forked from symfony/symfony
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
moved the secure random class from JMSSecurityExtraBundle to Symfony (c…
…loses symfony#3595)
- Loading branch information
Showing
22 changed files
with
673 additions
and
37 deletions.
There are no files selected for viewing
68 changes: 68 additions & 0 deletions
68
src/Symfony/Bridge/Doctrine/Security/DoctrineSeedProvider.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
<?php | ||
|
||
/* | ||
* This file is part of the Symfony package. | ||
* | ||
* (c) Fabien Potencier <fabien@symfony.com> | ||
* | ||
* For the full copyright and license information, please view the LICENSE | ||
* file that was distributed with this source code. | ||
*/ | ||
|
||
namespace Symfony\Bridge\Doctrine\Security; | ||
|
||
use Doctrine\DBAL\Types\Type; | ||
use Doctrine\DBAL\Connection; | ||
use Symfony\Component\Security\Core\Util\SeedProviderInterface; | ||
|
||
/** | ||
* Doctrine Seed Provider. | ||
* | ||
* @author Johannes M. Schmitt <schmittjoh@gmail.com> | ||
* @author Fabien Potencier <fabien@symfony.com> | ||
*/ | ||
class DoctrineSeedProvider implements SeedProviderInterface | ||
{ | ||
private $con; | ||
private $seedTableName; | ||
|
||
/** | ||
* Constructor. | ||
* | ||
* @param Connection $con | ||
* @param string $tableName | ||
*/ | ||
public function __construct(Connection $con, $tableName) | ||
{ | ||
$this->con = $con; | ||
$this->seedTableName = $tableName; | ||
} | ||
|
||
/** | ||
* {@inheritdoc} | ||
*/ | ||
public function loadSeed() | ||
{ | ||
$stmt = $this->con->executeQuery("SELECT seed, updated_at FROM {$this->seedTableName}"); | ||
|
||
if (false === $seed = $stmt->fetchColumn(0)) { | ||
throw new \RuntimeException('You need to initialize the generator by running the console command "init:prng".'); | ||
} | ||
|
||
$seedLastUpdatedAt = new \DateTime($stmt->fetchColumn(1)); | ||
|
||
return array($seed, $seedLastUpdatedAt); | ||
} | ||
|
||
/** | ||
* {@inheritdoc} | ||
*/ | ||
public function updateSeed($seed) | ||
{ | ||
$params = array(':seed' => $seed, ':updatedAt' => new \DateTime()); | ||
$types = array(':updatedAt' => Type::DATETIME); | ||
if (!$this->con->executeUpdate("UPDATE {$this->seedTableName} SET seed = :seed, updated_at = :updatedAt", $params, $types)) { | ||
$this->con->executeUpdate("INSERT INTO {$this->seedTableName} VALUES (:seed, :updatedAt)", $params, $types); | ||
} | ||
} | ||
} |
33 changes: 33 additions & 0 deletions
33
src/Symfony/Bridge/Doctrine/Security/EventListener/PrngSchemaListener.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
<?php | ||
|
||
/* | ||
* This file is part of the Symfony package. | ||
* | ||
* (c) Fabien Potencier <fabien@symfony.com> | ||
* | ||
* For the full copyright and license information, please view the LICENSE | ||
* file that was distributed with this source code. | ||
*/ | ||
|
||
namespace Symfony\Bridge\Doctrine\Security\EventListener; | ||
|
||
use Symfony\Bridge\Doctrine\Security\PrngSchema; | ||
use Doctrine\ORM\Tools\Event\GenerateSchemaEventArgs; | ||
|
||
/** | ||
* @author Johannes M. Schmitt <schmittjoh@gmail.com> | ||
*/ | ||
class PrngSchemaListener | ||
{ | ||
private $schema; | ||
|
||
public function __construct(PrngSchema $schema) | ||
{ | ||
$this->schema = $schema; | ||
} | ||
|
||
public function postGenerateSchema(GenerateSchemaEventArgs $args) | ||
{ | ||
$this->schema->addToSchema($args->getSchema()); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
<?php | ||
|
||
/* | ||
* This file is part of the Symfony package. | ||
* | ||
* (c) Fabien Potencier <fabien@symfony.com> | ||
* | ||
* For the full copyright and license information, please view the LICENSE | ||
* file that was distributed with this source code. | ||
*/ | ||
|
||
namespace Symfony\Bridge\Doctrine\Security; | ||
|
||
use Doctrine\DBAL\Schema\Schema; | ||
|
||
/** | ||
* The DBAL schema that will be used if you choose the database-based seed provider. | ||
* | ||
* @author Johannes M. Schmitt <schmittjoh@gmail.com> | ||
*/ | ||
final class PrngSchema extends Schema | ||
{ | ||
public function __construct($tableName) | ||
{ | ||
parent::__construct(); | ||
|
||
$table = $this->createTable($tableName); | ||
$table->addColumn('seed', 'string', array( | ||
'length' => 88, | ||
'not_null' => true, | ||
)); | ||
$table->addColumn('updated_at', 'datetime', array( | ||
'not_null' => true, | ||
)); | ||
} | ||
|
||
public function addToSchema(Schema $schema) | ||
{ | ||
foreach ($this->getTables() as $table) { | ||
$schema->_addTable($table); | ||
} | ||
} | ||
} |
48 changes: 48 additions & 0 deletions
48
src/Symfony/Bridge/Doctrine/Tests/Security/DoctrineSeedProviderTest.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
<?php | ||
|
||
/* | ||
* This file is part of the Symfony package. | ||
* | ||
* (c) Fabien Potencier <fabien@symfony.com> | ||
* | ||
* For the full copyright and license information, please view the LICENSE | ||
* file that was distributed with this source code. | ||
*/ | ||
|
||
namespace Symfony\Bridge\Doctrine\Tests\Security; | ||
|
||
use Symfony\Bridge\Doctrine\Security\DoctrineSeedProvider; | ||
use Symfony\Bridge\Doctrine\Security\PrngSchema; | ||
use Symfony\Component\Security\Core\Util\Prng; | ||
use Symfony\Component\Security\Tests\Core\Util\PrngTest; | ||
use Doctrine\DBAL\DriverManager; | ||
use Doctrine\DBAL\Connection; | ||
|
||
class DoctrineSeedProviderTest extends PrngTest | ||
{ | ||
public function getPrngs() | ||
{ | ||
$con = DriverManager::getConnection(array( | ||
'driver' => 'pdo_sqlite', | ||
'memory' => true | ||
)); | ||
|
||
$schema = new PrngSchema('seed_table'); | ||
foreach ($schema->toSql($con->getDatabasePlatform()) as $sql) { | ||
$con->executeQuery($sql); | ||
} | ||
$con->executeQuery("INSERT INTO seed_table VALUES (:seed, :updatedAt)", array( | ||
':seed' => base64_encode(hash('sha512', uniqid(mt_rand(), true), true)), | ||
':updatedAt' => date('Y-m-d H:i:s'), | ||
)); | ||
|
||
// no-openssl with database seed provider | ||
$prng = new Prng(new DoctrineSeedProvider($con, 'seed_table')); | ||
$this->disableOpenSsl($prng); | ||
|
||
$prngs = parent::getPrngs(); | ||
$prngs[] = array($prng); | ||
|
||
return $prngs; | ||
} | ||
} |
57 changes: 57 additions & 0 deletions
57
src/Symfony/Bundle/SecurityBundle/Command/InitPrngCommand.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
<?php | ||
|
||
/* | ||
* This file is part of the Symfony package. | ||
* | ||
* (c) Fabien Potencier <fabien@symfony.com> | ||
* | ||
* For the full copyright and license information, please view the LICENSE | ||
* file that was distributed with this source code. | ||
*/ | ||
|
||
namespace Symfony\Bundle\SecurityBundle\Command; | ||
|
||
use Symfony\Bundle\FrameworkBundle\Command\ContainerAwareCommand; | ||
use Symfony\Component\Console\Input\InputOption; | ||
use Symfony\Component\Console\Output\OutputInterface; | ||
use Symfony\Component\Console\Input\InputInterface; | ||
use Symfony\Component\Console\Input\InputArgument; | ||
|
||
/** | ||
* Initializes a custom PRNG seed provider. | ||
* | ||
* @author Fabien Potencier <fabien@symfony.com> | ||
*/ | ||
class InitPrngCommand extends ContainerAwareCommand | ||
{ | ||
protected function configure() | ||
{ | ||
$this | ||
->setName('init:prng'); | ||
->addArgument('phrase', InputArgument::REQUIRED, 'A random string'); | ||
->setDescription('Initialize a custom PRNG seed provider') | ||
->setHelp(<<<EOF | ||
The <info>%command.name%</info> command initializes a custom PRNG seed provider: | ||
<info>php %command.full_name% ABCDE...</info> | ||
The argument should be a random string, whatever comes to your mind right now. | ||
You do not need to remember it, it does not need to be cryptic, or long, and it | ||
will not be stored in a decipherable way. One restriction however, you should | ||
not let this be generated in an automated fashion. | ||
EOF | ||
) | ||
; | ||
} | ||
|
||
protected function execute(InputInterface $input, OutputInterface $output) | ||
{ | ||
if (!$this->getContainer()->has('security.prng_seed_provider')) { | ||
throw new \RuntimeException('No seed provider has been configured under path "secure.prng".'); | ||
} | ||
|
||
$this->getContainer()->get('security.prng_seed_provider')->updateSeed(base64_encode(hash('sha512', $input->getArgument('phrase'), true))); | ||
|
||
$output->writeln('The CSPRNG has been initialized successfully.'); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1 change: 1 addition & 0 deletions
1
src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.