PootisPenserHere/payroll_manager
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Merge branch 'master' into Documenting

Browse Source
This commit is contained in:
Jose Pablo Domingo Aramburo Sanchez 2018-08-16 04:32:39 -06:00 committed by GitHub
commit febf9f1c9d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 225 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
api-payroll/composer.json
View File

@ -17,7 +17,8 @@
"slim/php-view": "^2.0", "slim/php-view": "^2.0",
"monolog/monolog": "^1.17", "monolog/monolog": "^1.17",
"respect/validation": "^1.1", "respect/validation": "^1.1",
"tuupola/cors-middleware": "^0.5.2" "tuupola/cors-middleware": "^0.5.2",
"adbario/slim-secure-session-middleware": "^1.3"
}, },
"require-dev": { "require-dev": {
"phpunit/phpunit": ">=4.8 < 6.0" "phpunit/phpunit": ">=4.8 < 6.0"

140
api-payroll/composer.lock generated
View File

@ -4,9 +4,96 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically" "This file is @generated automatically"
], ],
"hash": "93a9656f4e6eb0e25be1bad59ac6f487", "hash": "19bc193d641803843178e87bf0465afe",
"content-hash": "a3fc18885cc45d2733b77fa2081bdc72", "content-hash": "9eb8d110ad374a60767f92d76018504a",
"packages": [ "packages": [
{
"name": "adbario/php-dot-notation",
"version": "1.2.0",
"source": {
"type": "git",
"url": "https://github.com/adbario/php-dot-notation.git",
"reference": "5e4b1fe29a8ae1140e370d520ed8b85dd5130a1f"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/adbario/php-dot-notation/zipball/5e4b1fe29a8ae1140e370d520ed8b85dd5130a1f",
"reference": "5e4b1fe29a8ae1140e370d520ed8b85dd5130a1f",
"shasum": ""
},
"require": {
"php": ">=5.4"
},
"type": "library",
"autoload": {
"psr-4": {
"Adbar\\": "src"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Riku Särkinen",
"email": "riku@adbar.io"
}
],
"description": "PHP dot notation array access",
"homepage": "https://github.com/adbario/php-dot-notation",
"keywords": [
"ArrayAccess",
"dotnotation",
"php"
],
"time": "2017-03-26 17:44:47"
},
{
"name": "adbario/slim-secure-session-middleware",
"version": "1.3.4",
"source": {
"type": "git",
"url": "https://github.com/adbario/slim-secure-session-middleware.git",
"reference": "f107191506b2c362f06f201f998891f315d6aaec"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/adbario/slim-secure-session-middleware/zipball/f107191506b2c362f06f201f998891f315d6aaec",
"reference": "f107191506b2c362f06f201f998891f315d6aaec",
"shasum": ""
},
"require": {
"adbario/php-dot-notation": "~1.2.0",
"paragonie/random_compat": "^2.0",
"php": ">=5.5",
"slim/slim": "~3.0"
},
"type": "library",
"autoload": {
"psr-4": {
"Adbar\\": "src"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Riku Särkinen",
"email": "riku@adbar.io"
}
],
"description": "Secure session middleware for Slim 3 framework",
"homepage": "https://github.com/adbario/slim-secure-session-middleware",
"keywords": [
"middleware",
"session",
"slim"
],
"time": "2017-08-04 13:51:00"
},
{ {
"name": "container-interop/container-interop", "name": "container-interop/container-interop",
"version": "1.2.0", "version": "1.2.0",
@ -217,6 +304,55 @@
], ],
"time": "2018-02-13 20:26:39" "time": "2018-02-13 20:26:39"
}, },
{
"name": "paragonie/random_compat",
"version": "v2.0.17",
"source": {
"type": "git",
"url": "https://github.com/paragonie/random_compat.git",
"reference": "29af24f25bab834fcbb38ad2a69fa93b867e070d"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/paragonie/random_compat/zipball/29af24f25bab834fcbb38ad2a69fa93b867e070d",
"reference": "29af24f25bab834fcbb38ad2a69fa93b867e070d",
"shasum": ""
},
"require": {
"php": ">=5.2.0"
},
"require-dev": {
"phpunit/phpunit": "4.*|5.*"
},
"suggest": {
"ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
},
"type": "library",
"autoload": {
"files": [
"lib/random.php"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Paragon Initiative Enterprises",
"email": "security@paragonie.com",
"homepage": "https://paragonie.com"
}
],
"description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
"keywords": [
"csprng",
"polyfill",
"pseudorandom",
"random"
],
"time": "2018-07-04 16:31:37"
},
{ {
"name": "pimple/pimple", "name": "pimple/pimple",
"version": "v3.2.3", "version": "v3.2.3",

13
api-payroll/public/html/landing.php
View File

@ -1,12 +1,3 @@
<?php
session_start();
if(!isset($_SESSION['userName'])){
header("Location: ./login.php");
exit();
}
?>
<!-- Latest compiled and minified CSS --> <!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="../css/bootstrap.min.css"> <link rel="stylesheet" href="../css/bootstrap.min.css">
@ -40,10 +31,6 @@ if(!isset($_SESSION['userName'])){
<li> <li>
<a href="#" data-nav_accion="registerWorkDays.php" ><span class="glyphicon glyphicon-tasks"></span> Management</a> <a href="#" data-nav_accion="registerWorkDays.php" ><span class="glyphicon glyphicon-tasks"></span> Management</a>
</li> </li>
<li>
<a href="#" onclick="loadView();"><span class="glyphicon glyphicon-wrench"></span> Change password</a>
</li>
</ul> </ul>
<ul class="nav navbar-nav navbar-right"> <ul class="nav navbar-nav navbar-right">
<li> <li>

9
api-payroll/public/html/login.php
View File

@ -1,12 +1,3 @@
<?php
session_start();
if(isset($_SESSION['userName'])){
header("Location: ./landing.php");
exit();
}
?>
<!-- Latest compiled and minified CSS --> <!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="../css/bootstrap.min.css"> <link rel="stylesheet" href="../css/bootstrap.min.css">

2
api-payroll/public/index.php
View File

@ -11,8 +11,6 @@ if (PHP_SAPI == 'cli-server') {
require __DIR__ . '/../vendor/autoload.php'; require __DIR__ . '/../vendor/autoload.php';
session_start();
// Instantiate the app // Instantiate the app
$settings = require __DIR__ . '/../src/settings.php'; $settings = require __DIR__ . '/../src/settings.php';
$app = new \Slim\App($settings); $app = new \Slim\App($settings);

10
api-payroll/public/js/landing.js
View File

@ -13,12 +13,15 @@ function logout() {
window.location.replace(baseUrl + '/html/login.php'); window.location.replace(baseUrl + '/html/login.php');
}, },
error:function(x,e) { error:function(x,e) {
let responseText = $.parseJSON(x["responseText"]);
if (x.status==0) { if (x.status==0) {
$('#modalErrorInternetConnection').modal('show'); $('#modalErrorInternetConnection').modal('show');
} else if(x.status==404) { } else if(x.status==404) {
$('#modalError404').modal('show'); $('#modalError404').modal('show');
} else if(x.status==500) { } else if(x.status==500) {
$('#modalError500').modal('show'); $('#modalServerResponseError').modal('show');
document.getElementById('modalResponseError').innerHTML = responseText['message'];
} else if(e=='parsererror') { } else if(e=='parsererror') {
$('#modalErrorParsererror').modal('show'); $('#modalErrorParsererror').modal('show');
} else if(e=='timeout'){ } else if(e=='timeout'){
@ -59,12 +62,15 @@ function loadView(requestedView){
$("#newViewBody").hide().html(data).show('slow'); $("#newViewBody").hide().html(data).show('slow');
}, },
error:function(x,e) { error:function(x,e) {
let responseText = $.parseJSON(x["responseText"]);
if (x.status==0) { if (x.status==0) {
$('#modalErrorInternetConnection').modal('show'); $('#modalErrorInternetConnection').modal('show');
} else if(x.status==404) { } else if(x.status==404) {
$('#modalError404').modal('show'); $('#modalError404').modal('show');
} else if(x.status==500) { } else if(x.status==500) {
$('#modalError500').modal('show'); $('#modalServerResponseError').modal('show');
document.getElementById('modalResponseError').innerHTML = responseText['message'];
} else if(e=='parsererror') { } else if(e=='parsererror') {
$('#modalErrorParsererror').modal('show'); $('#modalErrorParsererror').modal('show');
} else if(e=='timeout'){ } else if(e=='timeout'){

18
api-payroll/src/application/EmployeeApplication.php
View File

@ -9,13 +9,28 @@ class EmployeeApplication{
private $cryptographyService; private $cryptographyService;
private $asserts; private $asserts;
private $settings; private $settings;
private $session;
function __construct($employeeSettings, $mysql, $cryptographyService, $asserts){ /**
* EmployeeApplication constructor.
* @param $employeeSettings
* @param $mysql
* @param $cryptographyService
* @param $asserts
* @param $session
* @throws Exception
*/
function __construct($employeeSettings, $mysql, $cryptographyService, $asserts, $session){
$this->settings = $employeeSettings; $this->settings = $employeeSettings;
$this->cryptographyService = $cryptographyService; $this->cryptographyService = $cryptographyService;
$this->pdo = $mysql; $this->pdo = $mysql;
$this->asserts = $asserts; $this->asserts = $asserts;
$this->session = $session;
if(!$this->session->verifySession()){
throw new Exception('A session is requited to access this resouerce.');
};
} }
/** /**
@ -81,7 +96,6 @@ class EmployeeApplication{
} catch( PDOExecption $e ) { } catch( PDOExecption $e ) {
$this->pdo->rollback(); $this->pdo->rollback();
throw new Exception('There was an error while trying to save a new person.'); throw new Exception('There was an error while trying to save a new person.');
$this->logger->warning("There was an error in the EmployeeApplication->saveNewPerson caused by: $e ");
} }
} }

23
api-payroll/src/application/SessionApplication.php
View File

@ -4,11 +4,13 @@ namespace App\Application;
use Exception; use Exception;
class SessionApplication{ class SessionApplication{
private $session;
private $pdo; private $pdo;
private $cryptographyService; private $cryptographyService;
private $asserts; private $asserts;
function __construct($mysql, $cryptographyService, $asserts){ function __construct($session, $mysql, $cryptographyService, $asserts){
$this->session = $session;
$this->cryptographyService = $cryptographyService; $this->cryptographyService = $cryptographyService;
$this->pdo = $mysql; $this->pdo = $mysql;
$this->asserts = $asserts; $this->asserts = $asserts;
@ -18,7 +20,8 @@ class SessionApplication{
* @return bool * @return bool
*/ */
function verifySession(){ function verifySession(){
return isset($_SESSION['userName']); $userName = $this->session->get('userName');
return isset($userName);
} }
/** /**
@ -30,7 +33,7 @@ class SessionApplication{
$session['loggedIn'] = $this->verifySession(); $session['loggedIn'] = $this->verifySession();
if($this->verifySession()){ if($this->verifySession()){
$session['userName'] = $_SESSION['userName']; $session['userName'] = $this->session->get('userName');
} }
return $session; return $session;
@ -83,7 +86,12 @@ class SessionApplication{
} }
if($this->cryptographyService->decryptPassword($password, $storedPassword)){ if($this->cryptographyService->decryptPassword($password, $storedPassword)){
$_SESSION['userName'] = $userName; $this->session->set('userName', $userName);
if(!$this->verifySession()){
throw new Exception('An error occurred while trying to create the session.');
}
return true; return true;
} }
else{ else{
@ -116,9 +124,14 @@ class SessionApplication{
/** /**
* @return array * @return array
* @throws Exception
*/ */
function destroySession(){ function destroySession(){
session_destroy(); $this->session->clear();
if($this->verifySession()){
throw new Exception('An error occurred while trying to end the session.');
}
return array('status' => 'success', 'message' => 'Successfully logged out.'); return array('status' => 'success', 'message' => 'Successfully logged out.');
} }

12
api-payroll/src/dependencies.php
View File

@ -18,6 +18,13 @@ $container['logger'] = function ($c) {
return $logger; return $logger;
}; };
// Session handler
$container['session'] = function ($container) {
return new \Adbar\Session(
$container->get('settings')['session']['namespace']
);
};
// Mysql connection // Mysql connection
$container['mysql'] = function ($c) { $container['mysql'] = function ($c) {
$mysqlSettings = $c->get('settings')['mysql']; $mysqlSettings = $c->get('settings')['mysql'];
@ -60,7 +67,8 @@ $container['asserts'] = function ($c) {
// The session application // The session application
$container['sessionApplication'] = function ($c) { $container['sessionApplication'] = function ($c) {
$sessionApplication = new App\Application\SessionApplication($c['mysql'], $c['cryptographyService'], $c['asserts']); $sessionApplication = new App\Application\SessionApplication($c['session'], $c['mysql'],
$c['cryptographyService'], $c['asserts']);
return $sessionApplication; return $sessionApplication;
}; };
@ -68,6 +76,6 @@ $container['sessionApplication'] = function ($c) {
$container['employeeApplication'] = function ($c) { $container['employeeApplication'] = function ($c) {
$employeeSettings = $c->get('settings')['employee']; $employeeSettings = $c->get('settings')['employee'];
$employeeApplication = new App\Application\EmployeeApplication($employeeSettings, $employeeApplication = new App\Application\EmployeeApplication($employeeSettings,
$c['mysql'], $c['cryptographyService'], $c['asserts']); $c['mysql'], $c['cryptographyService'], $c['asserts'], $c['sessionApplication']);
return $employeeApplication; return $employeeApplication;
}; };

2
api-payroll/src/middleware.php
View File

@ -20,3 +20,5 @@ $app->add(new \Tuupola\Middleware\Cors([
->write(json_encode($data, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT)); ->write(json_encode($data, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT));
} }
])); ]));
$app->add(new \Adbar\SessionMiddleware($app->getContainer()->get('settings')['session']));

29
api-payroll/src/settings.php
View File

@ -16,6 +16,35 @@ return [
'level' => \Monolog\Logger::DEBUG, 'level' => \Monolog\Logger::DEBUG,
], ],
// Session handle settings
'session' => [
// Session cookie settings
'name' => 'payroll-laziness-rocks',
'lifetime' => 10,
'path' => '/',
'domain' => null,
'secure' => false,
'httponly' => true,
// Set session cookie path, domain and secure automatically
'cookie_autoset' => true,
// Path where session files are stored, PHP's default path will be used if set null
'save_path' => null,
// Session cache limiter
'cache_limiter' => 'nocache',
// Extend session lifetime after each user activity
'autorefresh' => true,
// Encrypt session data if string is set
'encryption_key' => '7de431684c34cf2c898268cff71392f38c4175dde050c9ee69502b81571484e0',
// Session namespace
'namespace' => 'slim'
],
// Cryptography settings // Cryptography settings
'cryptography' => [ 'cryptography' => [
'encryptionAlgorithm' => 'AES-256-CBC', 'encryptionAlgorithm' => 'AES-256-CBC',

2
api-payroll/tests/Functional/BaseTestCase.php
View File

@ -20,7 +20,7 @@ class BaseTestCase extends \PHPUnit_Framework_TestCase
* *
* @var bool * @var bool
*/ */
protected $withMiddleware = true; protected $withMiddleware = false;
/** /**
* Process the application given a request method and URI * Process the application given a request method and URI