diff --git a/src/Auth/Sessions.php b/src/Auth/Sessions.php index 645ff89..66b325d 100644 --- a/src/Auth/Sessions.php +++ b/src/Auth/Sessions.php @@ -3,6 +3,7 @@ namespace Misuzu\Auth; use InvalidArgumentException; use RuntimeException; +use Index\XString; use Index\Data\DbStatementCache; use Index\Data\DbTools; use Index\Data\IDbConnection; @@ -20,9 +21,8 @@ class Sessions { $this->cache = new DbStatementCache($dbConn); } - // would like to un-hex this but need to make sure AuthToken doesn't have an aneurysm over it public static function generateToken(): string { - return bin2hex(random_bytes(32)); + return XString::random(64); } public function countSessions( diff --git a/src/AuthToken.php b/src/AuthToken.php index 8b3d6f6..66cb002 100644 --- a/src/AuthToken.php +++ b/src/AuthToken.php @@ -6,6 +6,13 @@ use Index\Serialisation\UriBase64; use Misuzu\Auth\SessionInfo; use Misuzu\Users\User; +/* Map of props + * u - User ID + * s - Plaintext token string + * t - Old hex token string, fallback for s + * i - Impersonation User ID + */ + class AuthToken { private const EPOCH = 1682985600; @@ -57,12 +64,16 @@ class AuthToken { } public function getSessionToken(): string { - if(!$this->hasProperty('t')) - return ''; - return bin2hex($this->getProperty('t')); + if($this->hasProperty('s')) + return $this->getProperty('s'); + + if($this->hasProperty('t')) + return bin2hex($this->getProperty('t')); + + return ''; } public function setSessionToken(string $token): self { - $this->setProperty('t', hex2bin($token)); + $this->setProperty('s', $token); return $this; } @@ -120,7 +131,7 @@ class AuthToken { $data = unpack('Nuser/H*token', $data); $obj->props['u'] = (string)$data['user']; - $obj->props['t'] = hex2bin($data['token']); + $obj->props['s'] = $data['token']; $obj->updateTimestamp(); } elseif($version === 2) { $timestamp = substr($data, 0, 4);