == hash('sha3-512', $user.date('Y-m-d'))) { return true; } else { return false; diff --git a/Web/event/login.php b/Web/event/login.php new file mode 100644 index 0000000..e69de29 diff --git a/Web/index.php b/Web/index.php index 4d33102..d85fa34 100644 --- a/Web/index.php +++ b/Web/index.php @@ -5,6 +5,7 @@ * @license Apache 2.0 International License */ +use Vault\authentication\tokenManager; use Vault\event\routeHandler; ob_start(); @@ -13,7 +14,14 @@ require_once __DIR__.'/loader.php'; $router = new routeHandler(); -$router->getRequest('/', 'view/login.php'); +$token = new tokenManager(); + +if ($token->validToken($_SESSION['token'],$_SESSION['user'])) { + $router->getRequest('/', 'view/dashboard.php'); +} else { + $router->getRequest('/', 'view/login.php'); + $router->postRequest('/auth', 'event/login.php'); +} $router->endRouter(); diff --git a/Web/view/dashboard.php b/Web/view/dashboard.php new file mode 100644 index 0000000..cbb7be8 --- /dev/null +++ b/Web/view/dashboard.php @@ -0,0 +1,9 @@ + + + + Vault + + + Vault dashboard. + + \ No newline at end of file diff --git a/Web/view/login.php b/Web/view/login.php index d2079fe..bc389ea 100644 --- a/Web/view/login.php +++ b/Web/view/login.php @@ -5,5 +5,9 @@ Login to Vault. + +
+ + \ No newline at end of file From 87a23147e2771254050a3a0fd046aa0e2daaf76d Mon Sep 17 00:00:00 2001 From: lewmilburn <63267144+lewmilburn@users.noreply.github.com> Date: Tue, 31 Oct 2023 22:35:46 +0000 Subject: [PATCH 27/30] Moved encryption, added input manager --- Web/{encryption => security}/encryptionManager.php | 8 ++++---- Web/security/inputManager.php | 11 +++++++++++ 2 files changed, 15 insertions(+), 4 deletions(-) rename Web/{encryption => security}/encryptionManager.php (85%) create mode 100644 Web/security/inputManager.php diff --git a/Web/encryption/encryptionManager.php b/Web/security/encryptionManager.php similarity index 85% rename from Web/encryption/encryptionManager.php rename to Web/security/encryptionManager.php index 2a51c36..f4e7166 100644 --- a/Web/encryption/encryptionManager.php +++ b/Web/security/encryptionManager.php @@ -1,6 +1,6 @@ error('encryption', 'encryptionManager', 'encrypt', $e, '500'); + $eh->error('security', 'encryptionManager', 'encrypt', $e, '500'); exit; } } @@ -31,7 +31,7 @@ public function encrypt($string, $key): array return [$encryptedData, $nonce]; } catch (SodiumException|\Exception $e) { $eh = new errorHandler(); - $eh->error('encryption', 'encryptionManager', 'encrypt', $e, '500'); + $eh->error('security', 'encryptionManager', 'encrypt', $e, '500'); exit; } } @@ -49,7 +49,7 @@ public function decrypt($string, $key, $nonce): string|null return $decryptedData; } catch (SodiumException|\Exception $e) { $eh = new errorHandler(); - $eh->error('encryption', 'encryptionManager', 'decrypt', $e, '500'); + $eh->error('security', 'encryptionManager', 'decrypt', $e, '500'); exit; } } diff --git a/Web/security/inputManager.php b/Web/security/inputManager.php new file mode 100644 index 0000000..36a8900 --- /dev/null +++ b/Web/security/inputManager.php @@ -0,0 +1,11 @@ + Date: Tue, 31 Oct 2023 22:36:20 +0000 Subject: [PATCH 28/30] Added sessionManager.php & inputManager.php --- Web/authentication/authenticationManager.php | 22 +++++++----- Web/authentication/sessionManager.php | 35 ++++++++++++++++++++ Web/data/fileManager.php | 2 +- Web/index.php | 6 ++-- Web/loader.php | 4 ++- 5 files changed, 55 insertions(+), 14 deletions(-) create mode 100644 Web/authentication/sessionManager.php diff --git a/Web/authentication/authenticationManager.php b/Web/authentication/authenticationManager.php index d4a9786..8f9e87b 100644 --- a/Web/authentication/authenticationManager.php +++ b/Web/authentication/authenticationManager.php @@ -7,7 +7,7 @@ class authenticationManager { - public function Login(string $username, string $password) + public function login(string $username, string $password) { if (session_status() == PHP_SESSION_ACTIVE) { $data = new dataManager(); @@ -29,17 +29,21 @@ public function Login(string $username, string $password) } } - public function Logout() + public function logout() { - if (session_status() == PHP_SESSION_ACTIVE) { - session_unset(); - session_destroy(); + $sm = new sessionManager(); + if ($sm->end()) { + header('Location: /'); + exit; + } + } + public function authenticated() + { + $sm = new sessionManager(); + $tm = new tokenManager(); + if ($sm->authTokens() && $tm->validToken($_SESSION['token'], $_SESSION['user'])) { return true; - } else { - $eh = new errorHandler(); - $eh->sessionRequired('authentication', 'authenticationManager', 'Logout'); - exit; } } } diff --git a/Web/authentication/sessionManager.php b/Web/authentication/sessionManager.php new file mode 100644 index 0000000..5e38e82 --- /dev/null +++ b/Web/authentication/sessionManager.php @@ -0,0 +1,35 @@ +active()) { + session_unset(); + session_destroy(); + return true; + } else { + return false; + } + } + + public function authTokens(): bool + { + if (isset($_SESSION['token']) && isset($_SESSION['user'])) { + return true; + } else { + return false; + } + } +} \ No newline at end of file diff --git a/Web/data/fileManager.php b/Web/data/fileManager.php index 5ec99fd..fe627a4 100644 --- a/Web/data/fileManager.php +++ b/Web/data/fileManager.php @@ -2,7 +2,7 @@ namespace Vault\data; -use Vault\encryption\encryptionManager; +use Vault\security\encryptionManager; class fileManager { diff --git a/Web/index.php b/Web/index.php index d85fa34..3a8ced9 100644 --- a/Web/index.php +++ b/Web/index.php @@ -5,7 +5,7 @@ * @license Apache 2.0 International License */ -use Vault\authentication\tokenManager; +use Vault\authentication\authenticationManager; use Vault\event\routeHandler; ob_start(); @@ -14,9 +14,9 @@ require_once __DIR__.'/loader.php'; $router = new routeHandler(); -$token = new tokenManager(); +$auth = new authenticationManager(); -if ($token->validToken($_SESSION['token'],$_SESSION['user'])) { +if ($auth->authenticated()) { $router->getRequest('/', 'view/dashboard.php'); } else { $router->getRequest('/', 'view/login.php'); diff --git a/Web/loader.php b/Web/loader.php index 510f1f2..562e493 100644 --- a/Web/loader.php +++ b/Web/loader.php @@ -11,7 +11,8 @@ error_reporting(0); } -require_once __DIR__.'/encryption/encryptionManager.php'; +require_once __DIR__ . '/security/encryptionManager.php'; +require_once __DIR__ . '/security/inputManager.php'; require_once __DIR__.'/data/fileManager.php'; require_once __DIR__.'/data/databaseManager.php'; @@ -19,6 +20,7 @@ require_once __DIR__.'/authentication/authenticationManager.php'; require_once __DIR__.'/authentication/tokenManager.php'; +require_once __DIR__.'/authentication/sessionManager.php'; require_once __DIR__.'/event/errorHandler.php'; From ddf5729949a23af8f977d3f73dfef1fd71607579 Mon Sep 17 00:00:00 2001 From: lewmilburn <63267144+lewmilburn@users.noreply.github.com> Date: Tue, 31 Oct 2023 22:43:06 +0000 Subject: [PATCH 29/30] Added logging in functionality --- Web/authentication/authenticationManager.php | 11 ++++++++ Web/event/login.php | 27 ++++++++++++++++++++ Web/view/login.php | 8 +++++- 3 files changed, 45 insertions(+), 1 deletion(-) diff --git a/Web/authentication/authenticationManager.php b/Web/authentication/authenticationManager.php index 8f9e87b..44ce47d 100644 --- a/Web/authentication/authenticationManager.php +++ b/Web/authentication/authenticationManager.php @@ -9,9 +9,18 @@ class authenticationManager { public function login(string $username, string $password) { + if ($username == null || $password == null) { + return false; + } + if (session_status() == PHP_SESSION_ACTIVE) { $data = new dataManager(); $user = $data->getUserData($username); + + if ($user == null) { + return false; + } + if (password_verify($password, $user->passkey)) { $tm = new tokenManager(); $token = $tm->generateToken($user->user); @@ -44,6 +53,8 @@ public function authenticated() $tm = new tokenManager(); if ($sm->authTokens() && $tm->validToken($_SESSION['token'], $_SESSION['user'])) { return true; + } else { + return false; } } } diff --git a/Web/event/login.php b/Web/event/login.php index e69de29..e499078 100644 --- a/Web/event/login.php +++ b/Web/event/login.php @@ -0,0 +1,27 @@ +escapeString($_POST['user']); +$pass = $im->escapeString($_POST['pass']); + +if ($user == null || $pass == null) { + header('Location: /'); + exit; +} + +$am->login($user, $pass); + +header('Location: /'); +exit; \ No newline at end of file diff --git a/Web/view/login.php b/Web/view/login.php index bc389ea..1ac4887 100644 --- a/Web/view/login.php +++ b/Web/view/login.php @@ -7,7 +7,13 @@ Login to Vault.
- + + +
+ + +
+ \ No newline at end of file From b746b63879fc91adc5e7e10e8116f343a2133ccd Mon Sep 17 00:00:00 2001 From: StyleCI Bot Date: Tue, 31 Oct 2023 22:44:03 +0000 Subject: [PATCH 30/30] Apply fixes from StyleCI --- Web/authentication/sessionManager.php | 3 ++- Web/event/login.php | 2 +- Web/loader.php | 4 ++-- Web/security/inputManager.php | 2 +- 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/Web/authentication/sessionManager.php b/Web/authentication/sessionManager.php index 5e38e82..3f475ab 100644 --- a/Web/authentication/sessionManager.php +++ b/Web/authentication/sessionManager.php @@ -18,6 +18,7 @@ public function end(): bool if ($this->active()) { session_unset(); session_destroy(); + return true; } else { return false; @@ -32,4 +33,4 @@ public function authTokens(): bool return false; } } -} \ No newline at end of file +} diff --git a/Web/event/login.php b/Web/event/login.php index e499078..0539346 100644 --- a/Web/event/login.php +++ b/Web/event/login.php @@ -24,4 +24,4 @@ $am->login($user, $pass); header('Location: /'); -exit; \ No newline at end of file +exit; diff --git a/Web/loader.php b/Web/loader.php index 562e493..27d8cbe 100644 --- a/Web/loader.php +++ b/Web/loader.php @@ -11,8 +11,8 @@ error_reporting(0); } -require_once __DIR__ . '/security/encryptionManager.php'; -require_once __DIR__ . '/security/inputManager.php'; +require_once __DIR__.'/security/encryptionManager.php'; +require_once __DIR__.'/security/inputManager.php'; require_once __DIR__.'/data/fileManager.php'; require_once __DIR__.'/data/databaseManager.php'; diff --git a/Web/security/inputManager.php b/Web/security/inputManager.php index 36a8900..b8a33b6 100644 --- a/Web/security/inputManager.php +++ b/Web/security/inputManager.php @@ -8,4 +8,4 @@ public function escapeString($string): string { return htmlspecialchars($string); } -} \ No newline at end of file +}
Function'.$function.'Vault\\'.$namespace.'\\'.$class.'::'.$function.'
Error