Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Payload support #1

Merged
merged 63 commits into from
Apr 28, 2016
Merged

Payload support #1

merged 63 commits into from
Apr 28, 2016

Conversation

Minishlink
Copy link
Member

  • (done) use phpecc/phpecc in order to generate the encryption key in prime256v1
  • when this PHP bug is fixed, replace phpecc by the PHP binding of OpenSSL (thanks @marco-c)
  • use OpenSSL with AES 128 GCM mode to encrypt the payload (need to wait for the resolution of this other PHP bug.)

If you want to help: (thanks!)

  • vote for the PHP bugs in the above linked pages
  • or contribute to php/php-src in order to fix the bugs

@Minishlink Minishlink added this to the 0.3.0 milestone Dec 3, 2015
@marco-c
Copy link
Member

marco-c commented Jan 26, 2016

Hey Minishlink, IIRC phpecc has known vulnerabilities.
Directly using OpenSSL would probably be better, since you have to wait for https://bugs.php.net/bug.php?id=67304, you could wait for https://bugs.php.net/bug.php?id=61204 as well (hoping that they will be resolved soon enough).

@Minishlink
Copy link
Member Author

Thanks for the info! :) It surely is worth waiting, I'll look into it.

@FallDi
Copy link

FallDi commented Feb 13, 2016

Hola. Is payload encryption works for firefox? I try run project it generated salt & publicKey, but payload not received by browser. This sample is works fine https://jrconlin.github.io/WebPushDataTestPage/, but in this sample shared key & encryption key length is less than in you code

@Minishlink
Copy link
Member Author

Hi, payload is not yet supported because PHP doesn't provide enough access to OpenSSL yet. This will likely be the case with PHP 7.1.

This PR is here to implement the changes made to resolve the aforementioned bugs. Its development is paused since the bug fixes are not yet merged in any PHP version, beta or not.

As explained in the README, a workaround is to store the payload in your server, to send notifications without payload, and to make the client fetch the corresponding payload stored in the server, using the endpoint as identification.

But, if you really need "real" payload support, you will have to drop PHP for Node.js. Note that payload won't be delivered in Chrome (though it may have changed since the last time I checked).

@marco-c
Copy link
Member

marco-c commented Mar 2, 2016

@Minishlink have you seen https://github.com/Spomky-Labs/jose/blob/master/src/Util/GCM.php? It was suggested in https://bugs.php.net/bug.php?id=67304.
OpenSSL is probably better security-wise, but at least that should make it possible to support push payloads in the meantime.

@Minishlink
Copy link
Member Author

@marco-c Yep, I'll probably look into it this weekend. :) Thanks for the notification btw.

@marco-c
Copy link
Member

marco-c commented Mar 22, 2016

The output is the same as my library.
The only difference I can see is that I'm using the normal GCM endpoint (not the experimental Web Push one) with the raw_data parameter.

@gauntface
Copy link

I'll have a look into what is needed to support normal GCM endpoint (in hindsight - it wasn't helpful using the other endpoint - apologies for not thinking it through)

@Minishlink
Copy link
Member Author

Thanks. If I'm not mistaken, the temporary server has been updated as I can see that the aforementioned behavior now works well. :)

@marco-c marco-c mentioned this pull request Apr 12, 2016
Closed
@Minishlink Minishlink mentioned this pull request Apr 20, 2016
Closed
@Minishlink Minishlink merged commit 96bf635 into master Apr 28, 2016
@Minishlink Minishlink deleted the payload branch April 28, 2016 14:47
@kanishkdudeja kanishkdudeja mentioned this pull request May 8, 2016
Closed
Minishlink added a commit that referenced this pull request Oct 6, 2016
@Minishlink
Merge pull request #1 from Minishlink/master
740eab5 
Update library
@yourchoice yourchoice mentioned this pull request Nov 10, 2016
Closed
@albertsylvester albertsylvester mentioned this pull request Jan 7, 2017
Closed
@gc-profi gc-profi mentioned this pull request Feb 20, 2017
Closed
@abetwothree abetwothree mentioned this pull request Nov 8, 2017
Closed
9 tasks
t1gor added a commit to t1gor/web-push-php that referenced this pull request Sep 6, 2018
@t1gor
Attempt to fix tests web-push-libs#1
2c26e3e
t1gor added a commit to t1gor/web-push-php that referenced this pull request Nov 26, 2018
@t1gor
Attempt to fix tests web-push-libs#1
5b344b2
Minishlink pushed a commit that referenced this pull request Nov 27, 2018
@t1gor @Minishlink
Return results as a \Generator (#185)
eac6697 
* WIP: initial concept of returning report objects

* WIP: add a test

* Docs update

Change results handling example

* Attempt to fix tests #1

* Change flush() signature for easier mocking

* Unqualify iterable

* Remove ignored vagrant file
@leonnduati leonnduati mentioned this pull request Jan 25, 2019
Closed
@vzhivkov vzhivkov mentioned this pull request Mar 1, 2019
Closed
@ghnp5 ghnp5 mentioned this pull request Dec 10, 2019
Closed
5 tasks
@DonaldDuck313 DonaldDuck313 mentioned this pull request Dec 28, 2019
Closed
@nunoperalta nunoperalta mentioned this pull request Oct 29, 2020
Closed
14 tasks
@musaffar-patel musaffar-patel mentioned this pull request Jun 18, 2021
Closed
@gitcloneg gitcloneg mentioned this pull request Dec 10, 2021
Closed
This was referenced Apr 13, 2022
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.0
Development

Successfully merging this pull request may close these issues.
4 participants
@Minishlink @marco-c @FallDi @gauntface