Skip to content

Commit

Permalink
changed auth
Browse files Browse the repository at this point in the history
  • Loading branch information
stubbe committed Mar 6, 2023
1 parent 8ac1284 commit c2e118f
Show file tree
Hide file tree
Showing 2 changed files with 54 additions and 18 deletions.
4 changes: 2 additions & 2 deletions code/Model/Communicator.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ public function removeProduct($productId)

}

/**
/**
* @params $orderId, $productId, $quantity
* @throws Exception
*/
Expand All @@ -120,7 +120,7 @@ public function returnProduct($orderId, $productId, $quantity)
$data['private_key'] = $this->getPrivateKey($storeId);

$this->post('log/returned', $data);

}
}

Expand Down
68 changes: 52 additions & 16 deletions code/controllers/ApiController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,24 +30,30 @@ public function preDispatch()
$this->setStore();
$this->getResponse()->setHeader('Content-type', 'application/json');

$input = $this->getRequest()->getHeader('CLERK-PRIVATE-KEY');
$privatekey = $this->getRequest()->getParam('private_key');
$key = $this->getRequest()->getParam('key');
$key = false;
$privatekey = false;

$secret = Mage::helper('clerk')->getSetting('clerk/general/privateapikey');
$request_body = $this->getRequest()->getRawBody();

if($request_body){
$request_body = json_decode($request_body) ? (array) json_decode($request_body) : array();
$privatekey = array_key_exists('private_key', $request_body) ? $request_body['private_key'] : false;
$key = array_key_exists('key', $request_body) ? $request_body['key'] : false;
}

$privateapikey = Mage::helper('clerk')->getSetting('clerk/general/privateapikey');
$publicapikey = Mage::helper('clerk')->getSetting('clerk/general/publicapikey');


if($secret && $privatekey == trim($secret) && $key && $key == trim($publicapikey) ){
if($this->timingSafeEquals($privateapikey, $privatekey) && $this->timingSafeEquals($publicapikey, $key)){

return parent::preDispatch();
}

if (!$secret || $input !== trim($secret)) {
} else {

$response = [
'error' => [
'code' => 403,
'message' => 'Invalid public or private key supplied',
'message' => 'Invalid public or private key supplied'
]
];

Expand All @@ -57,9 +63,8 @@ public function preDispatch()
->setBody(json_encode($response))
->sendResponse();
exit;
}

return parent::preDispatch();
}

} catch (Exception $e) {

Expand Down Expand Up @@ -104,6 +109,37 @@ private function setStore()
exit;
}

/**
* Timing safe key comparison
*
* @return boolean
*/
private function timingSafeEquals($safe, $user)
{
if(!is_string($safe) || !is_string($user)){
return false;
}

$safeLen = strlen($safe);
$userLen = strlen($user);

if ($userLen < 8 || $safeLen < 8){
return false;
}

if ($userLen != $safeLen) {
return false;
}

$result = 0;

for ($i = 0; $i < $userLen; $i++) {
$result |= (ord($safe[$i]) ^ ord($user[$i]));
}

return $result === 0;
}

/**
* Return Clerk module version
*/
Expand Down Expand Up @@ -165,7 +201,7 @@ public function getconfigAction()
'PRODUCT_SYNCHRONIZATION_IMPORT_URL' => Mage::helper('clerk')->getSetting('clerk/general/url'),
'SUBSCRIBER_SYNCHRONIZATION_ENABLED' => Mage::helper('clerk')->getSetting('clerk/general/collect_subscribers'),


'SEARCH_ENABLED' => Mage::helper('clerk')->getSetting('clerk/search/active'),
'SEARCH_INCLUDE_CATEGORIES' => Mage::helper('clerk')->getSetting('clerk/search/show_categories'),
'SEARCH_CATEGORIES' => Mage::helper('clerk')->getSetting('clerk/search/categories'),
Expand All @@ -174,7 +210,7 @@ public function getconfigAction()
'SEARCH_TEMPLATE' => Mage::helper('clerk')->getSetting('clerk/search/template'),
'SEARCH_NO_RESULTS_TEXT' => Mage::helper('clerk')->getSetting('clerk/search/no_results_text'),
'SEARCH_LOAD_MORE_TEXT' => Mage::helper('clerk')->getSetting('clerk/search/load_more_text'),

'FACETED_SEARCH_ENABLED' => Mage::helper('clerk')->getSetting('clerk/faceted_search/active'),
'FACETED_SEARCH_DESIGN' => Mage::helper('clerk')->getSetting('clerk/faceted_search/design'),
'FACETED_SEARCH_ATTRIBUTES' => Mage::helper('clerk')->getSetting('clerk/faceted_search/attributes'),
Expand Down Expand Up @@ -453,7 +489,7 @@ public function setconfigAction()
Mage::getConfig()->saveConfig($path, $value, 'stores', $storeid);
$count++;
}

// powerstep
if ($key == "POWERSTEP_ENABLED"){
$path = 'clerk/powerstep/active';
Expand Down Expand Up @@ -487,7 +523,7 @@ public function setconfigAction()
Mage::getConfig()->saveConfig($path, $value, 'stores', $storeid);
$count++;
}

//category
if ($key == "CATEGORY_ENABLED"){
$path = 'clerk/category/enabled';
Expand Down Expand Up @@ -522,7 +558,7 @@ public function setconfigAction()
$count++;
}

// cart
// cart
if ($key == "CART_ENABLED"){
$path = 'clerk/cart/enabled';
Mage::getConfig()->saveConfig($path, $value, 'stores', $storeid);
Expand Down

0 comments on commit c2e118f

Please sign in to comment.