HmacFactory_8php_source.html

 <?php

 namespace Elgg\Security;

 use Elgg\Traits\TimeUsing;

 class HmacFactory {

     use TimeUsing;

     protected $site_secret;

     protected $crypto;

     public function __construct(SiteSecret $secret, Crypto $crypto) {
         $this->site_secret = $secret;
         $this->crypto = $crypto;
     }

     public function getHmac($data, $algo = 'sha256', $key = '') {
         if (!$key) {
             $key = $this->site_secret->get(true);
         }

         return new Hmac($key, [$this->crypto, 'areEqual'], $data, $algo);
     }

     public function generateInviteCode(string $username): string {
         $time = $this->getCurrentTime()->getTimestamp();
         $token = $this->getHmac([$time, $username])->getToken();

         return "{$time}.{$token}";
     }

     public function validateInviteCode(string $username, string $code): bool {
         // validate the format of the token created by self::generateInviteCode()
         $matches = [];
         if (!preg_match('~^(\d+)\.([a-zA-Z0-9\-_]+)$~', $code, $matches)) {
             return false;
         }

         $time = (int) $matches[1];
         $mac = $matches[2];

         return $this->getHmac([$time, $username])->matchesToken($mac);
     }
 }
Elgg\Security\SiteSecret
Manages a site-specific secret key, encoded as a 32 byte string "secret".
Definition: SiteSecret.php:24

Elgg\Security\Crypto
Cryptographic services.
Definition: Crypto.php:12

Elgg\Security\HmacFactory\generateInviteCode
generateInviteCode(string $username)
Generates a unique invite code for a user.
Definition: HmacFactory.php:61

$mac
$mac
Definition: contents.php:14

$time
if(!$annotation instanceof ElggAnnotation) $time
Definition: time.php:20

$username
$username
Definition: delete.php:23

Elgg\Traits\TimeUsing
trait TimeUsing
Adds methods for setting the current time (for testing)
Definition: TimeUsing.php:10

$code
$code
Definition: changepassword.php:12

Elgg\Security\HmacFactory\validateInviteCode
validateInviteCode(string $username, string $code)
Validate a user&#39;s invite code.
Definition: HmacFactory.php:78

Elgg\Traits\getCurrentTime
getCurrentTime($modifier= '')
Get the (cloned) time.
Definition: TimeUsing.php:25

$data
if(!$entity instanceof\ElggUser) $data
Definition: attributes.php:13

Elgg\Security\HmacFactory\$crypto
$crypto
Definition: HmacFactory.php:22

Elgg\Security\HmacFactory\getHmac
getHmac($data, $algo= 'sha256', $key= '')
Get an HMAC token builder/validator object.
Definition: HmacFactory.php:44

Elgg\Security
Definition: Base64Url.php:3

Elgg\Security\Hmac
Component for creating HMAC tokens.
Definition: Hmac.php:10

$token
$token
Definition: securitytoken.php:9

$key
if($container instanceof ElggGroup &&$container->guid!=elgg_get_page_owner_guid()) $key
Definition: summary.php:44

Elgg\Security\HmacFactory\$site_secret
$site_secret
Definition: HmacFactory.php:17

Elgg\Security\HmacFactory\__construct
__construct(SiteSecret $secret, Crypto $crypto)
Constructor.
Definition: HmacFactory.php:30

preg_match

Elgg\Security\HmacFactory
Provides a factory for HMAC objects.
Definition: HmacFactory.php:10