Nosial/socialbox-php
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update password handling and session methods

Browse source
This commit is contained in:
netkas 2025-01-05 01:23:43 -05:00
parent 8b9896f196
commit 85814913e4
11 changed files with 239 additions and 70 deletions
Download patch file Download diff file Expand all files Collapse all files

14
src/Socialbox/Classes/Cryptography.php
View file

@ -642,7 +642,6 @@
*
* @param string $hash The hash string to be validated.
* @return bool Returns true if the hash is valid and meets current security standards.
* @throws CryptographyException If the hash format is invalid or does not meet security requirements.
*/
public static function validatePasswordHash(string $hash): bool
{
@ -652,22 +651,21 @@
$argon2id_pattern = '/^\$argon2id\$v=\d+\$m=\d+,t=\d+,p=\d+\$[A-Za-z0-9+\/=]+\$[A-Za-z0-9+\/=]+$/D';
if (!preg_match($argon2id_pattern, $hash))
{
throw new CryptographyException("Invalid hash format");
return false;
}
// Step 2: Check if it needs rehashing (validates the hash structure)
if (sodium_crypto_pwhash_str_needs_rehash($hash, SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE))
{
throw new CryptographyException("Hash does not meet current security requirements");
return false;
}
// If all checks pass, the hash is valid.
return true;
}
catch (Exception $e)
catch (Exception)
{
throw new CryptographyException("Invalid hash: " . $e->getMessage());
return false;
}
return true;
}
/**

6
src/Socialbox/Classes/StandardMethods/GetSessionState.php
View file

@ -3,7 +3,6 @@
namespace Socialbox\Classes\StandardMethods;
use Socialbox\Abstracts\Method;
use Socialbox\Enums\StandardError;
use Socialbox\Interfaces\SerializableInterface;
use Socialbox\Objects\ClientRequest;
use Socialbox\Objects\RpcRequest;
@ -16,11 +15,6 @@
*/
public static function execute(ClientRequest $request, RpcRequest $rpcRequest): ?SerializableInterface
{
if($request->getSessionUuid() === null)
{
return $rpcRequest->produceError(StandardError::SESSION_REQUIRED);
}
return $rpcRequest->produceResponse($request->getSession()->toStandardSessionState());
}
}

53
src/Socialbox/Classes/StandardMethods/SettingsDeletePassword.php Normal file
View file

@ -0,0 +1,53 @@
<?php
namespace Socialbox\Classes\StandardMethods;
use Exception;
use Socialbox\Abstracts\Method;
use Socialbox\Classes\Configuration;
use Socialbox\Classes\Cryptography;
use Socialbox\Enums\StandardError;
use Socialbox\Exceptions\DatabaseOperationException;
use Socialbox\Exceptions\StandardException;
use Socialbox\Interfaces\SerializableInterface;
use Socialbox\Managers\PasswordManager;
use Socialbox\Objects\ClientRequest;
use Socialbox\Objects\RpcRequest;
class SettingsDeletePassword extends Method
{
/**
* @inheritDoc
*/
public static function execute(ClientRequest $request, RpcRequest $rpcRequest): ?SerializableInterface
{
if(Configuration::getRegistrationConfiguration()->isPasswordRequired())
{
return $rpcRequest->produceError(StandardError::FORBIDDEN, 'A password is required for this server');
}
try
{
if (!PasswordManager::usesPassword($request->getPeer()->getUuid()))
{
return $rpcRequest->produceError(StandardError::METHOD_NOT_ALLOWED, "Cannot update password when one isn't already set, use 'settingsSetPassword' instead");
}
}
catch (DatabaseOperationException $e)
{
throw new StandardException('Failed to check password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e);
}
try
{
// Set the password
PasswordManager::updatePassword($request->getPeer(), $rpcRequest->getParameter('password'));
}
catch(Exception $e)
{
throw new StandardException('Failed to set password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e);
}
return $rpcRequest->produceResponse(true);
}
}

17
src/Socialbox/Classes/StandardMethods/SettingsSetPassword.php
View file

@ -4,6 +4,7 @@
use Exception;
use Socialbox\Abstracts\Method;
use Socialbox\Classes\Cryptography;
use Socialbox\Enums\Flags\SessionFlags;
use Socialbox\Enums\StandardError;
use Socialbox\Exceptions\DatabaseOperationException;
@ -26,16 +27,16 @@
return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Missing 'password' parameter");
}
if(!preg_match('/^[a-f0-9]{128}$/', $rpcRequest->getParameter('password')))
if(!Cryptography::validatePasswordHash($rpcRequest->getParameter('password')))
{
return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Invalid 'password' parameter, must be sha512 hexadecimal hash");
return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Invalid 'password' parameter, must be a valid argon2id hash");
}
try
{
if (PasswordManager::usesPassword($request->getPeer()->getUuid()))
{
return $rpcRequest->produceError(StandardError::METHOD_NOT_ALLOWED, "Cannot set password when one is already set, use 'settingsChangePassword' instead");
return $rpcRequest->produceError(StandardError::METHOD_NOT_ALLOWED, "Cannot set password when one is already set, use 'settingsUpdatePassword' instead");
}
}
catch (DatabaseOperationException $e)
@ -48,11 +49,11 @@
// Set the password
PasswordManager::setPassword($request->getPeer(), $rpcRequest->getParameter('password'));
// Remove the SET_PASSWORD flag
SessionManager::removeFlags($request->getSessionUuid(), [SessionFlags::SET_PASSWORD]);
// Check & update the session flow
SessionManager::updateFlow($request->getSession());
// Remove the SET_PASSWORD flag & update the session flow if necessary
if($request->getSession()->flagExists(SessionFlags::SET_PASSWORD))
{
SessionManager::updateFlow($request->getSession(), [SessionFlags::SET_PASSWORD]);
}
}
catch(Exception $e)
{

57
src/Socialbox/Classes/StandardMethods/SettingsUpdatePassword.php Normal file
View file

@ -0,0 +1,57 @@
<?php
namespace Socialbox\Classes\StandardMethods;
use Exception;
use Socialbox\Abstracts\Method;
use Socialbox\Classes\Cryptography;
use Socialbox\Enums\StandardError;
use Socialbox\Exceptions\DatabaseOperationException;
use Socialbox\Exceptions\StandardException;
use Socialbox\Interfaces\SerializableInterface;
use Socialbox\Managers\PasswordManager;
use Socialbox\Objects\ClientRequest;
use Socialbox\Objects\RpcRequest;
class SettingsUpdatePassword extends Method
{
/**
* @inheritDoc
*/
public static function execute(ClientRequest $request, RpcRequest $rpcRequest): ?SerializableInterface
{
if(!$rpcRequest->containsParameter('password'))
{
return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Missing 'password' parameter");
}
if(!Cryptography::validatePasswordHash($rpcRequest->getParameter('password')))
{
return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Invalid 'password' parameter, must be a valid argon2id hash");
}
try
{
if (!PasswordManager::usesPassword($request->getPeer()->getUuid()))
{
return $rpcRequest->produceError(StandardError::METHOD_NOT_ALLOWED, "Cannot update password when one isn't already set, use 'settingsSetPassword' instead");
}
}
catch (DatabaseOperationException $e)
{
throw new StandardException('Failed to check password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e);
}
try
{
// Set the password
PasswordManager::updatePassword($request->getPeer(), $rpcRequest->getParameter('password'));
}
catch(Exception $e)
{
throw new StandardException('Failed to set password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e);
}
return $rpcRequest->produceResponse(true);
}
}