fix() : override generateToken function to prevent overload memory usage

4bfc3c29 · Arnaud Pauget · ef33d335 · 4bfc3c29
Commit 4bfc3c29 authored Oct 27, 2020 by Arnaud Pauget
--- a/bundle/auth/Controller/serviceAccount.php
+++ b/bundle/auth/Controller/serviceAccount.php
@@ -108,4 +108,55 @@ class serviceAccount extends \bundle\auth\Controller\serviceAccount

        return $serviceAccount;
    }
+
+    /**
+     * Generate a service account token
+     * @param string $serviceAccountId The service account identifier
+     *
+     * @return object The credential
+     */
+    public function generateToken($serviceAccountId)
+    {
+        // Check userAccount exists
+        $currentDate = \laabs::newTimestamp();
+
+        try {
+            $serviceAccount = $this->sdoFactory->read('auth/account', array('accountId' => $serviceAccountId));
+        } catch (\Exception $e) {
+            throw new \core\Exception\NotFoundException("Account identified by " . $serviceAccountId . " does not exist.");
+        }
+
+        $accountToken = \laabs::getToken('AUTH');
+        $ownAccount = $this->read($accountToken->accountId);
+
+        if ($accountToken->accountId != $serviceAccountId && $this->hasSecurityLevel) {
+            $organization = $this->sdoFactory->read('organization/organization', $serviceAccount->ownerOrgId);
+            $organizations = $this->organizationController->readDescendantOrg($organization->orgId);
+            $organizations[] = $organization;
+            if (array_search($serviceAccount->ownerOrgId, array_column($organizations, 'orgId')) === false){
+                throw new \core\Exception\ForbiddenException("You are not allowed to modify this service account");
+            }
+            $this->checkPrivilegesAccess($ownAccount, $serviceAccount);
+        }
+
+        $serviceAccount->salt = md5(microtime());
+        $serviceAccount->tokenDate = $currentDate;
+
+        $dataToken = new \StdClass();
+        $dataToken->accountId = $serviceAccount->accountId;
+        $dataToken->salt = $serviceAccount->salt;
+
+        $token = new \core\token($dataToken, 0);
+
+        $jsonToken = \json_encode($token);
+        $cryptedToken = \laabs::encrypt($jsonToken, \laabs::getCryptKey());
+        $cookieToken = base64_encode($cryptedToken);
+
+        $serviceAccount->password = $cookieToken;
+
+        $this->sdoFactory->update($serviceAccount, 'auth/account');
+        var_dump(memory_get_peak_usage()); exit();
+
+        return $cookieToken;
+    }
 }