Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
100.00% |
13 / 13 |
|
100.00% |
2 / 2 |
CRAP | |
100.00% |
1 / 1 |
| VerpAddressGenerator | |
100.00% |
13 / 13 |
|
100.00% |
2 / 2 |
2 | |
100.00% |
1 / 1 |
| __construct | |
100.00% |
4 / 4 |
|
100.00% |
1 / 1 |
1 | |||
| generateVERP | |
100.00% |
9 / 9 |
|
100.00% |
1 / 1 |
1 | |||
| 1 | <?php |
| 2 | |
| 3 | namespace MediaWiki\Extension\BounceHandler; |
| 4 | |
| 5 | use MediaWiki\WikiMap\WikiMap; |
| 6 | |
| 7 | /** |
| 8 | * Class VerpAddressGenerator |
| 9 | * |
| 10 | * Generates a VERP return path address of the form |
| 11 | * wikiId-base36( $UserID )-base36( $Timestamp )-hash( $algorithm, $key, $prefix )@$email_domain |
| 12 | * for every recipient address |
| 13 | * |
| 14 | * @file |
| 15 | * @ingroup Extensions |
| 16 | * @author Tony Thomas, Kunal Mehta, Jeff Green |
| 17 | * @license GPL-2.0-or-later |
| 18 | */ |
| 19 | class VerpAddressGenerator { |
| 20 | /** |
| 21 | * @var string |
| 22 | */ |
| 23 | protected $prefix; |
| 24 | /** |
| 25 | * @var string |
| 26 | */ |
| 27 | protected $algorithm; |
| 28 | |
| 29 | /** |
| 30 | * @var string |
| 31 | */ |
| 32 | protected $secretKey; |
| 33 | |
| 34 | /** |
| 35 | * @var string |
| 36 | */ |
| 37 | protected $domain; |
| 38 | |
| 39 | /** |
| 40 | * @param string $prefix |
| 41 | * @param string $algorithm |
| 42 | * @param string $secretKey |
| 43 | * @param string $domain |
| 44 | */ |
| 45 | public function __construct( $prefix, $algorithm, $secretKey, $domain ) { |
| 46 | $this->prefix = $prefix; |
| 47 | $this->algorithm = $algorithm; |
| 48 | $this->secretKey = $secretKey; |
| 49 | $this->domain = $domain; |
| 50 | } |
| 51 | |
| 52 | /** |
| 53 | * Generate VERP address |
| 54 | * The generated hash is cut down to 12 ( 96 bits ) instead of the full 120 bits. |
| 55 | * For attacks attempting to recover the hmac key, this makes the attackers job harder by giving |
| 56 | * them less information to work from. |
| 57 | * This makes brute force attacks easier. An attacker would be able to brute force the signature |
| 58 | * by sending an average of 2^95 emails to us. We would (hopefully) notice that. |
| 59 | * This would make finding a collision slightly easier if the secret key was known, |
| 60 | * but the constraints on each segment (wiki id must be valid, timestamp needs to be within a |
| 61 | * certain limit), combined with the difficulty of finding collisions when the key is unknown, |
| 62 | * makes this virtually impossible. |
| 63 | * |
| 64 | * @param int $uid user-id of the failing user |
| 65 | * @return string $ReturnPath address |
| 66 | */ |
| 67 | public function generateVERP( $uid ) { |
| 68 | // Get the time in Unix timestamp to compare with seconds |
| 69 | $timeNow = wfTimestamp(); |
| 70 | $email_domain = $this->domain; |
| 71 | // Creating the VERP address prefix as wikiId-base36( $UserID )-base36( $Timestamp ) |
| 72 | // and the generated VERP return path is of the form : |
| 73 | // wikiId-base36( $UserID )-base36( $Timestamp )-hash( $algorithm, $key, $prefix )@$email_domain |
| 74 | // We dont want repeating '-' in our WikiId |
| 75 | $wikiId = str_replace( '-', '.', WikiMap::getCurrentWikiId() ); |
| 76 | $email_prefix = $this->prefix . '-' . $wikiId . '-' . base_convert( (string)$uid, 10, 36 ) . |
| 77 | '-' . base_convert( $timeNow, 10, 36 ); |
| 78 | $verp_hash = base64_encode( |
| 79 | substr( hash_hmac( $this->algorithm, $email_prefix, $this->secretKey, true ), 0, 12 ) |
| 80 | ); |
| 81 | |
| 82 | return $email_prefix . '-' . $verp_hash . '@' . $email_domain; |
| 83 | } |
| 84 | } |