CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-06-28 19:20:25 +12:00
Code Issues Projects Releases Wiki Activity

feat: standardise token length

Browse source
This commit is contained in:
loks0n 2024-01-11 10:51:26 +00:00
parent 5112e14d5f
commit 032ce1ec0c
2 changed files with 13 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
app/controllers/api/account.php
View file

@ -774,10 +774,10 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
$duration = $project->getAttribute('auths', [])['duration'] ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
$expire = DateTime::formatTz(DateTime::addSeconds(new \DateTime(), $duration));
$secret = Auth::tokenGenerator();
// If the `token` param is set, we will return the token in the query string
if ($state['token']) {
$secret = Auth::tokenGenerator(Auth::TOKEN_LENGTH_OAUTH2);
$token = new Document([
'$id' => ID::unique(),
'userId' => $user->getId(),
@ -811,6 +811,7 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
} else {
$detector = new Detector($request->getUserAgent('UNKNOWN'));
$record = $geodb->get($request->getIP());
$secret = Auth::tokenGenerator();
$session = new Document(array_merge([
'$id' => ID::unique(),
@ -1049,7 +1050,7 @@ App::post('/v1/account/tokens/magic-url')
Authorization::skip(fn () => $dbForProject->createDocument('users', $user));
}
$tokenSecret = Auth::tokenGenerator(32);
$tokenSecret = Auth::tokenGenerator(Auth::TOKEN_LENGTH_MAGIC_URL);
$expire = DateTime::formatTz(DateTime::addSeconds(new \DateTime(), Auth::TOKEN_EXPIRATION_CONFIRM));
$token = new Document([

10
src/Appwrite/Auth/Auth.php
View file

@ -76,6 +76,14 @@ class Auth
public const TOKEN_EXPIRATION_PHONE = 60 * 15; /* 15 minutes */
public const TOKEN_EXPIRATION_UNIVERSAL = 60 * 15; /* 15 minutes */
/**
* Token Lengths.
*/
public const TOKEN_LENGTH_MAGIC_URL = 32;
public const TOKEN_LENGTH_OAUTH2 = 32;
public const TOKEN_LENGTH_SESSION = 128;
/**
* @var string
*/
@ -301,7 +309,7 @@ class Auth
*
* @return string
*/
public static function tokenGenerator(int $length = 128): string
public static function tokenGenerator(int $length = Auth::TOKEN_LENGTH_SESSION): string
{
return \bin2hex(\random_bytes($length));
}