From 5ef983b4cc44e4f8351061f6f475297a74a3b0e2 Mon Sep 17 00:00:00 2001 From: Jose Pabl Domingo Aramburo Sanchez Date: Sat, 4 Aug 2018 20:37:53 -0600 Subject: [PATCH 01/10] [add] Crypto methods --- api-payroll/src/dependencies.php | 8 +++ api-payroll/src/service/cryptography.php | 86 ++++++++++++++++++++++++ api-payroll/src/settings.php | 8 +++ 3 files changed, 102 insertions(+) create mode 100644 api-payroll/src/service/cryptography.php diff --git a/api-payroll/src/dependencies.php b/api-payroll/src/dependencies.php index 4c20bf8..a2c576e 100644 --- a/api-payroll/src/dependencies.php +++ b/api-payroll/src/dependencies.php @@ -17,3 +17,11 @@ $container['logger'] = function ($c) { $logger->pushHandler(new Monolog\Handler\StreamHandler($settings['path'], $settings['level'])); return $logger; }; + +// Cryto functions +$container['cryptographyService'] = function ($c) { + $cryptographySettings = $c->get('settings')['cryptography']; + require dirname(__FILE__) . "/../src/service/cryptography.php"; + $cryptographyService = new cryptographyService($cryptographySettings); + return $cryptographyService; +}; diff --git a/api-payroll/src/service/cryptography.php b/api-payroll/src/service/cryptography.php new file mode 100644 index 0000000..ef47199 --- /dev/null +++ b/api-payroll/src/service/cryptography.php @@ -0,0 +1,86 @@ +settings = $cryptographySettings; + } + + /** + * Encrypts a string using the predefined algorithm, the resulting string will contain the + * concatenated iv used for salting as well as the cipher text, both in hex format + * + * @param $text string + * @return string + * @throws Exception + */ + function encryptString($text){ + try { + $iv = random_bytes($this->settings['ivSize']); + $ivInHex = bin2hex($iv); + + $encryptedMessage = openssl_encrypt($text, $this->settings['encryptionAlgorithm'], + $this->settings['encryptionPassword'], 1, $iv); + + $hexedCipherText = bin2hex($encryptedMessage); + + return "$ivInHex$hexedCipherText"; + } catch (Exception $e) { + throw new Exception('here was an error encrypting the string, contact the system administrator.'); + $this->logger->warning("There was an error in the cryptographyService->encryptString caused by: $e "); + } + } + + /** + * Decrypts a string using the predefined algorithm + * + * This method assumes that an iv with the length taken from the setting ivSize is present + * at the beginning of the string and this will be used to decrypt the cipher text + * + * @param $cipherText string + * @return string + */ + function decryptString($cipherText) { + $cipherText = hex2bin($cipherText); + + $totalCharaters = strlen($cipherText); + $iv = substr($cipherText, 0, $this->settings['ivSize']); + $cipherTextWithIv = substr($cipherText, $this->settings['ivSize'], $totalCharaters); + + return openssl_decrypt($cipherTextWithIv, $this->settings['encryptionAlgorithm'], + $this->settings['encryptionPassword'], 1, $iv); + } + + /** + * Securely hashes a password for its coldstorage + * + * @param $password string + * @return string + */ + function encryptPassword($password) { + $options = [ + 'cost' => $this->settings['passwordHashCost'], + ]; + + return password_hash($password, PASSWORD_BCRYPT, $options); + } + + /** + * Compares a password given in plain text against the encrypted veersion to determined if they're + * the same password + * + * @param $plainPassword string + * @param $encryptedPassword string + * @return boolean + */ + function decryptPassword($plainPassword, $encryptedPassword) { + return password_verify($plainPassword, $encryptedPassword); + } +} \ No newline at end of file diff --git a/api-payroll/src/settings.php b/api-payroll/src/settings.php index 2346883..e8c6719 100644 --- a/api-payroll/src/settings.php +++ b/api-payroll/src/settings.php @@ -15,5 +15,13 @@ return [ 'path' => isset($_ENV['docker']) ? 'php://stdout' : __DIR__ . '/../logs/app.log', 'level' => \Monolog\Logger::DEBUG, ], + + // Cryptography settings + 'cryptography' => [ + 'encryptionAlgorithm' => 'AES-256-CBC', + 'encryptionPassword' => '7de431684c34cf2c898268cff71392f38c4175dde050c9ee69502b81571484e0', + 'passwordHashCost' => '12', + 'ivSize' => 16, // 128 bits + ], ], ]; From 2773092cfc493365c3adc528dc11280ed9c4a1e0 Mon Sep 17 00:00:00 2001 From: Jose Pabl Domingo Aramburo Sanchez Date: Sat, 4 Aug 2018 21:00:19 -0600 Subject: [PATCH 02/10] [mod] Typo --- api-payroll/src/routes.php | 2 +- api-payroll/src/service/cryptography.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/api-payroll/src/routes.php b/api-payroll/src/routes.php index 9363ec6..00d1592 100644 --- a/api-payroll/src/routes.php +++ b/api-payroll/src/routes.php @@ -11,4 +11,4 @@ $app->get('/[{name}]', function (Request $request, Response $response, array $ar // Render index view return $this->renderer->render($response, 'index.phtml', $args); -}); +}); \ No newline at end of file diff --git a/api-payroll/src/service/cryptography.php b/api-payroll/src/service/cryptography.php index ef47199..6183ddd 100644 --- a/api-payroll/src/service/cryptography.php +++ b/api-payroll/src/service/cryptography.php @@ -33,7 +33,7 @@ class cryptographyService{ return "$ivInHex$hexedCipherText"; } catch (Exception $e) { - throw new Exception('here was an error encrypting the string, contact the system administrator.'); + throw new Exception('There was an error encrypting the string, contact the system administrator.'); $this->logger->warning("There was an error in the cryptographyService->encryptString caused by: $e "); } } From 3fe49d894d7d07852e5d753f9862d5beaa28ca8d Mon Sep 17 00:00:00 2001 From: Jose Pabl Domingo Aramburo Sanchez Date: Sun, 5 Aug 2018 00:29:00 -0600 Subject: [PATCH 03/10] [add] Users database --- database/database.sql | 47 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 database/database.sql diff --git a/database/database.sql b/database/database.sql new file mode 100644 index 0000000..930a97a --- /dev/null +++ b/database/database.sql @@ -0,0 +1,47 @@ +DROP DATABASE IF EXISTS payroll; + +CREATE DATABASE payroll; +USE payroll; + +DROP TABLE IF EXISTS persons; +CREATE TABLE IF NOT EXISTS `persons` ( + `id` INT UNSIGNED NOT NULL AUTO_INCREMENT, + `firstName` varbinary(500) NOT NULL comment 'The name of the person', + `middleName` varbinary(500) NOT NULL comment 'The midle name of the person', + `lastName` varbinary(500) comment 'The last name of the person', + `birthDate` DATE NOT NULL DEFAULT '1900-01-01' comment 'Date of birth of the person', + `email` varbinary(500) NOT NULL comment 'The email adress of the person', + `phone` INT(10) UNSIGNED NOT NULL comment 'The phone number of the person should be the mobile one but leaves room for home ones', + `status` ENUM('ACTIVE', 'INACTIVE') NOT NULL DEFAULT 'ACTIVE', + `created_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP comment 'The date on which the registry was created', + `updated_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP comment 'The date of the last time the row was modified', + PRIMARY KEY (`id`), + UNIQUE (`phone`), + UNIQUE (`firstName`,`middleName`,`lastName`,`birthDate`) +); + +INSERT INTO persons (firstName, middleName, lastName, birthDate, email, phone) + VALUES ( + '0524a1848795041c2259ad658897913d25bc36e7ce54fa8465de767a03be8aaa957591c84d51dd85f1b58fc0826db835', + 'b5293d82e3ebc1f36eb70f8c0007aaa2aa1cd3f1e2903e1e36fb35137e967d3a', + 'b04e81e22a98c1abfcb85688926aa5fa12aea511f600424c25a7e9b14a0ac6f8', + '1991-06-06', + '205fbeba023a9b846a11492bfc6e039619bb6068030bcc13e45d30e638f6c51b4099911dee2b5644d55b43a38e8591f32f579ba0df9bd710b9e6bf66e0544184', + '0123456789'); + +DROP TABLE IF EXISTS users; +CREATE TABLE IF NOT EXISTS `users` ( + `id` INT UNSIGNED NOT NULL AUTO_INCREMENT, + `idPerson` INT UNSIGNED NOT NULL comment 'Id of the person, this contains the name and other personal data', + `name` VARCHAR(50) NOT NULL comment 'Username', + `password` VARCHAR(500) NOT NULL comment 'Hashed password', + `status` ENUM('ACTIVE', 'INACTIVE') NOT NULL DEFAULT 'ACTIVE', + `created_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP comment 'The date on which the registry was created', + `updated_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP comment 'The date of the last time the row was modified', + PRIMARY KEY (`id`), + FOREIGN KEY (idPerson) REFERENCES persons(id), + UNIQUE (`name`) +); + +INSERT INTO users (idPerson, name, password) + VALUES (1, 'sloth', '$2y$12$51mfESaLEGXDT4u9Bd9kiOHEpaJ1Bx4SEcVwsU5K6jVPMNkrnpJAa'); From 8b09f75d3a36502353570d0c01194ac7c4c56c48 Mon Sep 17 00:00:00 2001 From: Jose Pabl Domingo Aramburo Sanchez Date: Sun, 5 Aug 2018 03:40:05 -0600 Subject: [PATCH 04/10] [add] Login endpoint --- api-payroll/composer.json | 6 +++ api-payroll/composer.lock | 2 +- .../src/application/SessionApplication.php | 43 +++++++++++++++++++ api-payroll/src/dependencies.php | 13 +++++- api-payroll/src/routes.php | 31 +++++++++++++ ...yptography.php => CryptographyService.php} | 6 ++- api-payroll/src/settings.php | 17 ++++++++ 7 files changed, 113 insertions(+), 5 deletions(-) create mode 100644 api-payroll/src/application/SessionApplication.php rename api-payroll/src/service/{cryptography.php => CryptographyService.php} (97%) diff --git a/api-payroll/composer.json b/api-payroll/composer.json index 5ed5d2e..86aff1a 100644 --- a/api-payroll/composer.json +++ b/api-payroll/composer.json @@ -25,6 +25,12 @@ "Tests\\": "tests/" } }, + "autoload": { + "psr-4": { + "App\\Service\\": "src/service", + "App\\Application\\": "src/application" + } + }, "config": { "process-timeout" : 0 }, diff --git a/api-payroll/composer.lock b/api-payroll/composer.lock index 87831fe..65a8bff 100644 --- a/api-payroll/composer.lock +++ b/api-payroll/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "This file is @generated automatically" ], - "hash": "bea55e49da1d79bf5a4874824904525d", + "hash": "9f4397e11cb2603e7754216c4f59c7ad", "content-hash": "5e16cb7781829836a704bd8767830833", "packages": [ { diff --git a/api-payroll/src/application/SessionApplication.php b/api-payroll/src/application/SessionApplication.php new file mode 100644 index 0000000..bfb94e2 --- /dev/null +++ b/api-payroll/src/application/SessionApplication.php @@ -0,0 +1,43 @@ +cryptographyService = $cryptographyService; + + // The database parameters + $this->host = $mysqlSettings['host']; + $this->database = $mysqlSettings['database']; + $this->user = $mysqlSettings['user']; + $this->password = $mysqlSettings['password']; + $this->charset = $mysqlSettings['charset']; + $this->pdoConnectionOptions = $mysqlSettings['pdoConnectionOptions']; + + // Generic error messages + $this->databaseConnectionErrorMessage = $mysqlSettings['databaseConnectionErrorMessage']; + $this->databaseSelectQueryErrorMessage = $mysqlSettings['databaseSelectQueryErrorMessage']; + $this->databaseInsertQueryErrorMessage = $mysqlSettings['databaseInsertQueryErrorMessage']; + + // Initiate the connection + $dsn = "mysql:host=$this->host;dbname=$this->database;charset=$this->charset"; + try { + $this->pdo = new PDO($dsn, $this->user, $this->password, $this->pdoConnectionOptions); + } catch (Exception $e) { + error_log($e->getMessage()); + exit($this->databaseConnectionErrorMessage); + } + } + + function newSession($userName, $password){ + $real = 'slothness'; + + if($this->cryptographyService->decryptPassword($real, $password)){ + + } + } +} +?> \ No newline at end of file diff --git a/api-payroll/src/dependencies.php b/api-payroll/src/dependencies.php index a2c576e..61f49fd 100644 --- a/api-payroll/src/dependencies.php +++ b/api-payroll/src/dependencies.php @@ -21,7 +21,16 @@ $container['logger'] = function ($c) { // Cryto functions $container['cryptographyService'] = function ($c) { $cryptographySettings = $c->get('settings')['cryptography']; - require dirname(__FILE__) . "/../src/service/cryptography.php"; - $cryptographyService = new cryptographyService($cryptographySettings); + $cryptographyService = new App\Service\CryptographyService($cryptographySettings); return $cryptographyService; }; + +// The session application +$container['sessionApplication'] = function ($c) { + $cryptographySettings = $c->get('settings')['cryptography']; + $cryptographyService = new App\Service\CryptographyService($cryptographySettings); + + $mysqlSettings = $c->get('settings')['mysql']; + $sessionApplication = new App\Application\SessionApplication($mysqlSettings, $cryptographyService); + return $sessionApplication; +}; \ No newline at end of file diff --git a/api-payroll/src/routes.php b/api-payroll/src/routes.php index 00d1592..d588aed 100644 --- a/api-payroll/src/routes.php +++ b/api-payroll/src/routes.php @@ -11,4 +11,35 @@ $app->get('/[{name}]', function (Request $request, Response $response, array $ar // Render index view return $this->renderer->render($response, 'index.phtml', $args); +}); + + +$app->post('/api/session/login', function ($request, $response) { + $RequestData = $request->getParsedBody(); + + $data = $this->sessionApplication->newSession($RequestData['userName'], $RequestData['password']); + + return $response->withStatus(200) + ->withHeader('Content-Type', 'application/json') + ->write(json_encode($data)); +}); + + +$app->get('/api/encrypt/{string}', function (Request $request, Response $response, array $args) { + return $this->cryptographyService->encryptString($args['string']); +}); + +$app->get('/api/decrypt/{string}', function (Request $request, Response $response, array $args) { + return $this->cryptographyService->decryptString($args['string']); +}); + +$app->get('/api/encrypt/password/{string}', function (Request $request, Response $response, array $args) { + return $this->cryptographyService->encryptPassword($args['string']); +}); + +$app->get('/api/decrypt/password/{string}', function (Request $request, Response $response, array $args) { + $cosa = $this->cryptographyService->decryptPassword("pablso", "$2y$12$4T.gxWkQNPPFQau7ghfiQegdJQOm1yLTlbOTvcI3AizyqF/JSHr06"); + if ($cosa){ + return "yea"; + } }); \ No newline at end of file diff --git a/api-payroll/src/service/cryptography.php b/api-payroll/src/service/CryptographyService.php similarity index 97% rename from api-payroll/src/service/cryptography.php rename to api-payroll/src/service/CryptographyService.php index 6183ddd..9e3dcca 100644 --- a/api-payroll/src/service/cryptography.php +++ b/api-payroll/src/service/CryptographyService.php @@ -1,4 +1,6 @@ settings = $cryptographySettings; @@ -19,7 +21,7 @@ class cryptographyService{ * * @param $text string * @return string - * @throws Exception + * @throws \Exception */ function encryptString($text){ try { diff --git a/api-payroll/src/settings.php b/api-payroll/src/settings.php index e8c6719..54893f4 100644 --- a/api-payroll/src/settings.php +++ b/api-payroll/src/settings.php @@ -23,5 +23,22 @@ return [ 'passwordHashCost' => '12', 'ivSize' => 16, // 128 bits ], + + // Datanase settings + 'mysql' => [ + 'host' => 'localhost', + 'database' => 'payroll', + 'user' => 'root', + 'password' => '12345678', + 'charset' => 'utf8', + 'pdoConnectionOptions' => [ + PDO::ATTR_EMULATE_PREPARES => true, // The querys will be prepared by pdo instead of the dbms + PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, // Errors will be returned as exceptions + PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, // Data will be returned in associative arrays + ], + 'databaseConnectionErrorMessage' => 'Unable to connect to the database.', + 'databaseSelectQueryErrorMessage' => 'There was an error fetching the data.', + 'databaseInsertQueryErrorMessage' => 'There was an error inserting the record.', + ], ], ]; From 52a77c902985ccc81756010ab5e39984014799f9 Mon Sep 17 00:00:00 2001 From: Jose Pabl Domingo Aramburo Sanchez Date: Sun, 5 Aug 2018 03:55:55 -0600 Subject: [PATCH 05/10] [mod] Falling back to requiere The namespace autoload was removed for the application to fix the error loading pdo --- api-payroll/composer.json | 3 +-- api-payroll/composer.lock | 2 +- api-payroll/src/application/SessionApplication.php | 1 - api-payroll/src/dependencies.php | 3 ++- 4 files changed, 4 insertions(+), 5 deletions(-) diff --git a/api-payroll/composer.json b/api-payroll/composer.json index 86aff1a..5cf1229 100644 --- a/api-payroll/composer.json +++ b/api-payroll/composer.json @@ -27,8 +27,7 @@ }, "autoload": { "psr-4": { - "App\\Service\\": "src/service", - "App\\Application\\": "src/application" + "App\\Service\\": "src/service" } }, "config": { diff --git a/api-payroll/composer.lock b/api-payroll/composer.lock index 65a8bff..5f86c70 100644 --- a/api-payroll/composer.lock +++ b/api-payroll/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "This file is @generated automatically" ], - "hash": "9f4397e11cb2603e7754216c4f59c7ad", + "hash": "0057ecef520d7a1c12ceed653a4a5b2a", "content-hash": "5e16cb7781829836a704bd8767830833", "packages": [ { diff --git a/api-payroll/src/application/SessionApplication.php b/api-payroll/src/application/SessionApplication.php index bfb94e2..e54c51a 100644 --- a/api-payroll/src/application/SessionApplication.php +++ b/api-payroll/src/application/SessionApplication.php @@ -1,5 +1,4 @@ get('settings')['mysql']; - $sessionApplication = new App\Application\SessionApplication($mysqlSettings, $cryptographyService); + require dirname(__FILE__) . "/../src/application/cryptographyService.php"; + $sessionApplication = new cryptographyService($mysqlSettings, $cryptographyService); return $sessionApplication; }; \ No newline at end of file From 2920fdd89b788624d88b13f84f720dafde7f3930 Mon Sep 17 00:00:00 2001 From: Jose Pabl Domingo Aramburo Sanchez Date: Sun, 5 Aug 2018 10:02:24 +0000 Subject: [PATCH 06/10] [fix] Loading applciation --- api-payroll/src/dependencies.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/api-payroll/src/dependencies.php b/api-payroll/src/dependencies.php index 1f6499b..fb34e45 100644 --- a/api-payroll/src/dependencies.php +++ b/api-payroll/src/dependencies.php @@ -31,7 +31,7 @@ $container['sessionApplication'] = function ($c) { $cryptographyService = new App\Service\CryptographyService($cryptographySettings); $mysqlSettings = $c->get('settings')['mysql']; - require dirname(__FILE__) . "/../src/application/cryptographyService.php"; - $sessionApplication = new cryptographyService($mysqlSettings, $cryptographyService); + require dirname(__FILE__) . "/../src/application/SessionApplication.php"; + $sessionApplication = new SessionApplication($mysqlSettings, $cryptographyService); return $sessionApplication; -}; \ No newline at end of file +}; From 09f11ebe497feeeedffe5c4e56b760420351d3c4 Mon Sep 17 00:00:00 2001 From: Jose Pabl Domingo Aramburo Sanchez Date: Sun, 5 Aug 2018 04:30:50 -0600 Subject: [PATCH 07/10] [add] Injecting dependency --- api-payroll/src/application/SessionApplication.php | 7 ++++++- api-payroll/src/dependencies.php | 5 +---- api-payroll/src/routes.php | 3 +++ 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/api-payroll/src/application/SessionApplication.php b/api-payroll/src/application/SessionApplication.php index e54c51a..53d187c 100644 --- a/api-payroll/src/application/SessionApplication.php +++ b/api-payroll/src/application/SessionApplication.php @@ -3,6 +3,7 @@ class SessionApplication{ // The to be connection private $pdo = ''; + private $cryptographyService; function __construct($mysqlSettings, $cryptographyService){ // Services @@ -33,9 +34,13 @@ class SessionApplication{ function newSession($userName, $password){ $real = 'slothness'; + $password = "$2y$12$51mfESaLEGXDT4u9Bd9kiOHEpaJ1Bx4SEcVwsU5K6jVPMNkrnpJAa"; if($this->cryptographyService->decryptPassword($real, $password)){ - + return "yea"; + } + else{ + "nah"; } } } diff --git a/api-payroll/src/dependencies.php b/api-payroll/src/dependencies.php index fb34e45..7002950 100644 --- a/api-payroll/src/dependencies.php +++ b/api-payroll/src/dependencies.php @@ -27,11 +27,8 @@ $container['cryptographyService'] = function ($c) { // The session application $container['sessionApplication'] = function ($c) { - $cryptographySettings = $c->get('settings')['cryptography']; - $cryptographyService = new App\Service\CryptographyService($cryptographySettings); - $mysqlSettings = $c->get('settings')['mysql']; require dirname(__FILE__) . "/../src/application/SessionApplication.php"; - $sessionApplication = new SessionApplication($mysqlSettings, $cryptographyService); + $sessionApplication = new SessionApplication($mysqlSettings, $c['cryptographyService']); return $sessionApplication; }; diff --git a/api-payroll/src/routes.php b/api-payroll/src/routes.php index d588aed..6fa090a 100644 --- a/api-payroll/src/routes.php +++ b/api-payroll/src/routes.php @@ -42,4 +42,7 @@ $app->get('/api/decrypt/password/{string}', function (Request $request, Response if ($cosa){ return "yea"; } + else{ + "nah"; + } }); \ No newline at end of file From d7be1f1d9c3064fd8be2ca38ebfd6c2358063411 Mon Sep 17 00:00:00 2001 From: Jose Pabl Domingo Aramburo Sanchez Date: Sun, 5 Aug 2018 19:14:49 -0600 Subject: [PATCH 08/10] [mod] Mysql connections moved to dependencies --- .../src/application/SessionApplication.php | 27 ++-------------- api-payroll/src/dependencies.php | 31 +++++++++++++++++-- 2 files changed, 32 insertions(+), 26 deletions(-) diff --git a/api-payroll/src/application/SessionApplication.php b/api-payroll/src/application/SessionApplication.php index 53d187c..d73c34c 100644 --- a/api-payroll/src/application/SessionApplication.php +++ b/api-payroll/src/application/SessionApplication.php @@ -5,31 +5,10 @@ class SessionApplication{ private $pdo = ''; private $cryptographyService; - function __construct($mysqlSettings, $cryptographyService){ + function __construct($mysql, $cryptographyService){ // Services $this->cryptographyService = $cryptographyService; - - // The database parameters - $this->host = $mysqlSettings['host']; - $this->database = $mysqlSettings['database']; - $this->user = $mysqlSettings['user']; - $this->password = $mysqlSettings['password']; - $this->charset = $mysqlSettings['charset']; - $this->pdoConnectionOptions = $mysqlSettings['pdoConnectionOptions']; - - // Generic error messages - $this->databaseConnectionErrorMessage = $mysqlSettings['databaseConnectionErrorMessage']; - $this->databaseSelectQueryErrorMessage = $mysqlSettings['databaseSelectQueryErrorMessage']; - $this->databaseInsertQueryErrorMessage = $mysqlSettings['databaseInsertQueryErrorMessage']; - - // Initiate the connection - $dsn = "mysql:host=$this->host;dbname=$this->database;charset=$this->charset"; - try { - $this->pdo = new PDO($dsn, $this->user, $this->password, $this->pdoConnectionOptions); - } catch (Exception $e) { - error_log($e->getMessage()); - exit($this->databaseConnectionErrorMessage); - } + $this->pdo = $mysql; } function newSession($userName, $password){ @@ -40,7 +19,7 @@ class SessionApplication{ return "yea"; } else{ - "nah"; + return "nay"; } } } diff --git a/api-payroll/src/dependencies.php b/api-payroll/src/dependencies.php index 7002950..24bfcb6 100644 --- a/api-payroll/src/dependencies.php +++ b/api-payroll/src/dependencies.php @@ -18,6 +18,34 @@ $container['logger'] = function ($c) { return $logger; }; +// Mysql connecrion +$container['mysql'] = function ($c) { + $mysqlSettings = $c->get('settings')['mysql']; + + // The database parameters + $host = $mysqlSettings['host']; + $database = $mysqlSettings['database']; + $user = $mysqlSettings['user']; + $password = $mysqlSettings['password']; + $charset = $mysqlSettings['charset']; + $pdoConnectionOptions = $mysqlSettings['pdoConnectionOptions']; + + // Generic error messages + $databaseConnectionErrorMessage = $mysqlSettings['databaseConnectionErrorMessage']; + $databaseSelectQueryErrorMessage = $mysqlSettings['databaseSelectQueryErrorMessage']; + $databaseInsertQueryErrorMessage = $mysqlSettings['databaseInsertQueryErrorMessage']; + + // Initiate the connection + $dsn = "mysql:host=$host;dbname=$database;charset=$charset"; + try { + $pdo = new PDO($dsn, $user, $password, $pdoConnectionOptions); + } catch (Exception $e) { + error_log($e->getMessage()); + exit($databaseConnectionErrorMessage); + } + return $pdo; +}; + // Cryto functions $container['cryptographyService'] = function ($c) { $cryptographySettings = $c->get('settings')['cryptography']; @@ -27,8 +55,7 @@ $container['cryptographyService'] = function ($c) { // The session application $container['sessionApplication'] = function ($c) { - $mysqlSettings = $c->get('settings')['mysql']; require dirname(__FILE__) . "/../src/application/SessionApplication.php"; - $sessionApplication = new SessionApplication($mysqlSettings, $c['cryptographyService']); + $sessionApplication = new SessionApplication($c['mysql'], $c['cryptographyService']); return $sessionApplication; }; From 816b1e356a73ea1a3f2a7106d4f32c6fa6f3168d Mon Sep 17 00:00:00 2001 From: Jose Pabl Domingo Aramburo Sanchez Date: Sun, 5 Aug 2018 20:06:43 -0600 Subject: [PATCH 09/10] [add] Endpoints to handle sessions --- .../src/application/SessionApplication.php | 80 ++++++++++++++++--- api-payroll/src/routes.php | 30 +++---- .../src/service/CryptographyService.php | 2 +- 3 files changed, 81 insertions(+), 31 deletions(-) diff --git a/api-payroll/src/application/SessionApplication.php b/api-payroll/src/application/SessionApplication.php index d73c34c..204bbac 100644 --- a/api-payroll/src/application/SessionApplication.php +++ b/api-payroll/src/application/SessionApplication.php @@ -1,26 +1,88 @@ cryptographyService = $cryptographyService; $this->pdo = $mysql; + + $this->databaseSelectQueryErrorMessage = 'There was an error inserting the record.'; } - function newSession($userName, $password){ - $real = 'slothness'; - $password = "$2y$12$51mfESaLEGXDT4u9Bd9kiOHEpaJ1Bx4SEcVwsU5K6jVPMNkrnpJAa"; + /** + * @return bool + */ + function verifySession(){ + return isset($_SESSION['userName']); + } - if($this->cryptographyService->decryptPassword($real, $password)){ - return "yea"; + /** + * @return array + */ + function checkCurrentSession(){ + $session = array(); + + $session['loggedIn'] = $this->verifySession(); + + if($this->verifySession()){ + $session['userName'] = $_SESSION['userName']; + } + + return $session; + } + + /** + * @param $userName string + * @return mixed + */ + function getPassword($userName){ + $stmt = $this->pdo->prepare("SELECT password FROM users WHERE name = :userName"); + $stmt->execute(array(':userName' => $userName)); + $results = $stmt->fetchAll(); + if(!$results){ + exit($this->databaseSelectQueryErrorMessage); + } + $stmt = null; + return $results[0]['password']; + } + + /** + * @param $userName string + * @param $password string + * @return bool + * @throws Exception + */ + function newSession($userName, $password){ + $storedPassword = $this->getPassword($userName); + + // If the credentials don't match anything in the the records + if(!isset($storedPassword)){ + throw new Exception('The user or password didnt match, please try again.'); + } + + // Already has a session + if($this->verifySession()){ + return true; + } + + if($this->cryptographyService->decryptPassword($password, $storedPassword)){ + $_SESSION['userName'] = $userName; + return true; } else{ - return "nay"; + return false; } } + + /** + * @return string + */ + function destroySession(){ + session_destroy(); + + return "Sucessfully logged out."; + } } ?> \ No newline at end of file diff --git a/api-payroll/src/routes.php b/api-payroll/src/routes.php index 6fa090a..680333b 100644 --- a/api-payroll/src/routes.php +++ b/api-payroll/src/routes.php @@ -13,6 +13,11 @@ $app->get('/[{name}]', function (Request $request, Response $response, array $ar return $this->renderer->render($response, 'index.phtml', $args); }); +$app->get('/api/session', function (Request $request, Response $response, array $args) { + return $response->withStatus(200) + ->withHeader('Content-Type', 'application/json') + ->write(json_encode($this->sessionApplication->checkCurrentSession())); +}); $app->post('/api/session/login', function ($request, $response) { $RequestData = $request->getParsedBody(); @@ -24,25 +29,8 @@ $app->post('/api/session/login', function ($request, $response) { ->write(json_encode($data)); }); - -$app->get('/api/encrypt/{string}', function (Request $request, Response $response, array $args) { - return $this->cryptographyService->encryptString($args['string']); -}); - -$app->get('/api/decrypt/{string}', function (Request $request, Response $response, array $args) { - return $this->cryptographyService->decryptString($args['string']); -}); - -$app->get('/api/encrypt/password/{string}', function (Request $request, Response $response, array $args) { - return $this->cryptographyService->encryptPassword($args['string']); -}); - -$app->get('/api/decrypt/password/{string}', function (Request $request, Response $response, array $args) { - $cosa = $this->cryptographyService->decryptPassword("pablso", "$2y$12$4T.gxWkQNPPFQau7ghfiQegdJQOm1yLTlbOTvcI3AizyqF/JSHr06"); - if ($cosa){ - return "yea"; - } - else{ - "nah"; - } +$app->post('/api/session/logout', function (Request $request, Response $response, array $args) { + return $response->withStatus(200) + ->withHeader('Content-Type', 'application/json') + ->write(json_encode($this->sessionApplication->destroySession())); }); \ No newline at end of file diff --git a/api-payroll/src/service/CryptographyService.php b/api-payroll/src/service/CryptographyService.php index 9e3dcca..41e3e5d 100644 --- a/api-payroll/src/service/CryptographyService.php +++ b/api-payroll/src/service/CryptographyService.php @@ -80,7 +80,7 @@ class CryptographyService{ * * @param $plainPassword string * @param $encryptedPassword string - * @return boolean + * @return bool */ function decryptPassword($plainPassword, $encryptedPassword) { return password_verify($plainPassword, $encryptedPassword); From 1a4440a99f238f6f8ff628ef780701cbad28cca8 Mon Sep 17 00:00:00 2001 From: Jose Pabl Domingo Aramburo Sanchez Date: Sun, 5 Aug 2018 20:11:33 -0600 Subject: [PATCH 10/10] [add] Applications added to auto load --- api-payroll/composer.json | 3 ++- api-payroll/composer.lock | 16 ++++++++-------- .../src/application/SessionApplication.php | 1 + api-payroll/src/dependencies.php | 3 +-- 4 files changed, 12 insertions(+), 11 deletions(-) diff --git a/api-payroll/composer.json b/api-payroll/composer.json index 5cf1229..86aff1a 100644 --- a/api-payroll/composer.json +++ b/api-payroll/composer.json @@ -27,7 +27,8 @@ }, "autoload": { "psr-4": { - "App\\Service\\": "src/service" + "App\\Service\\": "src/service", + "App\\Application\\": "src/application" } }, "config": { diff --git a/api-payroll/composer.lock b/api-payroll/composer.lock index 5f86c70..6a094c8 100644 --- a/api-payroll/composer.lock +++ b/api-payroll/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "This file is @generated automatically" ], - "hash": "0057ecef520d7a1c12ceed653a4a5b2a", + "hash": "9f4397e11cb2603e7754216c4f59c7ad", "content-hash": "5e16cb7781829836a704bd8767830833", "packages": [ { @@ -733,16 +733,16 @@ }, { "name": "phpspec/prophecy", - "version": "1.7.6", + "version": "1.8.0", "source": { "type": "git", "url": "https://github.com/phpspec/prophecy.git", - "reference": "33a7e3c4fda54e912ff6338c48823bd5c0f0b712" + "reference": "4ba436b55987b4bf311cb7c6ba82aa528aac0a06" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpspec/prophecy/zipball/33a7e3c4fda54e912ff6338c48823bd5c0f0b712", - "reference": "33a7e3c4fda54e912ff6338c48823bd5c0f0b712", + "url": "https://api.github.com/repos/phpspec/prophecy/zipball/4ba436b55987b4bf311cb7c6ba82aa528aac0a06", + "reference": "4ba436b55987b4bf311cb7c6ba82aa528aac0a06", "shasum": "" }, "require": { @@ -754,12 +754,12 @@ }, "require-dev": { "phpspec/phpspec": "^2.5|^3.2", - "phpunit/phpunit": "^4.8.35 || ^5.7 || ^6.5" + "phpunit/phpunit": "^4.8.35 || ^5.7 || ^6.5 || ^7.1" }, "type": "library", "extra": { "branch-alias": { - "dev-master": "1.7.x-dev" + "dev-master": "1.8.x-dev" } }, "autoload": { @@ -792,7 +792,7 @@ "spy", "stub" ], - "time": "2018-04-18 13:57:24" + "time": "2018-08-05 17:53:17" }, { "name": "phpunit/php-code-coverage", diff --git a/api-payroll/src/application/SessionApplication.php b/api-payroll/src/application/SessionApplication.php index 204bbac..b7091e0 100644 --- a/api-payroll/src/application/SessionApplication.php +++ b/api-payroll/src/application/SessionApplication.php @@ -1,4 +1,5 @@