Changeset View
Changeset View
Standalone View
Standalone View
src/app/Domain.php
Show All 11 Lines | class Domain extends Model | ||||
public const STATUS_ACTIVE = 1 << 1; | public const STATUS_ACTIVE = 1 << 1; | ||||
// domain has been suspended. | // domain has been suspended. | ||||
public const STATUS_SUSPENDED = 1 << 2; | public const STATUS_SUSPENDED = 1 << 2; | ||||
// domain has been deleted | // domain has been deleted | ||||
public const STATUS_DELETED = 1 << 3; | public const STATUS_DELETED = 1 << 3; | ||||
// ownership of the domain has been confirmed | // ownership of the domain has been confirmed | ||||
public const STATUS_CONFIRMED = 1 << 4; | public const STATUS_CONFIRMED = 1 << 4; | ||||
// domain has been verified that it exists in DNS | // domain has been verified that it exists in DNS | ||||
public const STATUS_VERIFIED = 1 << 5; | // public const STATUS_VERIFIED = 1 << 5; | ||||
// domain has been created in LDAP | // domain has been created in LDAP | ||||
public const STATUS_LDAP_READY = 1 << 6; | public const STATUS_LDAP_READY = 1 << 6; | ||||
// open for public registration | // open for public registration | ||||
public const TYPE_PUBLIC = 1 << 0; | public const TYPE_PUBLIC = 1 << 0; | ||||
// zone hosted with us | // zone hosted with us | ||||
public const TYPE_HOSTED = 1 << 1; | public const TYPE_HOSTED = 1 << 1; | ||||
// zone registered externally | // zone registered externally | ||||
public const TYPE_EXTERNAL = 1 << 2; | public const TYPE_EXTERNAL = 1 << 2; | ||||
public const HASH_CODE = 1; | |||||
public const HASH_TEXT = 2; | |||||
public const HASH_CNAME = 3; | |||||
public $incrementing = false; | public $incrementing = false; | ||||
protected $keyType = 'bigint'; | protected $keyType = 'bigint'; | ||||
protected $fillable = [ | protected $fillable = [ | ||||
'namespace', | 'namespace', | ||||
'status', | 'status', | ||||
'type' | 'type' | ||||
]; | ]; | ||||
▲ Show 20 Lines • Show All 106 Lines • ▼ Show 20 Lines | // public const STATUS_VERIFIED = 1 << 5; | ||||
} | } | ||||
/** | /** | ||||
* Returns whether this (external) domain has been verified | * Returns whether this (external) domain has been verified | ||||
* to exist in DNS. | * to exist in DNS. | ||||
* | * | ||||
* @return bool | * @return bool | ||||
*/ | */ | ||||
/* | |||||
public function isVerified(): bool | public function isVerified(): bool | ||||
{ | { | ||||
return $this->status & self::STATUS_VERIFIED; | return $this->status & self::STATUS_VERIFIED; | ||||
} | } | ||||
*/ | |||||
/** | /** | ||||
* Domain status mutator | * Domain status mutator | ||||
* | * | ||||
* @throws \Exception | * @throws \Exception | ||||
*/ | */ | ||||
public function setStatusAttribute($status) | public function setStatusAttribute($status) | ||||
{ | { | ||||
$new_status = 0; | $new_status = 0; | ||||
$allowed_values = [ | $allowed_values = [ | ||||
self::STATUS_NEW, | self::STATUS_NEW, | ||||
self::STATUS_ACTIVE, | self::STATUS_ACTIVE, | ||||
self::STATUS_CONFIRMED, | self::STATUS_CONFIRMED, | ||||
self::STATUS_SUSPENDED, | self::STATUS_SUSPENDED, | ||||
self::STATUS_DELETED, | self::STATUS_DELETED, | ||||
self::STATUS_LDAP_READY, | self::STATUS_LDAP_READY, | ||||
self::STATUS_VERIFIED, | // self::STATUS_VERIFIED, | ||||
]; | ]; | ||||
foreach ($allowed_values as $value) { | foreach ($allowed_values as $value) { | ||||
if ($status & $value) { | if ($status & $value) { | ||||
$new_status |= $value; | $new_status |= $value; | ||||
$status ^= $value; | $status ^= $value; | ||||
} | } | ||||
} | } | ||||
Show All 13 Lines | // self::STATUS_VERIFIED, | ||||
* @throws \Exception Throws exception on DNS or DB errors | * @throws \Exception Throws exception on DNS or DB errors | ||||
*/ | */ | ||||
public function confirm(): bool | public function confirm(): bool | ||||
{ | { | ||||
if ($this->isConfirmed()) { | if ($this->isConfirmed()) { | ||||
return true; | return true; | ||||
} | } | ||||
$hash = $this->hash(); | $hash = $this->hash(self::HASH_TEXT); | ||||
$confirmed = false; | $confirmed = false; | ||||
// Get DNS records and find a matching TXT entry | // Get DNS records and find a matching TXT entry | ||||
$records = \dns_get_record($this->namespace, DNS_TXT); | $records = \dns_get_record($this->namespace, DNS_TXT); | ||||
if ($records === false) { | if ($records === false) { | ||||
throw new \Exception("Failed to get DNS record for $domain"); | throw new \Exception("Failed to get DNS record for {$this->namespace}"); | ||||
} | } | ||||
foreach ($records as $record) { | foreach ($records as $record) { | ||||
if ($record['txt'] === $hash) { | if ($record['txt'] === $hash) { | ||||
$confirmed = true; | $confirmed = true; | ||||
break; | break; | ||||
} | } | ||||
} | } | ||||
// Get DNS records and find a matching CNAME entry | // Get DNS records and find a matching CNAME entry | ||||
// Note: some servers resolve every non-existing name | // Note: some servers resolve every non-existing name | ||||
// so we need to define left and right side of the CNAME record | // so we need to define left and right side of the CNAME record | ||||
// i.e.: kolab-verify IN CNAME <hash>.domain.tld. | // i.e.: kolab-verify IN CNAME <hash>.domain.tld. | ||||
if (!$confirmed) { | if (!$confirmed) { | ||||
$cname = $this->hash(true) . '.' . $this->namespace; | $cname = $this->hash(self::HASH_CODE) . '.' . $this->namespace; | ||||
$records = \dns_get_record('kolab-verify.' . $this->namespace, DNS_CNAME); | $records = \dns_get_record('kolab-verify.' . $this->namespace, DNS_CNAME); | ||||
if ($records === false) { | if ($records === false) { | ||||
throw new \Exception("Failed to get DNS record for $domain"); | throw new \Exception("Failed to get DNS record for $domain"); | ||||
} | } | ||||
foreach ($records as $records) { | foreach ($records as $records) { | ||||
if ($records['target'] === $cname) { | if ($records['target'] === $cname) { | ||||
Show All 9 Lines | public function confirm(): bool | ||||
} | } | ||||
return $confirmed; | return $confirmed; | ||||
} | } | ||||
/** | /** | ||||
* Generate a verification hash for this domain | * Generate a verification hash for this domain | ||||
* | * | ||||
* @param bool $short Return short version (with kolab-verify= prefix) | * @param int $mod One of: HASH_CNAME, HASH_CODE (Default), HASH_TEXT | ||||
* | * | ||||
* @return string Verification hash | * @return string Verification hash | ||||
*/ | */ | ||||
public function hash($short = false): string | public function hash($mod = null): string | ||||
{ | { | ||||
$hash = \md5('hkccp-verify-' . $this->namespace . $this->id); | $cname = 'kolab-verify'; | ||||
return $short ? $hash : "kolab-verify=$hash"; | if ($mod === self::HASH_CNAME) { | ||||
return $cname; | |||||
} | |||||
$hash = \md5('hkccp-verify-' . $this->namespace); | |||||
return $mod === self::HASH_TEXT ? "$cname=$hash" : $hash; | |||||
} | } | ||||
/** | /** | ||||
* Verify if a domain exists in DNS | * Verify if a domain exists in DNS | ||||
* | * | ||||
* @return bool True if registered, False otherwise | * @return bool True if registered, False otherwise | ||||
* @throws \Exception Throws exception on DNS or DB errors | * @throws \Exception Throws exception on DNS or DB errors | ||||
*/ | */ | ||||
/* | |||||
public function verify(): bool | public function verify(): bool | ||||
{ | { | ||||
if ($this->isVerified()) { | if ($this->isVerified()) { | ||||
return true; | return true; | ||||
} | } | ||||
$record = \dns_get_record($this->namespace, DNS_SOA); | $record = \dns_get_record($this->namespace, DNS_SOA); | ||||
if ($record === false) { | if ($record === false) { | ||||
throw new \Exception("Failed to get DNS record for {$this->namespace}"); | throw new \Exception("Failed to get DNS record for {$this->namespace}"); | ||||
} | } | ||||
if (!empty($record)) { | if (!empty($record)) { | ||||
$this->status |= Domain::STATUS_VERIFIED; | $this->status |= Domain::STATUS_VERIFIED; | ||||
$this->save(); | $this->save(); | ||||
return true; | return true; | ||||
} | } | ||||
return false; | return false; | ||||
} | } | ||||
*/ | |||||
} | } |