Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LIMS-1163: Improve error message when token is invalid #702

Merged
merged 7 commits into from
Jan 10, 2024
Merged

LIMS-1163: Improve error message when token is invalid #702

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
f7cee6f
LIMS-1163: Improve error message when token is invalid
Dec 5, 2023
4734441
LIMS-1163: Specify the type of address meant
Dec 5, 2023
d5c41a5
LIMS-1163: Move global declaration to top of function
Dec 5, 2023
bf41978
LIMS-1163: Log more info rather than showing to user
Dec 15, 2023
58aead9
LIMS-1163: Log user agent if no token found
Dec 15, 2023
68cd710
LIMS-1163: Log user agent if no token found
Dec 15, 2023
494fa61
LIMS-1163: Dont return unnecessary information to user
Jan 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 25 additions & 5 deletions api/src/Controllers/AuthenticationController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -161,12 +161,19 @@ private function processOneTimeUseTokens(): bool
$tokenId = $this->app->request()->get('token');
if ($tokenId)
{
# Remove tokens more than 10 seconds old, they should have been used
$this->dataLayer->deleteOldOneTimeUseTokens();
$max_token_age = 10;
$token = $this->dataLayer->getOneTimeUseToken($tokenId);
if (sizeof($token))
{
$token = $token[0];
if ($token['AGE'] > $max_token_age)
{
$err = 'Authorisation token too old. Please press back and then try again.';
$err .= ' If this problem persists, please try clearing your cookies or using a different browser.';
error_log('Authorisation token too old. Age: '.$token['AGE'].'s. Max age: '.$max_token_age.'s.');
error_log('User-agent: ' . $_SERVER['HTTP_USER_AGENT']);
$this->returnError(400, $err);
}
$qs = $_SERVER['QUERY_STRING'] ? (preg_replace('/(&)?token=\w+/', '', str_replace('&', '&', $_SERVER['QUERY_STRING']))) : null;
if ($qs)
$qs = '?' . $qs;
Expand All @@ -178,13 +185,26 @@ private function processOneTimeUseTokens(): bool
$need_auth = false;
$this->dataLayer->deleteOneTimeUseToken($tokenId);
}
else
{
error_log('Authorisation token not valid for this URL.');
error_log('Requested site: ' . $this->app->request->getResourceUri() . $qs);
error_log('Token valid for: ' . $token['VALIDITY']);
$err = 'Invalid one-time authorisation token.';
$this->returnError(400, $err);
}
}
else
{
$this->returnError(400, 'Invalid one time authorisation token');
$err = 'No authorisation token found. ';
$err .= 'If this error persists, please try clearing your cookies or using a different browser.';
error_log('No authorisation token found.');
error_log('User-agent: ' . $_SERVER['HTTP_USER_AGENT']);
$this->returnError(400, $err);
}
# Remove tokens more than $max_token_age seconds old, they should have been used
$this->dataLayer->deleteOldOneTimeUseTokens($max_token_age);
}

return $need_auth;
}

Expand Down Expand Up @@ -396,4 +416,4 @@ private function authenticateByType() {
}
}

}
}
11 changes: 6 additions & 5 deletions api/src/Model/Services/AuthenticationData.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,8 @@ function isUserLoggedIn($userId): bool

function getOneTimeUseToken($tokenId)
{
return $this->db->pq("SELECT o.validity, pe.personid, pe.login, CONCAT(p.proposalcode, p.proposalnumber) as prop
return $this->db->pq("SELECT o.validity, pe.personid, pe.login, CONCAT(p.proposalcode, p.proposalnumber) as prop,
NOW() - o.recordTimeStamp as age
FROM SW_onceToken o
INNER JOIN proposal p ON p.proposalid = o.proposalid
INNER JOIN person pe ON pe.personid = o.personid
Expand All @@ -40,10 +41,10 @@ function deleteOneTimeUseToken($tokenId)
$this->db->pq("DELETE FROM SW_onceToken WHERE token=:1", array($tokenId));
}

function deleteOldOneTimeUseTokens()
function deleteOldOneTimeUseTokens($max_token_age)
{
# Remove tokens more than 10 seconds old, they should have been used
$this->db->pq("DELETE FROM SW_onceToken WHERE recordTimeStamp < NOW() - INTERVAL 10 SECOND");
# Remove tokens more than $max_token_age seconds old, they should have been used
$this->db->pq("DELETE FROM SW_onceToken WHERE recordTimeStamp < NOW() - INTERVAL :1 SECOND", array($max_token_age));
}


Expand Down Expand Up @@ -100,4 +101,4 @@ function updateActivityTimestamp($loginId)
}
}
}
}
}
Loading