MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: [security] Properly validate new auth key

pull/6585/head
Jakub Onderka 2020-11-14 22:33:05 +01:00
parent 7f2aec7f34
commit b057426b9f
1 changed files with 21 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
app/Model/AuthKey.php
View File

@ -1,24 +1,20 @@
<?php <?php
App::uses('AppModel', 'Model'); App::uses('AppModel', 'Model');
App::uses('RandomTool', 'Tools'); App::uses('RandomTool', 'Tools');
/**
* @property User $User
*/
class AuthKey extends AppModel class AuthKey extends AppModel
{ {
public $recursive = -1; public $recursive = -1;
public $actsAs = array( public $actsAs = array(
'SysLogLogable.SysLogLogable' => array( 'SysLogLogable.SysLogLogable' => array(
'userModel' => 'User', 'userModel' => 'User',
'userKey' => 'user_id', 'userKey' => 'user_id',
'change' => 'full'), 'change' => 'full'),
'Containable', 'Containable',
);
public $validate = array(
'json' => array(
'isValidJson' => array(
'rule' => array('isValidJson'),
)
)
); );
public $belongsTo = array( public $belongsTo = array(
@ -44,7 +40,7 @@ class AuthKey extends AppModel
} else { } else {
$authkey = $this->data['AuthKey']['authkey']; $authkey = $this->data['AuthKey']['authkey'];
} }
$passwordHasher = new BlowfishPasswordHasher(); $passwordHasher = $this->getHasher();
$this->data['AuthKey']['authkey'] = $passwordHasher->hash($authkey); $this->data['AuthKey']['authkey'] = $passwordHasher->hash($authkey);
$this->data['AuthKey']['authkey_start'] = substr($authkey, 0, 4); $this->data['AuthKey']['authkey_start'] = substr($authkey, 0, 4);
$this->data['AuthKey']['authkey_end'] = substr($authkey, -4); $this->data['AuthKey']['authkey_end'] = substr($authkey, -4);
@ -65,6 +61,7 @@ class AuthKey extends AppModel
$end = substr($authkey, -4); $end = substr($authkey, -4);
$existing_authkeys = $this->find('all', [ $existing_authkeys = $this->find('all', [
'recursive' => -1, 'recursive' => -1,
'fields' => ['authkey', 'user_id'],
'conditions' => [ 'conditions' => [
'OR' => [ 'OR' => [
'expiration >' => time(), 'expiration >' => time(),
@ -74,8 +71,9 @@ class AuthKey extends AppModel
'authkey_end' => $end, 'authkey_end' => $end,
] ]
]); ]);
$passwordHasher = $this->getHasher();
foreach ($existing_authkeys as $existing_authkey) { foreach ($existing_authkeys as $existing_authkey) {
if (Security::hash($authkey, 'blowfish', $existing_authkey['AuthKey']['authkey'])) { if ($passwordHasher->check($authkey, $existing_authkey['AuthKey']['authkey'])) {
return $this->User->getAuthUser($existing_authkey['AuthKey']['user_id']); return $this->User->getAuthUser($existing_authkey['AuthKey']['user_id']);
} }
} }
@ -110,4 +108,12 @@ class AuthKey extends AppModel
return false; return false;
} }
} }
/**
* @return AbstractPasswordHasher
*/
private function getHasher()
{
return new BlowfishPasswordHasher();
}
} }