Nosial/socialbox-php
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Refactor SettingsDeletePassword and PasswordManager to improve parameter handling, enhance UUID validation, and ensure proper type casting for password verification

Browse source 
https://github.com/nosial/Socialbox-PHP/issues/59
This commit is contained in:
netkas 2025-03-12 17:46:37 -04:00
parent 9a6f37aa05
commit 340f2a3c75
Signed by: netkas
GPG key ID: 4D8629441B76E4CC
2 changed files with 8 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
src/Socialbox/Classes/StandardMethods/Settings/SettingsDeletePassword.php
View file

@ -4,11 +4,9 @@
use Socialbox\Abstracts\Method; use Socialbox\Abstracts\Method;
use Socialbox\Classes\Configuration; use Socialbox\Classes\Configuration;
use Socialbox\Classes\Cryptography;
use Socialbox\Enums\StandardError; use Socialbox\Enums\StandardError;
use Socialbox\Exceptions\CryptographyException; use Socialbox\Exceptions\CryptographyException;
use Socialbox\Exceptions\DatabaseOperationException; use Socialbox\Exceptions\DatabaseOperationException;
use Socialbox\Exceptions\Standard\InvalidRpcArgumentException;
use Socialbox\Exceptions\Standard\MissingRpcArgumentException; use Socialbox\Exceptions\Standard\MissingRpcArgumentException;
use Socialbox\Exceptions\Standard\StandardRpcException; use Socialbox\Exceptions\Standard\StandardRpcException;
use Socialbox\Interfaces\SerializableInterface; use Socialbox\Interfaces\SerializableInterface;
@ -37,31 +35,25 @@
throw new MissingRpcArgumentException('password'); throw new MissingRpcArgumentException('password');
} }
// Validate the password parameter
if(!Cryptography::validateSha512($rpcRequest->getParameter('password')))
{
throw new InvalidRpcArgumentException('password', 'Must be a valid SHA-512 hash');
}
try try
{ {
// Get the peer // Get the peer
$peer = $request->getPeer(); $requestingPeer = $request->getPeer();
// Check if the password is set // Check if the password is set
if (!PasswordManager::usesPassword($peer->getUuid())) if (!PasswordManager::usesPassword($requestingPeer->getUuid()))
{ {
return $rpcRequest->produceError(StandardError::METHOD_NOT_ALLOWED, "Cannot delete password when one isn't already set"); return $rpcRequest->produceError(StandardError::METHOD_NOT_ALLOWED, "Cannot delete password when one isn't already set");
} }
// Verify the existing password before deleting it // Verify the existing password before deleting it
if (!PasswordManager::verifyPassword($peer->getUuid(), $rpcRequest->getParameter('password'))) if (!PasswordManager::verifyPassword($requestingPeer->getUuid(), (string)$rpcRequest->getParameter('password')))
{ {
return $rpcRequest->produceResponse(false); return $rpcRequest->produceResponse(false);
} }
// Delete the password // Delete the password
PasswordManager::deletePassword($peer->getUuid()); PasswordManager::deletePassword($requestingPeer->getUuid());
} }
catch(CryptographyException) catch(CryptographyException)
{ {

4
src/Socialbox/Managers/PasswordManager.php
View file

@ -148,6 +148,10 @@
{ {
$peerUuid = $peerUuid->getUuid(); $peerUuid = $peerUuid->getUuid();
} }
elseif(!Validator::validateUuid($peerUuid))
{
throw new InvalidArgumentException('The given internal peer UUID is not a valid UUID V4');
}
try try
{ {