diff --git a/apps/maarch_entreprise/index.php b/apps/maarch_entreprise/index.php
index 80b58eeb2294a367b556798a7b8c27700806e5d5..adee7a99792d0b0531c2851dad820cabad4982fa 100755
--- a/apps/maarch_entreprise/index.php
+++ b/apps/maarch_entreprise/index.php
@@ -233,9 +233,9 @@ if (empty($_SESSION['current_basket'])) {
$_SESSION['save_list']['template'] = "";
}
-$cookie = \SrcCore\models\SecurityModel::getCookieAuth(); // New Authentication System
-if (!empty($cookie) && \SrcCore\models\SecurityModel::cookieAuthentication($cookie)) {
- \SrcCore\models\SecurityModel::setCookieAuth(['userId' => $cookie['userId']]);
+$cookie = \SrcCore\models\AuthenticationModel::getCookieAuth(); // New Authentication System
+if (!empty($cookie) && \SrcCore\models\AuthenticationModel::cookieAuthentication($cookie)) {
+ \SrcCore\models\AuthenticationModel::setCookieAuth(['userId' => $cookie['userId']]);
} else {
header('location: index.php?display=true&page=logout&logout=true');
}
diff --git a/apps/maarch_entreprise/log.php b/apps/maarch_entreprise/log.php
index 797ef8f9c0abc4547d3da26c0d952e7291e36937..b55c44ffd38d1de8a599159cbadd01bb54fa3414 100755
--- a/apps/maarch_entreprise/log.php
+++ b/apps/maarch_entreprise/log.php
@@ -172,7 +172,7 @@ if (!empty($_SESSION['error'])) {
$res = $sec->login($login, $password);
$_SESSION['user'] = $res['user'];
if (empty($res['error'])) {
- \SrcCore\models\SecurityModel::setCookieAuth(['userId' => $login]);
+ \SrcCore\models\AuthenticationModel::setCookieAuth(['userId' => $login]);
\SrcCore\models\AuthenticationModel::resetFailedAuthentication(['userId' => $login]);
$user = \User\models\UserModel::getByUserId(['userId' => $login, 'select' => ['id']]);
\User\models\UserModel::updatePassword(['id' => $user['id'], 'password' => $password]);
@@ -216,7 +216,7 @@ if (!empty($_SESSION['error'])) {
$res = $sec->login($login, $password, 'ldap');
$_SESSION['user'] = $res['user'];
if ($res['error'] == '') {
- \SrcCore\models\SecurityModel::setCookieAuth(['userId' => $login]);
+ \SrcCore\models\AuthenticationModel::setCookieAuth(['userId' => $login]);
} else {
$_SESSION['error'] = $res['error'];
}
@@ -247,7 +247,7 @@ if (!empty($_SESSION['error'])) {
$res = $sec->login($login, $password);
$_SESSION['user'] = $res['user'];
if (empty($res['error'])) {
- \SrcCore\models\SecurityModel::setCookieAuth(['userId' => $login]);
+ \SrcCore\models\AuthenticationModel::setCookieAuth(['userId' => $login]);
\SrcCore\models\AuthenticationModel::resetFailedAuthentication(['userId' => $login]);
$core->load_menu($_SESSION['modules']);
} else {
diff --git a/apps/maarch_entreprise/logout.php b/apps/maarch_entreprise/logout.php
index 4664336883f8bf228551090c906e14dd9bb2bb21..7b219072046e8a0d7dc5348e65b5abda817676b0 100755
--- a/apps/maarch_entreprise/logout.php
+++ b/apps/maarch_entreprise/logout.php
@@ -86,7 +86,7 @@ if (isset($_GET['logout']) && $_GET['logout']) {
} else {
$logoutExtension = "";
}
-\SrcCore\models\SecurityModel::deleteCookieAuth();
+\SrcCore\models\AuthenticationModel::deleteCookieAuth();
if (isset($webSSOurl) && $webSSOurl <> '') {
header("location: " . $webSSOurl);
diff --git a/apps/maarch_entreprise/smartphone/log.php b/apps/maarch_entreprise/smartphone/log.php
index 27352ff7f1b1c716f7e23e38edc453a40c99c73f..aa083e6dfb0026bc1fa7cbbbcdecd6d1ec17b258 100755
--- a/apps/maarch_entreprise/smartphone/log.php
+++ b/apps/maarch_entreprise/smartphone/log.php
@@ -195,7 +195,7 @@ if (!empty($_SESSION['error'])) {
$res = $sec->login($login, $password, 'ldap');
$_SESSION['user'] = $res['user'];
if ($res['error'] == '') {
- \SrcCore\models\SecurityModel::setCookieAuth(['userId' => $login]);
+ \SrcCore\models\AuthenticationModel::setCookieAuth(['userId' => $login]);
} else {
$_SESSION['error'] = $res['error'];
}
@@ -229,14 +229,10 @@ if (!empty($_SESSION['error'])) {
} else {
$_SESSION['error'] = '';
$res = $sec->login($login, $password);
- //$core->show_array($res);
$_SESSION['user'] = $res['user'];
if ($res['error'] == '') {
- \SrcCore\models\SecurityModel::setCookieAuth(['userId' => $login]);
- // $businessAppTools->load_app_var_session($_SESSION['user']);
- //$core->load_var_session($_SESSION['modules'], $_SESSION['user']);
+ \SrcCore\models\AuthenticationModel::setCookieAuth(['userId' => $login]);
$core->load_menu($_SESSION['modules']);
- // exit;
} else {
$_SESSION['error'] = $res['error'];
}
diff --git a/src/app/user/controllers/UserController.php b/src/app/user/controllers/UserController.php
index 5160dfc971d7fa666619e4ea9926c1039ea3bc1e..d4146fcf53258200dbe86ec4d3b94074c25f1554 100644
--- a/src/app/user/controllers/UserController.php
+++ b/src/app/user/controllers/UserController.php
@@ -35,7 +35,6 @@ use SrcCore\controllers\PasswordController;
use SrcCore\models\AuthenticationModel;
use SrcCore\models\CoreConfigModel;
use SrcCore\models\PasswordModel;
-use SrcCore\models\SecurityModel;
use User\models\UserBasketPreferenceModel;
use User\models\UserEntityModel;
use User\models\UserModel;
diff --git a/src/app/user/models/UserModelAbstract.php b/src/app/user/models/UserModelAbstract.php
index 3080e15f8c4b7d845ce703f77ad6482bb3a647b4..dcb5f77fa6de01451b4a5e9fb6c53e1225b0e0ff 100644
--- a/src/app/user/models/UserModelAbstract.php
+++ b/src/app/user/models/UserModelAbstract.php
@@ -14,8 +14,8 @@
namespace User\models;
+use SrcCore\models\AuthenticationModel;
use SrcCore\models\DatabaseModel;
-use SrcCore\models\SecurityModel;
use SrcCore\models\ValidatorModel;
require_once 'core/class/Url.php';
@@ -78,7 +78,7 @@ abstract class UserModelAbstract
'status' => 'OK',
'change_password' => empty($aArgs['user']['changePassword']) ? 'Y' : $aArgs['user']['changePassword'],
'loginmode' => empty($aArgs['user']['loginmode']) ? 'standard' : $aArgs['user']['loginmode'],
- 'password' => SecurityModel::getPasswordHash('maarch'),
+ 'password' => AuthenticationModel::getPasswordHash('maarch'),
'password_modification_date' => 'CURRENT_TIMESTAMP'
]
]);
@@ -173,7 +173,7 @@ abstract class UserModelAbstract
DatabaseModel::update([
'table' => 'users',
'set' => [
- 'password' => SecurityModel::getPasswordHash($aArgs['password']),
+ 'password' => AuthenticationModel::getPasswordHash($aArgs['password']),
'password_modification_date' => 'CURRENT_TIMESTAMP',
'change_password' => 'N',
],
@@ -192,7 +192,7 @@ abstract class UserModelAbstract
DatabaseModel::update([
'table' => 'users',
'set' => [
- 'password' => SecurityModel::getPasswordHash('maarch'),
+ 'password' => AuthenticationModel::getPasswordHash('maarch'),
'change_password' => 'Y',
'password_modification_date' => 'CURRENT_TIMESTAMP'
],
diff --git a/src/core/controllers/AuthenticationController.php b/src/core/controllers/AuthenticationController.php
index 89f4d92b797834cd2d945fcb6398198e271d0d18..6fbbbbf4c5731b56dfe7c2702cfc6bec48f8e1d3 100644
--- a/src/core/controllers/AuthenticationController.php
+++ b/src/core/controllers/AuthenticationController.php
@@ -16,7 +16,6 @@ namespace SrcCore\controllers;
use SrcCore\models\AuthenticationModel;
use SrcCore\models\PasswordModel;
-use SrcCore\models\SecurityModel;
use SrcCore\models\ValidatorModel;
use User\models\UserModel;
@@ -30,9 +29,9 @@ class AuthenticationController
$userId = $_SERVER['PHP_AUTH_USER'];
}
} else {
- $cookie = SecurityModel::getCookieAuth();
- if (!empty($cookie) && SecurityModel::cookieAuthentication($cookie)) {
- SecurityModel::setCookieAuth(['userId' => $cookie['userId']]);
+ $cookie = AuthenticationModel::getCookieAuth();
+ if (!empty($cookie) && AuthenticationModel::cookieAuthentication($cookie)) {
+ AuthenticationModel::setCookieAuth(['userId' => $cookie['userId']]);
$userId = $cookie['userId'];
}
}
diff --git a/src/core/models/AuthenticationModel.php b/src/core/models/AuthenticationModel.php
index 1b5f0f0c490265df87a355b6ea56e91c38b0950b..ffd96cf0b2a6a0b9b2a7d7976c58b15e99cf3165 100644
--- a/src/core/models/AuthenticationModel.php
+++ b/src/core/models/AuthenticationModel.php
@@ -16,6 +16,11 @@ namespace SrcCore\models;
class AuthenticationModel
{
+ public static function getPasswordHash($password)
+ {
+ return password_hash($password, PASSWORD_DEFAULT);
+ }
+
public static function authentication(array $args)
{
ValidatorModel::notEmpty($args, ['userId', 'password']);
@@ -35,6 +40,93 @@ class AuthenticationModel
return password_verify($args['password'], $aReturn[0]['password']);
}
+ public static function getCookieAuth()
+ {
+ $rawCookie = $_COOKIE['maarchCourrierAuth'];
+ if (empty($rawCookie)) {
+ return [];
+ }
+
+ $cookieDecoded = base64_decode($rawCookie);
+ $cookie = json_decode($cookieDecoded);
+
+ return (array)$cookie;
+ }
+
+ public static function cookieAuthentication(array $args)
+ {
+ ValidatorModel::notEmpty($args, ['userId', 'cookieKey']);
+ ValidatorModel::stringType($args, ['userId', 'cookieKey']);
+
+ $aReturn = DatabaseModel::select([
+ 'select' => [1],
+ 'table' => ['users'],
+ 'where' => ['user_id = ?', 'cookie_key = ?', 'cookie_date > CURRENT_TIMESTAMP'],
+ 'data' => [$args['userId'], $args['cookieKey']]
+ ]);
+
+ if (empty($aReturn[0])) {
+ return false;
+ }
+
+ return true;
+ }
+
+ public static function setCookieAuth(array $args)
+ {
+ ValidatorModel::notEmpty($args, ['userId']);
+ ValidatorModel::stringType($args, ['userId']);
+
+ $cookieTime = 0;
+
+ $loadedXml = CoreConfigModel::getXmlLoaded(['path' => 'apps/maarch_entreprise/xml/config.xml']);
+ if ($loadedXml) {
+ $cookieTime = (string)$loadedXml->CONFIG->CookieTime;
+ }
+
+ $user = DatabaseModel::select([
+ 'select' => ['cookie_key'],
+ 'table' => ['users'],
+ 'where' => ['user_id = ?', 'cookie_date > CURRENT_TIMESTAMP'],
+ 'data' => [$args['userId']]
+ ]);
+ if (empty($user[0]['cookie_key'])) {
+ $cookieKey = AuthenticationModel::getPasswordHash($args['userId']);
+ } else {
+ $cookieKey = $user[0]['cookie_key'];
+ }
+
+ $cookiePath = str_replace(['apps/maarch_entreprise/index.php', 'apps/maarch_entreprise/log.php', 'rest/index.php'], '', $_SERVER['SCRIPT_NAME']);
+ $cookieTime = time() + 60 * $cookieTime;
+
+ DatabaseModel::update([
+ 'table' => 'users',
+ 'set' => [
+ 'cookie_key' => $cookieKey,
+ 'cookie_date' => date('Y-m-d H:i:s', $cookieTime),
+ ],
+ 'where' => ['user_id = ?'],
+ 'data' => [$args['userId']]
+ ]);
+
+ $cookieData = json_encode(['userId' => $args['userId'], 'cookieKey' => $cookieKey]);
+ setcookie('maarchCourrierAuth', base64_encode($cookieData), $cookieTime, $cookiePath, '', false, true);
+
+ return true;
+ }
+
+ public static function deleteCookieAuth()
+ {
+ $previousCookie = AuthenticationModel::getCookieAuth();
+
+ if (!empty($previousCookie)) {
+ $cookiePath = str_replace(['apps/maarch_entreprise/index.php', 'rest/index.php'], '', $_SERVER['SCRIPT_NAME']);
+ setcookie('maarchCourrierAuth', '', time() - 1, $cookiePath, '', false, true);
+ }
+
+ return true;
+ }
+
public static function resetFailedAuthentication(array $aArgs)
{
ValidatorModel::notEmpty($aArgs, ['userId']);
diff --git a/src/core/models/PasswordModel.php b/src/core/models/PasswordModel.php
index 3c302a92de387c52e7b636a3a408ccac426af125..7d5dd9484c7af7c7402acaba6b5860176739b761 100644
--- a/src/core/models/PasswordModel.php
+++ b/src/core/models/PasswordModel.php
@@ -144,7 +144,7 @@ class PasswordModel
'table' => 'password_history',
'columnsValues' => [
'user_serial_id' => $aArgs['userSerialId'],
- 'password' => SecurityModel::getPasswordHash($aArgs['password'])
+ 'password' => AuthenticationModel::getPasswordHash($aArgs['password'])
],
]);
diff --git a/src/core/models/SecurityModel.php b/src/core/models/SecurityModel.php
deleted file mode 100644
index e2443870eb41c8a5fc969ad011ffb5f20b6d228d..0000000000000000000000000000000000000000
--- a/src/core/models/SecurityModel.php
+++ /dev/null
@@ -1,110 +0,0 @@
-<?php
-
-/**
-* Copyright Maarch since 2008 under licence GPLv3.
-* See LICENCE.txt file at the root folder for more details.
-* This file is part of Maarch software.
-*
-*/
-
-/**
-* @brief Security Model
-* @author dev@maarch.org
-*/
-
-namespace SrcCore\models;
-
-class SecurityModel
-{
- public static function getPasswordHash($password)
- {
- return password_hash($password, PASSWORD_DEFAULT);
- }
-
- public static function getCookieAuth()
- {
- $rawCookie = $_COOKIE['maarchCourrierAuth'];
- if (empty($rawCookie)) {
- return [];
- }
-
- $cookieDecoded = base64_decode($rawCookie);
- $cookie = json_decode($cookieDecoded);
-
- return (array)$cookie;
- }
-
- public static function cookieAuthentication(array $args)
- {
- ValidatorModel::notEmpty($args, ['userId', 'cookieKey']);
- ValidatorModel::stringType($args, ['userId', 'cookieKey']);
-
- $aReturn = DatabaseModel::select([
- 'select' => [1],
- 'table' => ['users'],
- 'where' => ['user_id = ?', 'cookie_key = ?', 'cookie_date > CURRENT_TIMESTAMP'],
- 'data' => [$args['userId'], $args['cookieKey']]
- ]);
-
- if (empty($aReturn[0])) {
- return false;
- }
-
- return true;
- }
-
- public static function setCookieAuth(array $args)
- {
- ValidatorModel::notEmpty($args, ['userId']);
- ValidatorModel::stringType($args, ['userId']);
-
- $cookieTime = 0;
-
- $loadedXml = CoreConfigModel::getXmlLoaded(['path' => 'apps/maarch_entreprise/xml/config.xml']);
- if ($loadedXml) {
- $cookieTime = (string)$loadedXml->CONFIG->CookieTime;
- }
-
- $user = DatabaseModel::select([
- 'select' => ['cookie_key'],
- 'table' => ['users'],
- 'where' => ['user_id = ?', 'cookie_date > CURRENT_TIMESTAMP'],
- 'data' => [$args['userId']]
- ]);
- if (empty($user[0]['cookie_key'])) {
- $cookieKey = SecurityModel::getPasswordHash($args['userId']);
- } else {
- $cookieKey = $user[0]['cookie_key'];
- }
-
- $cookiePath = str_replace(['apps/maarch_entreprise/index.php', 'apps/maarch_entreprise/log.php', 'rest/index.php'], '', $_SERVER['SCRIPT_NAME']);
- $cookieTime = time() + 60 * $cookieTime;
-
- DatabaseModel::update([
- 'table' => 'users',
- 'set' => [
- 'cookie_key' => $cookieKey,
- 'cookie_date' => date('Y-m-d H:i:s', $cookieTime),
- ],
- 'where' => ['user_id = ?'],
- 'data' => [$args['userId']]
- ]);
-
- $cookieData = json_encode(['userId' => $args['userId'], 'cookieKey' => $cookieKey]);
- setcookie('maarchCourrierAuth', base64_encode($cookieData), $cookieTime, $cookiePath, '', false, true);
-
- return true;
- }
-
- public static function deleteCookieAuth()
- {
- $previousCookie = SecurityModel::getCookieAuth();
-
- if (!empty($previousCookie)) {
- $cookiePath = str_replace(['apps/maarch_entreprise/index.php', 'rest/index.php'], '', $_SERVER['SCRIPT_NAME']);
- setcookie('maarchCourrierAuth', '', time() - 1, $cookiePath, '', false, true);
- }
-
- return true;
- }
-}