forked from LiveCarta/PayPal-PHP-SDK
Added Encryption to Caching
- Access Token is encrypted with Secret Key, and stored in file - Code to auto-update existing cache files to use encrypted token - Tests fixes accordingly
This commit is contained in:
japatel
@@ -11,6 +11,7 @@ use PayPal\Exception\PayPalConfigurationException;
|
||||
use PayPal\Exception\PayPalConnectionException;
|
||||
use PayPal\Handler\IPayPalHandler;
|
||||
use PayPal\Rest\ApiContext;
|
||||
use PayPal\Security\Cipher;
|
||||
|
||||
/**
|
||||
* Class OAuthTokenCredential
|
||||
@@ -74,6 +75,13 @@ class OAuthTokenCredential extends PayPalResourceModel
|
||||
*/
|
||||
private $tokenCreateTime;
|
||||
|
||||
/**
|
||||
* Instance of cipher used to encrypt/decrypt data while storing in cache.
|
||||
*
|
||||
* @var Cipher
|
||||
*/
|
||||
private $cipher;
|
||||
|
||||
/**
|
||||
* Construct
|
||||
*
|
||||
@@ -84,6 +92,7 @@ class OAuthTokenCredential extends PayPalResourceModel
|
||||
{
|
||||
$this->clientId = $clientId;
|
||||
$this->clientSecret = $clientSecret;
|
||||
$this->cipher = new Cipher($this->clientSecret);
|
||||
$this->logger = PayPalLoggingManager::getInstance(__CLASS__);
|
||||
}
|
||||
|
||||
@@ -120,9 +129,20 @@ class OAuthTokenCredential extends PayPalResourceModel
|
||||
$token = AuthorizationCache::pull($config, $this->clientId);
|
||||
if ($token) {
|
||||
// We found it
|
||||
$this->accessToken = $token['accessToken'];
|
||||
// This code block is for backward compatibility only.
|
||||
if (array_key_exists('accessToken', $token)) {
|
||||
$this->accessToken = $token['accessToken'];
|
||||
}
|
||||
|
||||
$this->tokenCreateTime = $token['tokenCreateTime'];
|
||||
$this->tokenExpiresIn = $token['tokenExpiresIn'];
|
||||
|
||||
// Case where we have an old unencrypted cache file
|
||||
if (!array_key_exists('accessTokenEncrypted', $token)) {
|
||||
AuthorizationCache::push($config, $this->clientId, $this->encrypt($this->accessToken), $this->tokenCreateTime, $this->tokenExpiresIn);
|
||||
} else {
|
||||
$this->accessToken = $this->decrypt($token['accessTokenEncrypted']);
|
||||
}
|
||||
}
|
||||
|
||||
// Check if Access Token is not null and has not expired.
|
||||
@@ -137,11 +157,12 @@ class OAuthTokenCredential extends PayPalResourceModel
|
||||
$this->accessToken = null;
|
||||
}
|
||||
|
||||
|
||||
// If accessToken is Null, obtain a new token
|
||||
if ($this->accessToken == null) {
|
||||
// Get a new one by making calls to API
|
||||
$this->updateAccessToken($config);
|
||||
AuthorizationCache::push($config, $this->clientId, $this->accessToken, $this->tokenCreateTime, $this->tokenExpiresIn);
|
||||
AuthorizationCache::push($config, $this->clientId, $this->encrypt($this->accessToken), $this->tokenCreateTime, $this->tokenExpiresIn);
|
||||
}
|
||||
|
||||
return $this->accessToken;
|
||||
@@ -231,6 +252,7 @@ class OAuthTokenCredential extends PayPalResourceModel
|
||||
*
|
||||
* @param array $config
|
||||
* @return null
|
||||
* @throws PayPalConnectionException
|
||||
*/
|
||||
private function generateAccessToken($config, $refreshToken = null)
|
||||
{
|
||||
@@ -259,4 +281,26 @@ class OAuthTokenCredential extends PayPalResourceModel
|
||||
|
||||
return $this->accessToken;
|
||||
}
|
||||
|
||||
/**
|
||||
* Helper method to encrypt data using clientSecret as key
|
||||
*
|
||||
* @param $data
|
||||
* @return string
|
||||
*/
|
||||
public function encrypt($data)
|
||||
{
|
||||
return $this->cipher->encrypt($data);
|
||||
}
|
||||
|
||||
/**
|
||||
* Helper method to decrypt data using clientSecret as key
|
||||
*
|
||||
* @param $data
|
||||
* @return string
|
||||
*/
|
||||
public function decrypt($data)
|
||||
{
|
||||
return $this->cipher->decrypt($data);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user