[ Index ]

PHP Cross Reference of Joomla 4.2.2 documentation

title

Body

[close]

/plugins/system/webauthn/src/ -> CredentialRepository.php (summary)

[Source view] [Print] [Project Stats]

(no description)

Copyright: (C) 2020 Open Source Matters, Inc.
License: GNU General Public License version 2 or later; see LICENSE.txt
File Size: 654 lines (22 kb)
Included or required:0 times
Referenced: 0 times
Includes or requires: 0 files

Defines 15 functions

  __construct()
  findOneByCredentialId()
  findAllForUserEntity()
  saveCredentialSource()
  getAll()
  has()
  setLabel()
  remove()
  getUserHandleFor()
  getHandleFromUserId()
  getUserIdFromHandle()
  encryptCredential()
  decryptCredential()
  getEncryptionKey()
  formatDate()

Functions
Functions that are not part of a class:

__construct(DatabaseInterface $db = null)   X-Ref
Public constructor.

param: DatabaseInterface|null  $db  The database driver object to use for persistence.

findOneByCredentialId(string $publicKeyCredentialId)   X-Ref
Returns a PublicKeyCredentialSource object given the public key credential ID

param: string  $publicKeyCredentialId  The identified of the public key credential we're searching for
return: PublicKeyCredentialSource|null

findAllForUserEntity(PublicKeyCredentialUserEntity $publicKeyCredentialUserEntity)   X-Ref
Returns all PublicKeyCredentialSource objects given a user entity. We only use the `id` property of the user
entity, cast to integer, as the Joomla user ID by which records are keyed in the database table.

param: PublicKeyCredentialUserEntity  $publicKeyCredentialUserEntity  Public key credential user entity record
return: PublicKeyCredentialSource[]

saveCredentialSource(PublicKeyCredentialSource $publicKeyCredentialSource)   X-Ref
Add or update an attested credential for a given user.

param: PublicKeyCredentialSource  $publicKeyCredentialSource  The public key credential
return: void

getAll(int $userId)   X-Ref
Get all credential information for a given user ID. This is meant to only be used for displaying records.

param: int  $userId  The user ID
return: array

has(string $credentialId)   X-Ref
Do we have stored credentials under the specified Credential ID?

param: string  $credentialId  The ID of the credential to check for existence
return: boolean

setLabel(string $credentialId, string $label)   X-Ref
Update the human readable label of a credential

param: string  $credentialId  The credential ID
param: string  $label         The human readable label to set
return: void

remove(string $credentialId)   X-Ref
Remove stored credentials

param: string  $credentialId  The credentials ID to remove
return: void

getUserHandleFor(string $credentialId)   X-Ref
Return the user handle for the stored credential given its ID.

The user handle must not be personally identifiable. Per https://w3c.github.io/webauthn/#user-handle it is
acceptable to have a salted hash with a salt private to our server, e.g. Joomla's secret. The only immutable
information in Joomla is the user ID so that's what we will be using.

param: string  $credentialId  The credential ID to get the user handle for
return: string

getHandleFromUserId(int $id)   X-Ref
Return a user handle given an integer Joomla user ID. We use the HMAC-SHA-256 of the user ID with the site's
secret as the key. Using it instead of SHA-512 is on purpose! WebAuthn only allows user handles up to 64 bytes
long.

param: int  $id  The user ID to convert
return: string  The user handle (HMAC-SHA-256 of the user ID)

getUserIdFromHandle(?string $userHandle)   X-Ref
Get the user ID from the user handle

This is a VERY inefficient method. Since the user handle is an HMAC-SHA-256 of the user ID we can't just go
directly from a handle back to an ID. We have to iterate all user IDs, calculate their handles and compare them
to the given handle.

To prevent a lengthy infinite loop in case of an invalid user handle we don't iterate the entire 2+ billion valid
32-bit integer range. We load the user IDs of active users (not blocked, not pending activation) and iterate
through them.

To avoid memory outage on large sites with thousands of active user records we load up to 10000 users at a time.
Each block of 10,000 user IDs takes about 60-80 msec to iterate. On a site with 200,000 active users this method
will take less than 1.5 seconds. This is slow but not impractical, even on crowded shared hosts with a quarter of
the performance of my test subject (a mid-range, shared hosting server).

param: string|null  $userHandle  The user handle which will be converted to a user ID.
return: integer|null

encryptCredential(string $credential)   X-Ref
Encrypt the credential source before saving it to the database

param: string   $credential  The unencrypted, JSON-encoded credential source
return: string  The encrypted credential source, base64 encoded

decryptCredential(string $credential)   X-Ref
Decrypt the credential source if it was already encrypted in the database

param: string  $credential  The encrypted credential source, base64 encoded
return: string  The decrypted, JSON-encoded credential source

getEncryptionKey()   X-Ref
Get the site's secret, used as an encryption key

return: string

formatDate($date, ?string $format = null, bool $tzAware = true)   X-Ref
Format a date for display.

The $tzAware parameter defines whether the formatted date will be timezone-aware. If set to false the formatted
date will be rendered in the UTC timezone. If set to true the code will automatically try to use the logged in
user's timezone or, if none is set, the site's default timezone (Server Timezone). If set to a positive integer
the same thing will happen but for the specified user ID instead of the currently logged in user.

param: string|\DateTime  $date     The date to format
param: string|null       $format   The format string, default is Joomla's DATE_FORMAT_LC6 (usually "Y-m-d
param: bool              $tzAware  Should the format be timezone aware? See notes above.
return: string


Generated: Wed Sep 7 05:41:13 2022 Chilli.vc Blog - For Webmaster,Blog-Writer,System Admin and Domainer