Merge pull request #205 from PerimeterX/release/v3.10.0

[SDKNEW-2139] Release/v3.10.0 (to master)

Author: ori-gold-px

.github/workflows/ci.yml

@@ -0,0 +1,30 @@
+name: CI
+on: pull_request
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+      - name: Install dependencies
+        uses: php-actions/composer@v5
+        with:
+          php_version: '7.4'
+      - name: Run linter
+        uses: michaelw90/PHP-Lint@master
+  unit-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: '5.6'
+          tools: composer:2.2
+      - name: Bootstrap tests
+        run: cp tests/bootstrap.php.dist tests/bootstrap.php
+      - name: Install dependencies
+        run: composer install
+      - name: Run unit tests
+        run: ./vendor/phpunit/phpunit/phpunit tests/

.travis.yml

@@ -5,6 +5,17 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [3.10.0] - 2022-08-25
+
+### Added
+
+- Support for first party
+- Support for CI V2 hashing protocol
+
+### Fixed
+
+- Bug in client IP extraction feature
+
 ## [3.9.1] - 2022-04-11
 
 ### Fixed

CHANGELOG.md

@@ -6,7 +6,7 @@
 
 # [PerimeterX](http://www.perimeterx.com) PHP SDK
 
-> Latest stable version: [v3.9.1](https://packagist.org/packages/perimeterx/php-sdk#3.9.1)
+> Latest stable version: [v3.10.0](https://packagist.org/packages/perimeterx/php-sdk#3.10.0)
 
 ## Table of Contents
 
@@ -29,6 +29,8 @@
 *   [Sensitive Route](#sensitive-routes)
 *   [API Timeouts](#api-timeout)
 *   [Activities API Timeouts](#activities-api-timeout)
+*   [First Party](#first-party)
+*   [First Party for Code Defender](#first-party-code-defender)
 *   [Send Page Activities](#send-page-activities)
 *   [Additional Page Activity Handler](#additional-page-activity-handler)
 *   [Data-Enrichment](#data-enrichment)
@@ -385,7 +387,7 @@ The API Connection Timeout, in seconds (float), to wait for the connection to th
 
 ```php
 $perimeterxConfig = [
-  ..
+    ..
     'api_connect_timeout' => 2
     ..
 ]
@@ -401,7 +403,7 @@ The activities API Timeout, in seconds (float), to wait for the PerimeterX serve
 
 ```php
 $perimeterxConfig = [
-  ..
+    ..
     'activities_timeout' => 2
     ..
 ]
@@ -413,12 +415,40 @@ The activities API Connection Timeout, in seconds (float), to wait for the conne
 
 ```php
 $perimeterxConfig = [
-  ..
+    ..
     'activities_connect_timeout' => 2
     ..
 ]
 ```
 
+#### <a name="first-party"></a>First Party
+
+A boolean flag to enable/disable first party mode.
+
+**Default:** true
+
+```php
+$perimeterxConfig = [
+    ..
+    'px_first_party_enabled' => false
+    ..
+]
+```
+
+#### <a name="first-party-code-defender"></a>First Party for Code Defender
+
+A boolean flag to enable/disable first party mode for Code Defender.
+
+**Default:** false
+
+```php
+$perimeterxConfig = [
+    ..
+    'px_cd_first_party_enabled' => true
+    ..
+]
+```
+
 #### <a name="send-page-activities"></a> Send Page Activities
 
 A boolean flag to enable or disable sending of activities and metrics to

README.md

@@ -1,7 +1,7 @@
 {
   "name": "perimeterx/php-sdk",
   "description": "PerimeterX SDK for PHP",
-  "version" : "3.9.1",
+  "version" : "3.10.0",
   "keywords": [
     "perimeterx",
     "websecurity",
@@ -33,7 +33,7 @@
   },
   "autoload-dev": {
     "psr-4": {
-      "Perimeterx\\Tests\\": "tests/"
+      "PerimeterxTests\\": "tests/"
     }
   }
 }

composer.json

@@ -1,8 +1,7 @@
 {
-    "version": "3.9.1",
+    "version": "3.10.0",
     "supported_features": [
         "additional_activity_handler",
-        "additional_s2s",
         "advanced_blocking_response",
         "block_activity",
         "block_page_captcha",
@@ -14,9 +13,10 @@
         "css_ref",
         "custom_logo",
         "custom_parameters",
+        "first_party",
         "js_ref",
         "logger",
-        "login_credentials_extraction",
+        "credentials_intelligence",
         "mobile_support",
         "module_enable",
         "module_mode",

px_metadata.json

@@ -4,5 +4,6 @@
 
 class CIVersion {
     const V1 = "v1";
+    const V2 = "v2";
     const MULTISTEP_SSO = "multistep_sso";
 }

src/CredentialsIntelligence/Protocol/CIVersion.php

@@ -11,6 +11,8 @@ public static function Create($version) {
         switch($version) {
             case CIVersion::V1:
                 return new V1CredentialsIntelligenceProtocol();
+            case CIVersion::V2:
+                return new V2CredentialsIntelligenceProtocol();
             case CIVersion::MULTISTEP_SSO:
                 return new MultistepSSOCredentialsIntelligenceProtocol();
             default:

src/CredentialsIntelligence/Protocol/CredentialsIntelligenceProtocolFactory.php

@@ -0,0 +1,43 @@
+<?php
+
+namespace Perimeterx\CredentialsIntelligence\Protocol;
+
+use Perimeterx\PerimeterxUtils;
+use Perimeterx\CredentialsIntelligence\LoginCredentialsFields;
+
+
+class V2CredentialsIntelligenceProtocol implements ICredentialsIntelligenceProtocol {
+    public function ProcessCredentials($username, $password) {
+        $normalizedUsername = PerimeterxUtils::isEmailAddress($username) ? $this->normalizeEmailAddress($username) : $username;
+        $hashedUsername = PerimeterxUtils::sha256($normalizedUsername);
+        return new LoginCredentialsFields(
+            $hashedUsername,
+            $this->hashPassword($hashedUsername, $password),
+            CIVersion::V2,
+            $username
+        );
+    }
+
+    private function normalizeEmailAddress($emailAddress) {
+        $lowercaseEmail = strtolower($emailAddress);
+        $atIndex = strpos($lowercaseEmail, "@");
+        $domain = substr($lowercaseEmail, $atIndex);
+        $normalizedUsername = substr($lowercaseEmail, 0, $atIndex);
+
+        $plusIndex = strpos($normalizedUsername, "+");
+        if ($plusIndex !== false) {
+            $normalizedUsername = substr($normalizedUsername, 0, $plusIndex);
+        }
+
+        if ($domain === "@gmail.com") {
+            $normalizedUsername = str_replace(".", "", $normalizedUsername);
+        }
+
+        return $normalizedUsername . $domain;
+    }
+
+    private function hashPassword($salt, $password) {
+        $hashedPassword = PerimeterxUtils::sha256($password);
+        return PerimeterxUtils::sha256($salt . $hashedPassword);
+    }
+}

src/CredentialsIntelligence/Protocol/V2CredentialsIntelligenceProtocol.php

@@ -31,6 +31,8 @@
 use Perimeterx\CredentialsIntelligence\Protocol\CredentialsIntelligenceProtocolFactory;
 use Perimeterx\CredentialsIntelligence\LoginSuccess\LoginSuccessfulReportingMethod;
 use Perimeterx\CredentialsIntelligence\LoginSuccess\LoginSuccessfulParserFactory;
+use Perimeterx\Utils\GuzzleHttpClient;
+
 final class Perimeterx
 {
     /**
@@ -96,7 +98,7 @@ private function __construct(array $pxConfig = [])
                 'max_buffer_len' => 1,
                 'send_page_activities' => true,
                 'send_block_activities' => true,
-                'sdk_name' => 'PHP SDK v3.9.1',
+                'sdk_name' => 'PHP SDK v3.10.0',
                 'debug_mode' => false,
                 'perimeterx_server_host' => 'https://sapi-' . strtolower($pxConfig['app_id']) . '.perimeterx.net',
                 'captcha_script_host' => 'https://captcha.px-cdn.net',
@@ -114,10 +116,12 @@ private function __construct(array $pxConfig = [])
                 'defer_activities' => true,
                 'enable_json_response' => false,
                 'return_response' => false,
+                'px_first_party_enabled' => true,
+                'px_cd_first_party_enabled' => false,
                 'px_login_credentials_extraction_enabled' => false,
                 'px_login_credentials_extraction' => [],
                 'px_compromised_credentials_header' => 'px-compromised-credentials',
-                'px_credentials_intelligence_version' => CIVersion::V1,
+                'px_credentials_intelligence_version' => CIVersion::V2,
                 'px_additional_s2s_activity_header_enabled' => false,
                 'px_automatic_additional_s2s_activity_enabled' => true,
                 'px_send_raw_username_on_additional_s2s_activity' => false,
@@ -150,7 +154,11 @@ public function pxVerify()
                 $this->pxConfig['logger']->debug('Request will not be verified, module is disabled');
                 return 1;
             }
-            
+
+            if ($this->pxConfig['px_first_party_enabled'] || $this->pxConfig['px_cd_first_party_enabled']) {
+                $this->handleFirstParty();
+            }
+
             $additionalFields = $this->createAdditionalFields();
 
             $pxCtx = new PerimeterxContext($this->pxConfig, $additionalFields);
@@ -261,21 +269,30 @@ private function handleVerification($pxCtx)
             'loader' => new \Mustache_Loader_FilesystemLoader(dirname(__FILE__) . '/templates'),
         ));
 
-        $collectorUrl = 'https://collector-' . strtolower($this->pxConfig['app_id']) . '.perimeterx.net';
         $appId = $this->pxConfig['app_id'];
+        $collectorUrl = 'https://collector-' . strtolower($appId) . '.perimeterx.net';
+
+        $captchaScript = $this->getCaptchaScript($this->pxConfig['captcha_script_host'], $appId, $pxCtx);
+        $jsClientSrc = "//client.perimeterx.net/$appId/main.min.js";
+        if ($this->pxConfig['px_first_party_enabled']) {
+            $appIdWithoutPx = substr($appId, 2);
+            $captchaScript = $this->getCaptchaScript("/$appIdWithoutPx/captcha", $appId, $pxCtx);
+            $jsClientSrc = "/$appIdWithoutPx/init.js";
+            $collectorUrl = "/$appIdWithoutPx/xhr";
+        }
 
         $templateInputs = array(
-            'appId' => $this->pxConfig['app_id'],
+            'appId' => $appId,
             'vid' => $pxCtx->getVid(),
             'uuid' => $block_uuid,
             'cssRef' => $this->getCssRef(),
             'jsRef' => $this->getJsRef(),
             'hostUrl' => $collectorUrl,
             'customLogo' => isset($this->pxConfig['custom_logo']) ? $this->pxConfig['custom_logo'] : '',
-            'blockScript' => $this->getCaptchaScript($this->pxConfig['captcha_script_host'], $appId, $pxCtx),
+            'blockScript' => $captchaScript,
             'altBlockScript' => $this->getCaptchaScript($this->pxConfig['alternate_captcha_script_host'], $appId, $pxCtx),
-            'firstPartyEnabled' => 'false',
-            'jsClientSrc' => "//client.perimeterx.net/{$this->pxConfig['app_id']}/main.min.js"
+            'firstPartyEnabled' => $this->pxConfig['px_first_party_enabled'],
+            'jsClientSrc' => $jsClientSrc
         );
 
         http_response_code(403);
@@ -310,7 +327,7 @@ private function handleVerification($pxCtx)
                 $result = array(
                     'appId' => $this->pxConfig['app_id'],
                     'jsClientSrc' => $templateInputs['jsClientSrc'],
-                    'firstPartyEnabled' => false,
+                    'firstPartyEnabled' => $this->pxConfig['px_first_party_enabled'],
                     'vid' => $templateInputs['vid'],
                     'uuid' => $templateInputs['uuid'],
                     'hostUrl' => $templateInputs['hostUrl'],
@@ -348,6 +365,29 @@ private function handleVerification($pxCtx)
         die();
     }
 
+    /**
+     * Method for handling first party requests for both BD and CD
+     */
+    private function handleFirstParty() {
+        $pxFirstParty = new PerimeterxFirstPartyClient($this->pxConfig, new GuzzleHttpClient());
+
+        if ($this->pxConfig['px_first_party_enabled']) {
+            $response = $pxFirstParty->handleFirstParty();
+            if (isset($response)) {
+                echo $response;
+                die();
+            }
+        }
+
+        if ($this->pxConfig['px_cd_first_party_enabled']) {
+            $response = $pxFirstParty->handleCodeDefenderFirstParty();
+            if (isset($response)) {
+                echo $response;
+                die();
+            }
+        }
+    }
+
     /*
      * Method for assembling the Captcha script tag source
      */