Mascali/raspisms
1
0
Fork 0
mirror of https://github.com/RaspbianFrance/raspisms.git synced 2025-04-20 16:37:48 +02:00
Code Issues Projects Releases Wiki Activity

Add api key to user, add status update support, add other things i dont remember at 2am...

Browse source
This commit is contained in:
osaajani 2020-01-08 02:14:38 +01:00
parent 193dd00c1e
commit fb6abb4d91
14 changed files with 323 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

31
controllers/publics/Account.php
View file

@ -155,6 +155,37 @@ namespace controllers\publics;
return $this->redirect(\descartes\Router::url('Account', 'show'));
}
/**
* Update user api key.
*
* @param $csrf : Le jeton CSRF
*/
public function update_api_key($csrf)
{
if (!$this->verify_csrf($csrf))
{
\FlashMessage\FlashMessage::push('danger', 'Jeton CSRF invalid !');
return $this->redirect(\descartes\Router::url('Account', 'show'));
}
$new_api_key = $this->internal_user->update_api_key($_SESSION['user']['id']);
if (!$new_api_key)
{
\FlashMessage\FlashMessage::push('danger', 'Impossible de mettre à jour.');
return $this->redirect(\descartes\Router::url('Account', 'show'));
}
$_SESSION['user']['api_key'] = $new_api_key;
\FlashMessage\FlashMessage::push('success', 'Votre ancienne clef API a été désactivée et une nouvelle clef générée.');
return $this->redirect(\descartes\Router::url('Account', 'show'));
}
/**
* Delete a user.

87
controllers/publics/Callback.php Executable file
View file

@ -0,0 +1,87 @@
<?php
/*
* This file is part of RaspiSMS.
*
* (c) Pierre-Lin Bonnemaison <plebwebsas@gmail.com>
*
* This source file is subject to the GPL-3.0 license that is bundled
* with this source code in the file LICENSE.
*/
namespace controllers\publics;
/**
* Controller of callback pages, like sms status update notification
*/
class Callback extends \descartes\Controller
{
private $internal_user;
private $internal_sended;
private $internal_adapter;
public function __construct()
{
$bdd = \descartes\Model::_connect(DATABASE_HOST, DATABASE_NAME, DATABASE_USER, DATABASE_PASSWORD);
$this->internal_user = new \controllers\internals\User($bdd);
$this->internal_sended = new \controllers\internals\Sended($bdd);
$this->internal_adapter = new \controllers\internals\Adapter();
}
/**
* Function call on a sended sms status change notification reception
* @param string $adapter_name : Name of the adapter to use
* @return false : We must always return false, and we respect a random usleep before returning anything
* in order to prevent bruteforce api key guessing and time guessing
*/
public function update_sended_status (string $adapter_name)
{
//Wait between 0.5 and 1.03s in order to counter time guessing bruteforce attack against api key
usleep(mt_rand(5,10) / 10 * 1000000 + mt_rand(0, 30000));
//Search for an adapter
$find_adapter = false;
$adapters = $this->internal_adapter->list_adapters();
foreach ($adapters as $adapter)
{
if (mb_strtolower($adapter['meta_name']) === mb_strtolower($adapter_name))
{
$find_adapter = $adapter;
}
}
if (false === $find_adapter)
{
return false;
}
//Instanciate adapter, check if status change is supported and if so call status change callback
$adapter_classname = $find_adapter['meta_classname'];
if (!$find_adapter['meta_support_status_change'])
{
return false;
}
$callback_return = $adapter_classname::status_change_callback();
var_dump($callback_return);
if (!$callback_return)
{
return false;
}
$sended = $this->internal_sended->get_by_uid_and_adapter($callback_return['uid'], $adapter_classname);
if (!$sended)
{
return false;
}
$this->internal_sended->update_status($sended['id'], $callback_return['status']);
return false;
}
}