Nosial/socialbox-php
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Add password verification and update enhancements

Browse source
This commit is contained in:
netkas 2025-01-06 01:37:51 -05:00
parent 5196ac2486
commit 3e3bcfd143
3 changed files with 82 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
src/Socialbox/Classes/StandardMethods/SettingsUpdatePassword.php
View file

@ -30,6 +30,16 @@
return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Invalid 'password' parameter, must be a valid argon2id hash"); return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Invalid 'password' parameter, must be a valid argon2id hash");
} }
if(!$rpcRequest->containsParameter('existing_password'))
{
return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Missing 'existing_password' parameter");
}
if(!Cryptography::validateSha512($rpcRequest->getParameter('existing_password')))
{
return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Invalid 'existing_password' parameter, must be a valid SHA-512 hash");
}
try try
{ {
if (!PasswordManager::usesPassword($request->getPeer()->getUuid())) if (!PasswordManager::usesPassword($request->getPeer()->getUuid()))
@ -42,6 +52,18 @@
throw new StandardException('Failed to check password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e); throw new StandardException('Failed to check password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e);
} }
try
{
if (!PasswordManager::verifyPassword($request->getPeer()->getUuid(), $rpcRequest->getParameter('existing_password')))
{
return $rpcRequest->produceError(StandardError::METHOD_NOT_ALLOWED, "Failed to update password due to incorrect existing password");
}
}
catch (Exception $e)
{
throw new StandardException('Failed to verify existing password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e);
}
try try
{ {
// Set the password // Set the password

49
src/Socialbox/Classes/StandardMethods/VerificationPasswordAuthentication.php Normal file
View file

@ -0,0 +1,49 @@
<?php
namespace Socialbox\Classes\StandardMethods;
use Exception;
use Socialbox\Abstracts\Method;
use Socialbox\Classes\Cryptography;
use Socialbox\Classes\Logger;
use Socialbox\Enums\StandardError;
use Socialbox\Exceptions\CryptographyException;
use Socialbox\Exceptions\StandardException;
use Socialbox\Interfaces\SerializableInterface;
use Socialbox\Managers\PasswordManager;
use Socialbox\Objects\ClientRequest;
use Socialbox\Objects\RpcRequest;
class VerificationPasswordAuthentication extends Method
{
/**
* @inheritDoc
*/
public static function execute(ClientRequest $request, RpcRequest $rpcRequest): ?SerializableInterface
{
if(!$rpcRequest->containsParameter('password'))
{
return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Missing 'password' parameter");
}
if(!Cryptography::validateSha512($rpcRequest->getParameter('password')))
{
return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Invalid 'password' parameter, must be a valid SHA-512 hash");
}
try
{
return $rpcRequest->produceResponse(PasswordManager::verifyPassword($request->getPeer()->getUuid(), $rpcRequest->getParameter('password')));
}
catch (CryptographyException $e)
{
return $rpcRequest->produceResponse(false);
}
catch (Exception $e)
{
Logger::getLogger()->error('Failed to verify password due to an internal exception', $e);
throw new StandardException('Failed to verify password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e);
}
}
}

18
src/Socialbox/Managers/PasswordManager.php
View file

@ -59,7 +59,10 @@
} }
// Throws an exception if the hash is invalid // Throws an exception if the hash is invalid
Cryptography::validatePasswordHash($hash); if(!Cryptography::validatePasswordHash($hash))
{
throw new CryptographyException('Invalid password hash');
}
$encryptionKey = Configuration::getCryptographyConfiguration()->getRandomInternalEncryptionKey(); $encryptionKey = Configuration::getCryptographyConfiguration()->getRandomInternalEncryptionKey();
$securedPassword = Cryptography::encryptMessage($hash, $encryptionKey, Configuration::getCryptographyConfiguration()->getEncryptionKeysAlgorithm()); $securedPassword = Cryptography::encryptMessage($hash, $encryptionKey, Configuration::getCryptographyConfiguration()->getEncryptionKeysAlgorithm());
@ -94,7 +97,10 @@
$peerUuid = $peerUuid->getUuid(); $peerUuid = $peerUuid->getUuid();
} }
Cryptography::validatePasswordHash($hash); if(!Cryptography::validatePasswordHash($hash))
{
throw new CryptographyException('Invalid password hash');
}
$encryptionKey = Configuration::getCryptographyConfiguration()->getRandomInternalEncryptionKey(); $encryptionKey = Configuration::getCryptographyConfiguration()->getRandomInternalEncryptionKey();
$securedPassword = Cryptography::encryptMessage($hash, $encryptionKey, Configuration::getCryptographyConfiguration()->getEncryptionKeysAlgorithm()); $securedPassword = Cryptography::encryptMessage($hash, $encryptionKey, Configuration::getCryptographyConfiguration()->getEncryptionKeysAlgorithm());
@ -145,20 +151,18 @@
* Verifies a given password against a stored password hash for a specific peer. * Verifies a given password against a stored password hash for a specific peer.
* *
* @param string|RegisteredPeerRecord $peerUuid The unique identifier of the peer, or an instance of RegisteredPeerRecord. * @param string|RegisteredPeerRecord $peerUuid The unique identifier of the peer, or an instance of RegisteredPeerRecord.
* @param string $hash The password hash to verify. * @param string $sha512 The SHA-512 hash of the password to be verified.
* @return bool Returns true if the password matches the stored hash; false otherwise. * @return bool Returns true if the password matches the stored hash; false otherwise.
* @throws CryptographyException If the password hash is invalid or an error occurs during the cryptographic operation. * @throws CryptographyException If the password hash is invalid or an error occurs during the cryptographic operation.
* @throws DatabaseOperationException If an error occurs during the database operation. * @throws DatabaseOperationException If an error occurs during the database operation.
*/ */
public static function verifyPassword(string|RegisteredPeerRecord $peerUuid, string $hash): bool public static function verifyPassword(string|RegisteredPeerRecord $peerUuid, string $sha512): bool
{ {
if($peerUuid instanceof RegisteredPeerRecord) if($peerUuid instanceof RegisteredPeerRecord)
{ {
$peerUuid = $peerUuid->getUuid(); $peerUuid = $peerUuid->getUuid();
} }
Cryptography::validatePasswordHash($hash);
try try
{ {
$stmt = Database::getConnection()->prepare('SELECT hash FROM authentication_passwords WHERE peer_uuid=:uuid'); $stmt = Database::getConnection()->prepare('SELECT hash FROM authentication_passwords WHERE peer_uuid=:uuid');
@ -190,7 +194,7 @@
throw new CryptographyException('Cannot decrypt hashed password'); throw new CryptographyException('Cannot decrypt hashed password');
} }
return Cryptography::verifyPassword($hash, $decryptedHash); return Cryptography::verifyPassword($sha512, $decryptedHash);
} }
catch(PDOException $e) catch(PDOException $e)
{ {