allerta-vvf
/
allerta-vvf
mirror of https://github.com/allerta-vvf/allerta-vvf
1
0
Fork 0
Code Issues Releases Wiki Activity

Api key generation fix

This commit is contained in:
Matteo Gheza 2021-02-23 15:01:54 +01:00
parent d02e3e6e7b
commit c1ca0da80a
2 changed files with 3 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
server/api.php
View File

@ -24,7 +24,7 @@ $dispatcher = FastRoute\simpleDispatcher(
global $tools, $database, $user;
try {
$user->auth->loginWithUsername($_POST['username'], $_POST['password']);
$apiKey = $tools->createKey(true);
$apiKey = $tools->createKey();
$database->exec("INSERT INTO `%PREFIX%_api_keys` (`apikey`, `user`, `permissions`) VALUES (:apiKey, :userId, 'ALL');", true, [":apiKey" => $apiKey, ":userId" => $user->auth->getUserId()]);
return ["status" => "ok", "apiKey" => $apiKey];
}

10
server/core.php
View File

@ -110,15 +110,9 @@ class tools
return $array2;
}
public function createKey($hashCode=false, $lenght=128)
public function createKey($lenght=32)
{
$this->profiler_start("Create key");
$code = str_replace(".", "", bin2hex(random_bytes(10)).base64_encode(openssl_random_pseudo_bytes(30)));
if($hashCode) {
$code = $code.".".hash("sha256", $code);
}
$this->profiler_stop();
return $code;
return bin2hex(random_bytes($lenght));
}
public function sanitize($string, $htmlAllowed=false, $htmlPurifierOptions=[])