From 6a41a21e09894236c26daa10019d0e0a859f963b Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?= <timwolla@arcor.de>
Date: Tue, 3 Jul 2012 16:37:08 +0200
Subject: [PATCH] Adding AbstractAuthedPage

AbstractAuthedPage authes a user for exactly one, the current request, based on the new accessToken.

The token is rendered invalid when the password of the user is changed. This ensures the user can make compromised tokens invalid by himself.
---
 .../files/lib/data/user/UserEditor.class.php  |  8 ++-
 .../lib/page/AbstractAuthedPage.class.php     | 61 +++++++++++++++++++
 wcfsetup/setup/db/install.sql                 |  1 +
 3 files changed, 69 insertions(+), 1 deletion(-)
 create mode 100644 wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php

diff --git a/wcfsetup/install/files/lib/data/user/UserEditor.class.php b/wcfsetup/install/files/lib/data/user/UserEditor.class.php
index 36ceb11b26..e91bf95902 100644
--- a/wcfsetup/install/files/lib/data/user/UserEditor.class.php
+++ b/wcfsetup/install/files/lib/data/user/UserEditor.class.php
@@ -30,6 +30,9 @@ class UserEditor extends DatabaseObjectEditor {
 		$parameters['salt'] = StringUtil::getRandomID();
 		$parameters['password'] = StringUtil::getDoubleSaltedHash($parameters['password'], $parameters['salt']);
 		
+		// create accessToken for AbstractAuthedPage
+		$parameters['accessToken'] = StringUtil::getRandomID();
+		
 		// handle registration date
 		if (!isset($parameters['registrationDate'])) $parameters['registrationDate'] = TIME_NOW;
 		
@@ -60,8 +63,11 @@ class UserEditor extends DatabaseObjectEditor {
 			$parameters['salt'] = StringUtil::getRandomID();
 			$parameters['password'] = StringUtil::getDoubleSaltedHash($parameters['password'], $parameters['salt']);
 			
-			// update salt
+			$parameters['accessToken'] = StringUtil::getRandomID();
+			
+			// update salt and accessToken
 			$this->salt = $parameters['salt'];
+			$this->accessToken = $parameters['accessToken'];
 		}
 		
 		parent::update($parameters);
diff --git a/wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php b/wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php
new file mode 100644
index 0000000000..223edde95d
--- /dev/null
+++ b/wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php
@@ -0,0 +1,61 @@
+<?php
+namespace wcf\page;
+use wcf\data\user\User;
+use wcf\system\exception\IllegalLinkException;
+use wcf\system\session\SessionHandler;
+use wcf\system\WCF;
+use wcf\util\StringUtil;
+
+/**
+ * Automatically authes the user for the current request via an access-token.
+ * A missing token will be ignored, an invalid token results in a throw of a IllegalLinkException.
+ * 
+ * @author	Tim DÃ¼sterhus
+ * @copyright	2001-2012 WoltLab GmbH
+ * @license	GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @package	com.woltlab.wcf
+ * @subpackage	page
+ * @category 	Community Framework
+ */
+abstract class AbstractAuthedPage extends AbstractPage {
+	/**
+	 * @see wcf\page\IPage::readParameters()
+	 */
+	public function readParameters() {
+		parent::readParameters();
+		
+		// check security token
+		$this->checkAccessToken();
+	}
+	
+	/**
+	 * Validates the access-token and performs the login.
+	 */
+	protected function checkAccessToken() {
+		if (isset($_REQUEST['at'])) {
+			list($userID, $token) = explode('-', StringUtil::trim($_REQUEST['at']));
+			
+			if (WCF::getUser()->userID) {
+				if ($userID == WCF::getUser()->userID && WCF::getUser()->accessToken == $token) {
+					// everything is fine, but we are already logged in
+					return;
+				}
+				else {
+					// token is invalid
+					throw new IllegalLinkException();
+				}
+			}
+			else {
+				$user = new User($userID);
+				if ($user->accessToken == $token) {
+					// token is valid -> change user
+					SessionHandler::getInstance()->changeUser($user, true);
+				}
+				else {
+					// token is invalid
+					throw new IllegalLinkException();
+				}
+			}
+		}
+	}
+}
diff --git a/wcfsetup/setup/db/install.sql b/wcfsetup/setup/db/install.sql
index 14ce765497..22d597e375 100644
--- a/wcfsetup/setup/db/install.sql
+++ b/wcfsetup/setup/db/install.sql
@@ -634,6 +634,7 @@ CREATE TABLE wcf1_user (
 	email VARCHAR(255) NOT NULL DEFAULT '',
 	password VARCHAR(40) NOT NULL DEFAULT '',
 	salt VARCHAR(40) NOT NULL DEFAULT '',
+	accessToken CHAR(40) NOT NULL DEFAULT '',
 	languageID INT(10) NOT NULL DEFAULT 0,
 	registrationDate INT(10) NOT NULL DEFAULT 0,
 	styleID INT(10) NOT NULL DEFAULT 0,
-- 
2.20.1