From ce1e997567bde6798e3078912bfcd0605ceabbe1 Mon Sep 17 00:00:00 2001
From: Demian Katz <demian.katz@villanova.edu>
Date: Mon, 12 Mar 2018 14:43:53 -0400
Subject: [PATCH] Remove obsolete AJAX login and RC4 cipher methods.
---
.../src/VuFind/Controller/AjaxController.php | 55 ----------
module/VuFind/src/VuFind/Crypt/RC4.php | 102 ------------------
.../src/VuFindTest/Crypt/RC4Test.php | 54 ----------
3 files changed, 211 deletions(-)
delete mode 100644 module/VuFind/src/VuFind/Crypt/RC4.php
delete mode 100644 module/VuFind/tests/unit-tests/src/VuFindTest/Crypt/RC4Test.php
diff --git a/module/VuFind/src/VuFind/Controller/AjaxController.php b/module/VuFind/src/VuFind/Controller/AjaxController.php
index d29cc1d25f2..c33bb949d0d 100644
--- a/module/VuFind/src/VuFind/Controller/AjaxController.php
+++ b/module/VuFind/src/VuFind/Controller/AjaxController.php
@@ -637,61 +637,6 @@ class AjaxController extends AbstractBase
return true;
}
- /**
- * Generate the "salt" used in the salt'ed login request.
- *
- * @return string
- */
- protected function generateSalt()
- {
- return str_replace(
- '.', '', $this->getRequest()->getServer()->get('REMOTE_ADDR')
- );
- }
-
- /**
- * Send the "salt" to be used in the salt'ed login request.
- *
- * @return \Zend\Http\Response
- */
- protected function getSaltAjax()
- {
- return $this->output($this->generateSalt(), self::STATUS_OK);
- }
-
- /**
- * Login with post'ed username and encrypted password.
- *
- * @return \Zend\Http\Response
- */
- protected function loginAjax()
- {
- // Fetch Salt
- $salt = $this->generateSalt();
-
- // HexDecode Password
- $password = pack('H*', $this->params()->fromPost('password'));
-
- // Decrypt Password
- $password = base64_decode(\VuFind\Crypt\RC4::encrypt($salt, $password));
-
- // Update the request with the decrypted password:
- $this->getRequest()->getPost()->set('password', $password);
-
- // Authenticate the user:
- try {
- $this->getAuthManager()->login($this->getRequest());
- } catch (AuthException $e) {
- return $this->output(
- $this->translate($e->getMessage()),
- self::STATUS_ERROR,
- 401
- );
- }
-
- return $this->output(true, self::STATUS_OK);
- }
-
/**
* Tag a record.
*
diff --git a/module/VuFind/src/VuFind/Crypt/RC4.php b/module/VuFind/src/VuFind/Crypt/RC4.php
deleted file mode 100644
index eb34457d605..00000000000
--- a/module/VuFind/src/VuFind/Crypt/RC4.php
+++ /dev/null
@@ -1,102 +0,0 @@
-<?php
-/**
- * RC4 encryption class (wrapper around code borrowed from a third-party
- * developer -- see embedded copyright information on encrypt method)
- *
- * PHP version 5
- *
- * Copyright (C) Villanova University 2007.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- *
- * @category VuFind
- * @package Crypt
- * @author Demian Katz <demian.katz@villanova.edu>
- * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License
- * @link https://vufind.org Main Page
- */
-namespace VuFind\Crypt;
-
-/**
- * RC4 encryption class (wrapper around code borrowed from a third-party
- * developer -- see embedded copyright information on encrypt method)
- *
- * @category VuFind
- * @package Crypt
- * @author Demian Katz <demian.katz@villanova.edu>
- * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License
- * @link https://vufind.org Main Page
- */
-class RC4
-{
- /**
- * Encrypt given plain text using the key with RC4 algorithm.
- * All parameters and return value are in binary format.
- *
- * @param string $key secret key for encryption
- * @param string $pt plain text to be encrypted
- *
- * @return string
- */
- public static function encrypt($key, $pt)
- {
- /* RC4 symmetric cipher encryption/decryption
- * Copyright (c) 2006 by Ali Farhadi.
- * released under the terms of the Gnu Public License.
- * see the GPL for details.
- *
- * Email: ali[at]farhadi[dot]ir
- * Website: http://farhadi.ir/
- */
- $s = [];
- for ($i = 0; $i < 256; $i++) {
- $s[$i] = $i;
- }
- $j = 0;
- $x;
- for ($i = 0; $i < 256; $i++) {
- $j = ($j + $s[$i] + ord($key[$i % strlen($key)])) % 256;
- $x = $s[$i];
- $s[$i] = $s[$j];
- $s[$j] = $x;
- }
- $i = 0;
- $j = 0;
- $ct = '';
- $y;
- for ($y = 0; $y < strlen($pt); $y++) {
- $i = ($i + 1) % 256;
- $j = ($j + $s[$i]) % 256;
- $x = $s[$i];
- $s[$i] = $s[$j];
- $s[$j] = $x;
- $ct .= $pt[$y] ^ chr($s[($s[$i] + $s[$j]) % 256]);
- }
- return $ct;
- }
-
- /**
- * Decrypt given cipher text using the key with RC4 algorithm.
- * All parameters and return value are in binary format.
- *
- * @param string $key secret key for decryption
- * @param string $ct cipher text to be decrypted
- *
- * @return string
- */
- public static function decrypt($key, $ct)
- {
- return static::encrypt($key, $ct);
- }
-}
diff --git a/module/VuFind/tests/unit-tests/src/VuFindTest/Crypt/RC4Test.php b/module/VuFind/tests/unit-tests/src/VuFindTest/Crypt/RC4Test.php
deleted file mode 100644
index d75ca5a0960..00000000000
--- a/module/VuFind/tests/unit-tests/src/VuFindTest/Crypt/RC4Test.php
+++ /dev/null
@@ -1,54 +0,0 @@
-<?php
-/**
- * RC4 Test Class
- *
- * PHP version 5
- *
- * Copyright (C) Villanova University 2010.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- *
- * @category VuFind
- * @package Tests
- * @author Demian Katz <demian.katz@villanova.edu>
- * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License
- * @link https://vufind.org/wiki/development:testing:unit_tests Wiki
- */
-namespace VuFindTest\Crypt;
-
-use VuFind\Crypt\RC4;
-
-/**
- * RC4 Test Class
- *
- * @category VuFind
- * @package Tests
- * @author Demian Katz <demian.katz@villanova.edu>
- * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License
- * @link https://vufind.org/wiki/development:testing:unit_tests Wiki
- */
-class RC4Test extends \VuFindTest\Unit\TestCase
-{
- /**
- * Test encryption/decryption.
- *
- * @return void
- */
- public function testEncryptionAndDecryption()
- {
- $key = 'secret';
- $text = 'test';
- $this->assertEquals($text, RC4::decrypt($key, RC4::encrypt($key, $text)));
- }
-}
--
GitLab