Proyectos de Subversion Moodle

<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.

/**
 * Helpers for authenticating mobile users through tokens
 *
 * @package    mod_hvp
 * @copyright  2019 Joubel AS
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
 */

namespace mod_hvp;

defined('MOODLE_INTERNAL') || die();

class mobile_auth {

    const VALID_TIME = 60;

    /**
     * Generate embed auth token
     *
     * @param string $secret Secret phrase added to the hash
     * @param int $validfor Time factor that determines how long the token is valid
     *
     * @return array Login token and secret
     * @throws \Exception
     */
    public static function create_embed_auth_token($secret = null, $validfor = null) {
        if (!$validfor) {
            $validfor = self::get_time_factor();
        }

        if (empty($secret)) {
            if (function_exists('random_bytes')) {
                $secret = base64_encode(random_bytes(15));
            } else if (function_exists('openssl_random_pseudo_bytes')) {
                $secret = base64_encode(openssl_random_pseudo_bytes(15));
            } else {
                $secret = uniqid('', true);
            }
        }

        return [
            hash('md5', 'embed_auth' . $validfor . $secret),
            $secret
        ];
    }

    /**
     * Validate embed auth token
     *
     * @param string $token
     * @param string $secret
     *
     * @return bool True if valid token was supplied
     * @throws \Exception
     */
    public static function validate_embed_auth_token($token, $secret) {
        $timefactor = self::get_time_factor();
        // Splitting into two halves and allowing both allows for fractions roundup in the time factor.
        list($generatedtoken) = self::create_embed_auth_token($secret, $timefactor);
        list($generatedtoken2) = self::create_embed_auth_token($secret, $timefactor - 1);
        return $token === $generatedtoken || $token === $generatedtoken2;
    }

    /**
     * Check if provided user_id and token are valid for authenticating the user
     *
     * @param string $userid
     * @param string $token
     *
     * @return bool True if token and user_id is valid
     * @throws \dml_exception
     */
    public static function has_valid_token($userid, $secret) {
        global $DB;

        if (!$userid || !$secret) {
            return false;
        }

        $auth = $DB->get_record('hvp_auth', array(
            'user_id' => $userid,
        ));
        if (!$auth) {
            return false;
        }

        $isvalid = self::validate_embed_auth_token($auth->secret, $secret);

        // Cleanup user's token when used.
        if ($isvalid) {
            $DB->delete_records('hvp_auth', array(
                'user_id' => $userid
            ));
        }

        return $isvalid;
    }

    /**
     * Get time factor for how long the token is valid
     *
     * @return float
     */
    public static function get_time_factor() {
        return ceil(time() / self::VALID_TIME);
    }
}