Nosial/socialbox-php
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Refactor SettingsDeletePassword and PasswordManager to improve parameter handling, enhance UUID validation, and ensure proper type casting for password verification

Browse source 
https://github.com/nosial/Socialbox-PHP/issues/59
This commit is contained in:
netkas 2025-03-12 17:46:37 -04:00
parent 9a6f37aa05
commit 340f2a3c75
Signed by: netkas
GPG key ID: 4D8629441B76E4CC
2 changed files with 8 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
src/Socialbox/Classes/StandardMethods/Settings/SettingsDeletePassword.php
View file

@ -4,11 +4,9 @@
use Socialbox\Abstracts\Method;
use Socialbox\Classes\Configuration;
use Socialbox\Classes\Cryptography;
use Socialbox\Enums\StandardError;
use Socialbox\Exceptions\CryptographyException;
use Socialbox\Exceptions\DatabaseOperationException;
use Socialbox\Exceptions\Standard\InvalidRpcArgumentException;
use Socialbox\Exceptions\Standard\MissingRpcArgumentException;
use Socialbox\Exceptions\Standard\StandardRpcException;
use Socialbox\Interfaces\SerializableInterface;
@ -37,31 +35,25 @@
throw new MissingRpcArgumentException('password');
}
// Validate the password parameter
if(!Cryptography::validateSha512($rpcRequest->getParameter('password')))
{
throw new InvalidRpcArgumentException('password', 'Must be a valid SHA-512 hash');
}
try
{
// Get the peer
$peer = $request->getPeer();
$requestingPeer = $request->getPeer();
// Check if the password is set
if (!PasswordManager::usesPassword($peer->getUuid()))
if (!PasswordManager::usesPassword($requestingPeer->getUuid()))
{
return $rpcRequest->produceError(StandardError::METHOD_NOT_ALLOWED, "Cannot delete password when one isn't already set");
}
// Verify the existing password before deleting it
if (!PasswordManager::verifyPassword($peer->getUuid(), $rpcRequest->getParameter('password')))
if (!PasswordManager::verifyPassword($requestingPeer->getUuid(), (string)$rpcRequest->getParameter('password')))
{
return $rpcRequest->produceResponse(false);
}
// Delete the password
PasswordManager::deletePassword($peer->getUuid());
PasswordManager::deletePassword($requestingPeer->getUuid());
}
catch(CryptographyException)
{

4
src/Socialbox/Managers/PasswordManager.php
View file

@ -148,6 +148,10 @@
{
$peerUuid = $peerUuid->getUuid();
}
elseif(!Validator::validateUuid($peerUuid))
{
throw new InvalidArgumentException('The given internal peer UUID is not a valid UUID V4');
}
try
{