32,7 → 32,7 |
* @return string |
* @throws OIDplusException |
*/ |
private static function raPepperProcessing(string $password): string { |
private function raPepperProcessing(string $password): string { |
// Additional feature: Pepper |
// The pepper is stored inside the base configuration file |
// It prevents that an attacker with SQL write rights can |
140,7 → 140,7 |
throw new OIDplusException(_L('No RA authentication plugins found')); |
} |
foreach ($plugins as $plugin) { |
if ($plugin->verify($authInfo, self::raPepperProcessing($password))) return true; |
if ($plugin->verify($authInfo, $this->raPepperProcessing($password))) return true; |
} |
|
return false; |
378,7 → 378,7 |
* @return string |
* @throws OIDplusException |
*/ |
public static function makeAuthKey(string $data): string { |
public function makeAuthKey(string $data): string { |
return sha3_512_hmac($data, 'authkey:'.OIDplus::baseConfig()->getValue('SERVER_SECRET'), false); |
} |
|
388,8 → 388,8 |
* @return bool |
* @throws OIDplusException |
*/ |
public static function validateAuthKey(string $data, string $auth_key): bool { |
return hash_equals(self::makeAuthKey($data), $auth_key); |
public function validateAuthKey(string $data, string $auth_key): bool { |
return hash_equals($this->makeAuthKey($data), $auth_key); |
} |
|
// "Veto" functions to force logout state |
464,9 → 464,9 |
* @return OIDplusRAAuthInfo |
* @throws OIDplusException |
*/ |
public static function raGeneratePassword(string $password): OIDplusRAAuthInfo { |
public function raGeneratePassword(string $password): OIDplusRAAuthInfo { |
$plugin = OIDplus::getDefaultRaAuthPlugin(true); |
return $plugin->generate(self::raPepperProcessing($password)); |
return $plugin->generate($this->raPepperProcessing($password)); |
} |
|
// Generate admin password |