Move JWT token into metadir dokuwiki#4239

mauli · mauli · commit 4a9d6ae2968b · 2024-07-02T23:48:27.000+02:00
Moving JWT token store away from cache directory,
to have long-lived authentication files properly stored.

Using sha256 on the files instead of md5, to help mitigate
potential hash collision as filenames are based on username.
diff --git a/inc/JWT.php b/inc/JWT.php
@@ -179,6 +179,10 @@ public function getIssued()
      */
     public static function getStorageFile($user)
     {
-        return getCacheName($user, '.token');
+        global $conf;
+        $hash = hash('sha256', $user);
+        $file = $conf['metadir'] . '/jwt/' . $hash[0] . '/' . $hash . '.token';
+        io_makeFileDir($file);
+        return $file;
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -179,6 +179,10 @@ public function getIssued()`
`179`	`179`	`*/`
`180`	`180`	`public static function getStorageFile($user)`
`181`	`181`	`{`
`182`		`- return getCacheName($user, '.token');`
	`182`	`+ global $conf;`
	`183`	`+ $hash = hash('sha256', $user);`
	`184`	`+ $file = $conf['metadir'] . '/jwt/' . $hash[0] . '/' . $hash . '.token';`
	`185`	`+ io_makeFileDir($file);`
	`186`	`+ return $file;`
`183`	`187`	`}`
`184`	`188`	`}`