diff --git a/VERSIONS_HOTLINE/87312 b/VERSIONS_HOTLINE/87312
new file mode 100644
index 0000000000000000000000000000000000000000..bd454c26f97350ae588a307ae930df9e6eeeaced
--- /dev/null
+++ b/VERSIONS_HOTLINE/87312
@@ -0,0 +1 @@
+ - ticket #87312 : sécurisation de l'accès à la plateforme LeKiosk
\ No newline at end of file
diff --git a/library/digital_resources/Lekiosk/Config.php b/library/digital_resources/Lekiosk/Config.php
index 27120451fef52f86cc553c45a77a7bf14a36567f..f7b40600424767d5a442d59bcab6b5f5e57cc774 100644
--- a/library/digital_resources/Lekiosk/Config.php
+++ b/library/digital_resources/Lekiosk/Config.php
@@ -36,16 +36,18 @@ class Lekiosk_Config extends Class_DigitalResource_Config {
'MailUrl' => 'http://get.lekiosk.com/pro/?utm_source=LK&utm_campaign=B2B&utm_medium=footer',
'AdminVars' => [
- 'ID' => Class_AdminVar_Meta::newDefault($this->_('Identifiant fournit par LeKiosk'))->bePrivate(),
+ 'ID' => Class_AdminVar_Meta::newDefault($this->_('Identifiant fourni par LeKiosk'))->bePrivate(),
'SSO_MODE' => Class_AdminVar_Meta::newCombo($this->_('Type de SSO lekiosk.com'),
['options' => ['selectOptions' => ['label' => $this->_('Mode d\'authentification'),
'multioptions' => ['' => 'Lien',
'CAS' => 'CAS']]]])->bePrivate(),
- 'FTP_LOGIN' => Class_AdminVar_Meta::newDefault($this->_('Identifiant du compte FTP fournit par LeKiosk (déprécié)'))->bePrivate(),
- 'FTP_PASSWORD' => Class_AdminVar_Meta::newDefault($this->_('Mot de passe du compte FTP fournit par LeKiosk (déprécié)'))->bePrivate(),
- 'HTTP_LOGIN' => Class_AdminVar_Meta::newDefault($this->_('Identifiant du compte HTTP fournit par LeKiosk'))->bePrivate(),
- 'HTTP_PASSWORD' => Class_AdminVar_Meta::newDefault($this->_('Mot de passe du compte HTTP fournit par LeKiosk'))->bePrivate(),
+ 'FTP_LOGIN' => Class_AdminVar_Meta::newDefault($this->_('Identifiant du compte FTP fourni par LeKiosk (déprécié)'))->bePrivate(),
+ 'FTP_PASSWORD' => Class_AdminVar_Meta::newDefault($this->_('Mot de passe du compte FTP fourni par LeKiosk (déprécié)'))->bePrivate(),
+ 'HTTP_LOGIN' => Class_AdminVar_Meta::newDefault($this->_('Identifiant du compte HTTP fourni par LeKiosk'))->bePrivate(),
+ 'HTTP_PASSWORD' => Class_AdminVar_Meta::newDefault($this->_('Mot de passe du compte HTTP fourni par LeKiosk'))->bePrivate(),
'HARVEST_URL' => Class_AdminVar_Meta::newDefault($this->_('URL de moissonage de la ressource LeKiosk'))->bePrivate(),
+ 'AES_KEY' => Class_AdminVar_Meta::newDefault($this->_('Clé de cryptage/AES des mails fourni par LeKiosk'))->bePrivate(),
+ 'SHA1_KEY' => Class_AdminVar_Meta::newDefault($this->_('Clé de cryptage/SHA1 des accès fourni par LeKiosk'))->bePrivate(),
],
'SsoAction' => true,
diff --git a/library/digital_resources/Lekiosk/Link.php b/library/digital_resources/Lekiosk/Link.php
index 8fcce9be8612f432cc1a1bc15d9368b193ff8c74..9414b08008cd0f72e71a177f7c6ad31f37b81125 100644
--- a/library/digital_resources/Lekiosk/Link.php
+++ b/library/digital_resources/Lekiosk/Link.php
@@ -23,8 +23,6 @@
class Lekiosk_Link extends Lekiosk_LinkAbstract {
const ROOT_URL = 'https://pros.lekiosk.com';
const BASE_URL = '/login/accesshash?';
- const AES_KEY = '56FGH4sTOV9ZXr4Q';
- const SHA1_KEY = '897RDZQo789';
protected $_mail;
protected $_base_url;
@@ -48,7 +46,7 @@ class Lekiosk_Link extends Lekiosk_LinkAbstract {
protected function accessHash() {
- return sha1($this->baseUrl() . static::SHA1_KEY);
+ return sha1($this->baseUrl() . Lekiosk_Config::getInstance()->getAdminVar('SHA1_KEY'));
}
@@ -64,7 +62,11 @@ class Lekiosk_Link extends Lekiosk_LinkAbstract {
protected function cryptedMail() {
- return bin2hex(openssl_encrypt($this->_mail, 'aes-128-cbc', static::AES_KEY, true, static::AES_KEY));
+ return bin2hex(openssl_encrypt($this->_mail,
+ 'aes-128-cbc',
+ Lekiosk_Config::getInstance()->getAdminVar('AES_KEY'),
+ true,
+ Lekiosk_Config::getInstance()->getAdminVar('AES_KEY')));
}
}
?>
\ No newline at end of file
diff --git a/library/digital_resources/Lekiosk/Service.php b/library/digital_resources/Lekiosk/Service.php
index 24f8fe8db23f96f2f1002c61f17085b84a153fd3..6411ddacd73382c464bdce812162ef1a54d14cc9 100644
--- a/library/digital_resources/Lekiosk/Service.php
+++ b/library/digital_resources/Lekiosk/Service.php
@@ -1,4 +1,3 @@
-
<?php
/**
* Copyright (c) 2012, Agence Française Informatique (AFI). All rights reserved.
diff --git a/library/digital_resources/Lekiosk/tests/LekioskTest.php b/library/digital_resources/Lekiosk/tests/LekioskTest.php
index e0ddb360028fd3ebcaeef74150042705e4e364d7..7c727e0607e9232b821ab297d678c7017c60aa4b 100644
--- a/library/digital_resources/Lekiosk/tests/LekioskTest.php
+++ b/library/digital_resources/Lekiosk/tests/LekioskTest.php
@@ -15,7 +15,7 @@
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU AFFERO GENERAL PUBLIC LICENSE
-* along with BOKEH; if not, write to the Free Software
+ * along with BOKEH; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
@@ -23,9 +23,11 @@
class LekioskAdminVars {
public static function activate() {
- Class_AdminVar::set('Lekiosk_ID', '29');
- Class_AdminVar::set('Lekiosk_FTP_LOGIN', 'FOIX');
+ Class_AdminVar::set('Lekiosk_ID', '66');
+ Class_AdminVar::set('Lekiosk_FTP_LOGIN', 'POIS');
Class_AdminVar::set('Lekiosk_FTP_PASSWORD', 'PWD');
+ Class_AdminVar::set('Lekiosk_AES_KEY', '12FA88sE3V5UKr3K');
+ Class_AdminVar::set('Lekiosk_SHA1_KEY', '976ABWQo231');
}
@@ -33,6 +35,8 @@ class LekioskAdminVars {
Class_AdminVar::set('Lekiosk_ID', '');
Class_AdminVar::set('Lekiosk_FTP_LOGIN', '');
Class_AdminVar::set('Lekiosk_FTP_PASSWORD', '');
+ Class_AdminVar::set('Lekiosk_AES_KEY', '');
+ Class_AdminVar::set('Lekiosk_SHA1_KEY', '');
}
}
@@ -61,7 +65,7 @@ abstract class LekioskLinkModeLinkTestCase extends ModelTestCase {
class LekioskLinkModeLinkTest extends LekioskLinkModeLinkTestCase {
/** @test */
public function urlForMyemailAtLekioskDotComShouldContainsEncryptedEmail() {
- $expected = 'https://pros.lekiosk.com/login/accesshash?email=1671f18f515f49271985280397c1c2bc48e1bfa31a3b638cb22e510e4953d65e&id=29&AccessHash=4eef094aacc80db2698f841214bba28f8b5d001a';
+ $expected = 'https://pros.lekiosk.com/login/accesshash?email=a9be7374efd20f652cc1206da2d721f58420bf24f5b6febd143643d402f0cf39&id=66&AccessHash=6750ec2389df54aff5ae952b7e03a521e3f2a5d5';
$this->assertEquals(
$expected,
(new Lekiosk_Link('myemail@lekiosk.com'))->url()
@@ -71,7 +75,7 @@ class LekioskLinkModeLinkTest extends LekioskLinkModeLinkTestCase {
/** @test */
public function withoutMailShouldBeNotContainsEmailKey() {
- $expected = 'https://pros.lekiosk.com/login/accesshash?email=18ca3d8ad40255ce09d5d20debc1e069&id=29&AccessHash=69436bc8e1ea7a85b3a7c9d2d764077e3519a6c5';
+ $expected = 'https://pros.lekiosk.com/login/accesshash?email=a0dc2568ae735ff737ffc8b9bf2e4fb8&id=66&AccessHash=92a485f29b5000e908fef0815c00487b1aa759a1';
$this->assertEquals($expected, (new Lekiosk_Link(''))->url());
}
@@ -79,7 +83,7 @@ class LekioskLinkModeLinkTest extends LekioskLinkModeLinkTestCase {
/** @test */
public function withEmptyUserMailShouldGetSiteOrProfileMail() {
Class_Profil::find(1)->setMailSite('toto@example.com');
- $expected = 'https://pros.lekiosk.com/login/accesshash?email=76903fe54055ab757db99c2370d89970e25c5b33b5a69cafc108c0031685af88&id=29&AccessHash=5db96ac3eb21187f2a7622ebbfa255321c7f32c1';
+ $expected = 'https://pros.lekiosk.com/login/accesshash?email=bd612092eb8f12afc609f161d641ba9a4ac6b6e45bfae616f4994f9205f50a7d&id=66&AccessHash=4c09021c872852de07b4e5e89a9fc1659a3c293c';
$this->assertEquals($expected, (new Lekiosk_Link(''))->url());
}
}
@@ -104,7 +108,7 @@ class LekioskLinkModeSSOTest extends LekioskLinkModeLinkTestCase {
public function linkShouldBeCasUrlWithLekioskId() {
$url = 'https://apipros.lekiosk.com/login/cas?'
.'cas_fournisseur=' . urlencode(Class_Url::rootUrl() . BASE_URL . '/cas-server-v10')
- .'&id=29'
+ .'&id=66'
.'&returnUrl=';
$this->assertEquals($url,
@@ -259,7 +263,7 @@ abstract class LekioskServiceTestCase extends AbstractControllerTestCase {
$file_system = $this->mock()
->whenCalled('file_get_contents')
- ->with('ftp://FOIX:PWD@ftp.lekiosk.com/lekiosque_06022017.xml')
+ ->with('ftp://POIS:PWD@ftp.lekiosk.com/lekiosque_06022017.xml')
->answers($catalogue_xml);
$http_client = $this->mock()
@@ -423,7 +427,7 @@ class LekioskRenderAlbumFromRecordTest extends LekioskServiceTestCase {
$this->_dispatchAlbum();
$url = 'https://apipros.lekiosk.com/login/cas?'
.'cas_fournisseur=' . urlencode(Class_Url::absolute('/cas-server-v10'))
- .'&id=29'
+ .'&id=66'
.'&returnUrl=Le-10-Sport-National-z1962566.aspx';
$this->assertXPath('//a[@href="' . $url . '"]', $this->_response->getBody());
@@ -435,9 +439,9 @@ class LekioskRenderAlbumFromRecordTest extends LekioskServiceTestCase {
Class_AdminVar::set('Lekiosk_SSO_MODE', '');
$this->_dispatchAlbum();
$url = 'https://pros.lekiosk.com/login/accesshash?'
- . 'email=18ca3d8ad40255ce09d5d20debc1e069'
- . '&id=29'
- . '&AccessHash=69436bc8e1ea7a85b3a7c9d2d764077e3519a6c5'
+ . 'email=a0dc2568ae735ff737ffc8b9bf2e4fb8'
+ . '&id=66'
+ . '&AccessHash=92a485f29b5000e908fef0815c00487b1aa759a1'
. '&ReturnUrl=Le-10-Sport-National-z1962566.aspx';
$this->assertXPath('//a[@href="' . $url . '"]', $this->_response->getBody());
}
@@ -547,10 +551,12 @@ abstract class LekioskServiceHttpHarvestingTestCase extends AbstractControllerTe
public function setUp() {
parent::setUp();
- Class_AdminVar::set('Lekiosk_ID', '29');
- Class_AdminVar::set('Lekiosk_HTTP_LOGIN', 'FOIX');
+ Class_AdminVar::set('Lekiosk_ID', '66');
+ Class_AdminVar::set('Lekiosk_HTTP_LOGIN', 'POIS');
Class_AdminVar::set('Lekiosk_HTTP_PASSWORD', 'PWD');
Class_AdminVar::set('Lekiosk_HARVEST_URL', 'https://apipros.lekiosk.com');
+ Class_AdminVar::set('Lekiosk_AES_KEY', '12FA88sE3V5UKr3K');
+ Class_AdminVar::set('Lekiosk_SHA1_KEY', '976ABWQo231');
$token_json = file_get_contents(__DIR__. '/token.json');
$catalogue_xml = file_get_contents(__DIR__. '/catalogue_from_http.xml');
@@ -558,7 +564,7 @@ abstract class LekioskServiceHttpHarvestingTestCase extends AbstractControllerTe
$http_client = $this->mock()
->whenCalled('postRawData')
->with('https://apipros.lekiosk.com/login',
- '{"username":"FOIX","userpwd":"PWD"}','application/json')
+ '{"username":"POIS","userpwd":"PWD"}','application/json')
->answers($token_json)
->whenCalled('open_url')
@@ -592,7 +598,7 @@ class LekioskServiceHttpUpdateHarvestingTest extends LekioskServiceHttpHarvestin
$http_client = $this->mock()
->whenCalled('postRawData')
->with('https://apipros.lekiosk.com/login',
- '{"username":"FOIX","userpwd":"PWD"}','application/json')
+ '{"username":"POIS","userpwd":"PWD"}','application/json')
->answers($token_json)
->whenCalled('open_url')
@@ -698,7 +704,7 @@ class LekioskServiceHttpHarvestingNoticeAjaxTest extends LekioskServiceHttpHarve
$this->_dispatchAlbum();
$url = 'https://apipros.lekiosk.com/login/cas?'
.'cas_fournisseur=' . urlencode(Class_Url::absolute('/cas-server-v10'))
- .'&id=29'
+ .'&id=66'
.'&returnUrl='. urlencode('/fr/pageproduct/851749/2052615');
$this->assertXPath('//a[@href="' . $url . '"]', $this->_response->getBody());
@@ -710,9 +716,9 @@ class LekioskServiceHttpHarvestingNoticeAjaxTest extends LekioskServiceHttpHarve
Class_AdminVar::set('Lekiosk_SSO_MODE', '');
$this->_dispatchAlbum();
$url = 'https://pros.lekiosk.com/login/accesshash?'
- . 'email=18ca3d8ad40255ce09d5d20debc1e069'
- . '&id=29'
- . '&AccessHash=69436bc8e1ea7a85b3a7c9d2d764077e3519a6c5'
+ . 'email=a0dc2568ae735ff737ffc8b9bf2e4fb8'
+ . '&id=66'
+ . '&AccessHash=92a485f29b5000e908fef0815c00487b1aa759a1'
. '&ReturnUrl='.urlencode('/fr/pageproduct/851749/2052615');
$this->assertXPath('//a[@href="' . $url . '"]', $this->_response->getBody());
}
@@ -728,11 +734,13 @@ class LekioskPluginTest extends Admin_AbstractControllerTestCase {
public function setUp() {
parent::setUp();
- Class_AdminVar::set('Lekiosk_ID', '29');
+ Class_AdminVar::set('Lekiosk_ID', '66');
Class_AdminVar::set('Lekiosk_HARVEST_URL', 'http://lekiosk.org/oai');
Class_AdminVar::set('Lekiosk_HTTP_LOGIN', 'lekiosk');
Class_AdminVar::set('Lekiosk_HTTP_PASSWORD', 'PWD+456');
+ Class_AdminVar::set('Lekiosk_AES_KEY', '12FA88sE3V5UKr3K');
+ Class_AdminVar::set('Lekiosk_SHA1_KEY', '976ABWQo231');
$group = $this->fixture('Class_UserGroup',
['id' => 1,
diff --git a/library/digital_resources/Skilleos/Link.php b/library/digital_resources/Skilleos/Link.php
deleted file mode 100644
index efa2b2cd3106245e9619e150314759a2480f2ec3..0000000000000000000000000000000000000000
--- a/library/digital_resources/Skilleos/Link.php
+++ /dev/null
@@ -1,67 +0,0 @@
-<?php
-/**
- * Copyright (c) 2012-2014, Agence Française Informatique (AFI). All rights reserved.
- *
- * BOKEH is free software; you can redistribute it and/or modify
- * it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE as published by
- * the Free Software Foundation.
- *
- * There are special exceptions to the terms and conditions of the AGPL as it
- * is applied to this software (see README file).
- *
- * BOKEH is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
- *
- * You should have received a copy of the GNU AFFERO GENERAL PUBLIC LICENSE
- * along with BOKEH; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- */
-
-
-class Skilleos_Link extends Skilleos_LinkAbstract {
- const ROOT_URL = 'http://skilleos.com/sigb/sso/';
-
- protected $_mail;
- protected $_base_url;
-
-
- public function __construct($mail) {
- $this->_mail = ($mail) ? $mail : Class_Profil::getPortail()->getMailSiteOrPortail();
- }
-
-
- public function url($album = null) {
- $url = static::ROOT_URL
- . $this->baseUrl()
- . '&AccessHash=' . $this->accessHash();
-
- if (!$album)
- return $url;
-
- return $url . '&ReturnUrl=' . $this->_getReturnURL($album);
- }
-
-
- protected function accessHash() {
- return sha1($this->baseUrl() . static::SHA1_KEY);
- }
-
-
- protected function baseUrl() {
- if (null === $this->_base_url)
- $this->_base_url = static::BASE_URL
- . 'id_resource=' . $this->cryptedMail()
- . '&id=' . Skilleos_Config::getInstance()->getAdminVar('ID')
- ;
-
- return $this->_base_url;
- }
-
-
- protected function cryptedMail() {
- return bin2hex(openssl_encrypt($this->_mail, 'aes-128-cbc', static::AES_KEY, true, static::AES_KEY));
- }
-}
-?>
\ No newline at end of file