Refactor SettingsDeletePassword and PasswordManager to improve parameter handling, enhance UUID validation, and ensure proper type casting for password verification
https://github.com/nosial/Socialbox-PHP/issues/59
This commit is contained in:
parent
9a6f37aa05
commit
340f2a3c75
2 changed files with 8 additions and 12 deletions
|
@ -4,11 +4,9 @@
|
|||
|
||||
use Socialbox\Abstracts\Method;
|
||||
use Socialbox\Classes\Configuration;
|
||||
use Socialbox\Classes\Cryptography;
|
||||
use Socialbox\Enums\StandardError;
|
||||
use Socialbox\Exceptions\CryptographyException;
|
||||
use Socialbox\Exceptions\DatabaseOperationException;
|
||||
use Socialbox\Exceptions\Standard\InvalidRpcArgumentException;
|
||||
use Socialbox\Exceptions\Standard\MissingRpcArgumentException;
|
||||
use Socialbox\Exceptions\Standard\StandardRpcException;
|
||||
use Socialbox\Interfaces\SerializableInterface;
|
||||
|
@ -37,31 +35,25 @@
|
|||
throw new MissingRpcArgumentException('password');
|
||||
}
|
||||
|
||||
// Validate the password parameter
|
||||
if(!Cryptography::validateSha512($rpcRequest->getParameter('password')))
|
||||
{
|
||||
throw new InvalidRpcArgumentException('password', 'Must be a valid SHA-512 hash');
|
||||
}
|
||||
|
||||
try
|
||||
{
|
||||
// Get the peer
|
||||
$peer = $request->getPeer();
|
||||
$requestingPeer = $request->getPeer();
|
||||
|
||||
// Check if the password is set
|
||||
if (!PasswordManager::usesPassword($peer->getUuid()))
|
||||
if (!PasswordManager::usesPassword($requestingPeer->getUuid()))
|
||||
{
|
||||
return $rpcRequest->produceError(StandardError::METHOD_NOT_ALLOWED, "Cannot delete password when one isn't already set");
|
||||
}
|
||||
|
||||
// Verify the existing password before deleting it
|
||||
if (!PasswordManager::verifyPassword($peer->getUuid(), $rpcRequest->getParameter('password')))
|
||||
if (!PasswordManager::verifyPassword($requestingPeer->getUuid(), (string)$rpcRequest->getParameter('password')))
|
||||
{
|
||||
return $rpcRequest->produceResponse(false);
|
||||
}
|
||||
|
||||
// Delete the password
|
||||
PasswordManager::deletePassword($peer->getUuid());
|
||||
PasswordManager::deletePassword($requestingPeer->getUuid());
|
||||
}
|
||||
catch(CryptographyException)
|
||||
{
|
||||
|
|
|
@ -148,6 +148,10 @@
|
|||
{
|
||||
$peerUuid = $peerUuid->getUuid();
|
||||
}
|
||||
elseif(!Validator::validateUuid($peerUuid))
|
||||
{
|
||||
throw new InvalidArgumentException('The given internal peer UUID is not a valid UUID V4');
|
||||
}
|
||||
|
||||
try
|
||||
{
|
||||
|
|
Loading…
Add table
Reference in a new issue