firefly-iii/app/Console/Commands/VerifiesAccessToken.php

<?php
/**
 * VerifiesAccessToken.php
 * Copyright (c) 2020 james@firefly-iii.org
 *
 * This file is part of Firefly III (https://github.com/firefly-iii).
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */

declare(strict_types=1);

namespace FireflyIII\Console\Commands;

use FireflyIII\Exceptions\FireflyException;
use FireflyIII\Repositories\User\UserRepositoryInterface;
use FireflyIII\User;
use Log;

/**
 * Trait VerifiesAccessToken.
 *
 * Verifies user access token for sensitive commands.
 *
 * @codeCoverageIgnore
 */
trait VerifiesAccessToken
{
    /**
     * @return User
     * @throws FireflyException
     */
    public function getUser(): User
    {
        $userId = (int)$this->option('user');
        /** @var UserRepositoryInterface $repository */
        $repository = app(UserRepositoryInterface::class);
        $user       = $repository->findNull($userId);
        if (null === $user) {
            throw new FireflyException('User is unexpectedly NULL');
        }

        return $user;
    }

    /**
     * Abstract method to make sure trait knows about method "option".
     *
     * @param string|null $key
     *
     * @return mixed
     */
    abstract public function option($key = null);

    /**
     * Returns false when given token does not match given user token.
     *
     * @return bool
     */
    protected function verifyAccessToken(): bool
    {
        $userId = (int)$this->option('user');
        $token  = (string)$this->option('token');
        /** @var UserRepositoryInterface $repository */
        $repository = app(UserRepositoryInterface::class);
        $user       = $repository->findNull($userId);

        if (null === $user) {
            Log::error(sprintf('verifyAccessToken(): no such user for input "%d"', $userId));

            return false;
        }
        $accessToken = app('preferences')->getForUser($user, 'access_token', null);
        if (null === $accessToken) {
            Log::error(sprintf('User #%d has no access token, so cannot access command line options.', $userId));

            return false;
        }
        if (!($accessToken->data === $token)) {
            Log::error(sprintf('Invalid access token for user #%d.', $userId));
            Log::error(sprintf('Token given is "%s", expected something else.', $token));

            return false;
        }

        return true;
    }
}
Improve export routine and cron job for #837 2017-09-14 21:17:19 +02:00			`<?php`
			`/**`
			`* VerifiesAccessToken.php`
Update copyright thingie. 2020-01-23 20:35:02 +01:00			`* Copyright (c) 2020 james@firefly-iii.org`
Improve export routine and cron job for #837 2017-09-14 21:17:19 +02:00			`*`
Update copyright of Firefly III to the GNU Affero General Public License as suggested by @nxxxse in #2607. This applies to all code in this commit from this moment onwards. 2019-10-02 06:37:26 +02:00			`* This file is part of Firefly III (https://github.com/firefly-iii).`
New copyright notice. 2017-10-21 08:40:00 +02:00			`*`
Update copyright of Firefly III to the GNU Affero General Public License as suggested by @nxxxse in #2607. This applies to all code in this commit from this moment onwards. 2019-10-02 06:37:26 +02:00			`* This program is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU Affero General Public License as`
			`* published by the Free Software Foundation, either version 3 of the`
			`* License, or (at your option) any later version.`
New copyright notice. 2017-10-21 08:40:00 +02:00			`*`
Update copyright of Firefly III to the GNU Affero General Public License as suggested by @nxxxse in #2607. This applies to all code in this commit from this moment onwards. 2019-10-02 06:37:26 +02:00			`* This program is distributed in the hope that it will be useful,`
New copyright notice. 2017-10-21 08:40:00 +02:00			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
Update copyright of Firefly III to the GNU Affero General Public License as suggested by @nxxxse in #2607. This applies to all code in this commit from this moment onwards. 2019-10-02 06:37:26 +02:00			`* GNU Affero General Public License for more details.`
New copyright notice. 2017-10-21 08:40:00 +02:00			`*`
Update copyright of Firefly III to the GNU Affero General Public License as suggested by @nxxxse in #2607. This applies to all code in this commit from this moment onwards. 2019-10-02 06:37:26 +02:00			`* You should have received a copy of the GNU Affero General Public License`
			`* along with this program. If not, see <https://www.gnu.org/licenses/>.`
Improve export routine and cron job for #837 2017-09-14 21:17:19 +02:00			`*/`

Update copyright statements. 2018-05-11 10:08:34 +02:00			`declare(strict_types=1);`

Improve export routine and cron job for #837 2017-09-14 21:17:19 +02:00			`namespace FireflyIII\Console\Commands;`

Code for #1071 2018-10-13 21:32:20 +02:00			`use FireflyIII\Exceptions\FireflyException;`
Improve export routine and cron job for #837 2017-09-14 21:17:19 +02:00			`use FireflyIII\Repositories\User\UserRepositoryInterface;`
Code for #1071 2018-10-13 21:32:20 +02:00			`use FireflyIII\User;`
Improve export routine and cron job for #837 2017-09-14 21:17:19 +02:00			`use Log;`

Various code cleanup. 2017-09-16 07:41:03 +02:00			`/**`
Code clean up. 2017-11-15 12:25:49 +01:00			`* Trait VerifiesAccessToken.`
Various code cleanup. 2017-09-16 07:41:03 +02:00			`*`
			`* Verifies user access token for sensitive commands.`
Code for #1071 2018-10-13 21:32:20 +02:00			`*`
Mark code as untestable or deprecated (or both). 2018-08-23 18:33:07 +02:00			`* @codeCoverageIgnore`
Various code cleanup. 2017-09-16 07:41:03 +02:00			`*/`
Improve export routine and cron job for #837 2017-09-14 21:17:19 +02:00			`trait VerifiesAccessToken`
			`{`
Code for #1071 2018-10-13 21:32:20 +02:00			`/**`
			`* @return User`
			`* @throws FireflyException`
			`*/`
			`public function getUser(): User`
			`{`
			`$userId = (int)$this->option('user');`
			`/** @var UserRepositoryInterface $repository */`
			`$repository = app(UserRepositoryInterface::class);`
			`$user = $repository->findNull($userId);`
			`if (null === $user) {`
			`throw new FireflyException('User is unexpectedly NULL');`
			`}`

			`return $user;`
			`}`

Various code cleanup 2017-09-16 07:17:58 +02:00			`/**`
Various code cleanup. 2017-09-16 07:41:03 +02:00			`* Abstract method to make sure trait knows about method "option".`
Various code cleanup. 2017-10-05 11:49:06 +02:00			`*`
Some light refactoring. No changes. 2018-01-25 18:41:27 +01:00			`* @param string\|null $key`
Various code cleanup 2017-09-16 07:17:58 +02:00			`*`
			`* @return mixed`
			`*/`
			`abstract public function option($key = null);`

Improve export routine and cron job for #837 2017-09-14 21:17:19 +02:00			`/**`
Various code cleanup. 2017-09-16 07:41:03 +02:00			`* Returns false when given token does not match given user token.`
			`*`
Improve export routine and cron job for #837 2017-09-14 21:17:19 +02:00			`* @return bool`
			`*/`
			`protected function verifyAccessToken(): bool`
			`{`
Log file security. 2018-03-30 14:50:44 +02:00			`$userId = (int)$this->option('user');`
Expand test code for create export routine. 2018-03-30 16:44:33 +02:00			`$token = (string)$this->option('token');`
Improve export routine and cron job for #837 2017-09-14 21:17:19 +02:00			`/** @var UserRepositoryInterface $repository */`
			`$repository = app(UserRepositoryInterface::class);`
Expand test code for create export routine. 2018-03-30 16:44:33 +02:00			`$user = $repository->findNull($userId);`
Improve export routine and cron job for #837 2017-09-14 21:17:19 +02:00
Some light refactoring. No changes. 2018-01-25 18:41:27 +01:00			`if (null === $user) {`
Improve export routine and cron job for #837 2017-09-14 21:17:19 +02:00			`Log::error(sprintf('verifyAccessToken(): no such user for input "%d"', $userId));`

			`return false;`
			`}`
Clean up references to static Facade. 2018-07-15 09:27:38 +02:00			`$accessToken = app('preferences')->getForUser($user, 'access_token', null);`
Code clean up. 2017-11-15 12:25:49 +01:00			`if (null === $accessToken) {`
Improve export routine and cron job for #837 2017-09-14 21:17:19 +02:00			`Log::error(sprintf('User #%d has no access token, so cannot access command line options.', $userId));`

			`return false;`
			`}`
			`if (!($accessToken->data === $token)) {`
			`Log::error(sprintf('Invalid access token for user #%d.', $userId));`
Log file security. 2018-03-30 14:50:44 +02:00			`Log::error(sprintf('Token given is "%s", expected something else.', $token));`
Improve export routine and cron job for #837 2017-09-14 21:17:19 +02:00
			`return false;`
			`}`

			`return true;`
			`}`
Code cleanup. 2017-11-08 09:05:10 +01:00			`}`