Update password handling and session methods

2025-01-05 01:23:43 -05:00 · 2025-01-05 01:23:43 -05:00 · 85814913e4
commit 85814913e4
parent 8b9896f196
11 changed files with 239 additions and 70 deletions
--- a/src/Socialbox/Classes/StandardMethods/GetSessionState.php
+++ b/src/Socialbox/Classes/StandardMethods/GetSessionState.php
@ -3,7 +3,6 @@
    namespace Socialbox\Classes\StandardMethods;

    use Socialbox\Abstracts\Method;
-    use Socialbox\Enums\StandardError;
    use Socialbox\Interfaces\SerializableInterface;
    use Socialbox\Objects\ClientRequest;
    use Socialbox\Objects\RpcRequest;
@ -16,11 +15,6 @@
         */
        public static function execute(ClientRequest $request, RpcRequest $rpcRequest): ?SerializableInterface
        {
-            if($request->getSessionUuid() === null)
-            {
-                return $rpcRequest->produceError(StandardError::SESSION_REQUIRED);
-            }
-
            return $rpcRequest->produceResponse($request->getSession()->toStandardSessionState());
        }
    }
--- a/src/Socialbox/Classes/StandardMethods/SettingsDeletePassword.php
+++ b/src/Socialbox/Classes/StandardMethods/SettingsDeletePassword.php
@ -0,0 +1,53 @@
+<?php
+
+    namespace Socialbox\Classes\StandardMethods;
+
+    use Exception;
+    use Socialbox\Abstracts\Method;
+    use Socialbox\Classes\Configuration;
+    use Socialbox\Classes\Cryptography;
+    use Socialbox\Enums\StandardError;
+    use Socialbox\Exceptions\DatabaseOperationException;
+    use Socialbox\Exceptions\StandardException;
+    use Socialbox\Interfaces\SerializableInterface;
+    use Socialbox\Managers\PasswordManager;
+    use Socialbox\Objects\ClientRequest;
+    use Socialbox\Objects\RpcRequest;
+
+    class SettingsDeletePassword extends Method
+    {
+        /**
+         * @inheritDoc
+         */
+        public static function execute(ClientRequest $request, RpcRequest $rpcRequest): ?SerializableInterface
+        {
+            if(Configuration::getRegistrationConfiguration()->isPasswordRequired())
+            {
+                return $rpcRequest->produceError(StandardError::FORBIDDEN, 'A password is required for this server');
+            }
+
+            try
+            {
+                if (!PasswordManager::usesPassword($request->getPeer()->getUuid()))
+                {
+                    return $rpcRequest->produceError(StandardError::METHOD_NOT_ALLOWED, "Cannot update password when one isn't already set, use 'settingsSetPassword' instead");
+                }
+            }
+            catch (DatabaseOperationException $e)
+            {
+                throw new StandardException('Failed to check password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e);
+            }
+
+            try
+            {
+                // Set the password
+                PasswordManager::updatePassword($request->getPeer(), $rpcRequest->getParameter('password'));
+            }
+            catch(Exception $e)
+            {
+                throw new StandardException('Failed to set password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e);
+            }
+
+            return $rpcRequest->produceResponse(true);
+        }
+    }
--- a/src/Socialbox/Classes/StandardMethods/SettingsSetPassword.php
+++ b/src/Socialbox/Classes/StandardMethods/SettingsSetPassword.php
@ -4,6 +4,7 @@

    use Exception;
    use Socialbox\Abstracts\Method;
+    use Socialbox\Classes\Cryptography;
    use Socialbox\Enums\Flags\SessionFlags;
    use Socialbox\Enums\StandardError;
    use Socialbox\Exceptions\DatabaseOperationException;
@ -26,16 +27,16 @@
                return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Missing 'password' parameter");
            }

-            if(!preg_match('/^[a-f0-9]{128}$/', $rpcRequest->getParameter('password')))
+            if(!Cryptography::validatePasswordHash($rpcRequest->getParameter('password')))
            {
-                return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Invalid 'password' parameter, must be sha512 hexadecimal hash");
+                return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Invalid 'password' parameter, must be a valid argon2id hash");
            }

            try
            {
                if (PasswordManager::usesPassword($request->getPeer()->getUuid()))
                {
-                    return $rpcRequest->produceError(StandardError::METHOD_NOT_ALLOWED, "Cannot set password when one is already set, use 'settingsChangePassword' instead");
+                    return $rpcRequest->produceError(StandardError::METHOD_NOT_ALLOWED, "Cannot set password when one is already set, use 'settingsUpdatePassword' instead");
                }
            }
            catch (DatabaseOperationException $e)
@ -48,11 +49,11 @@
                // Set the password
                PasswordManager::setPassword($request->getPeer(), $rpcRequest->getParameter('password'));

-                // Remove the SET_PASSWORD flag
-                SessionManager::removeFlags($request->getSessionUuid(), [SessionFlags::SET_PASSWORD]);
-
-                // Check & update the session flow
-                SessionManager::updateFlow($request->getSession());
+                // Remove the SET_PASSWORD flag & update the session flow if necessary
+                if($request->getSession()->flagExists(SessionFlags::SET_PASSWORD))
+                {
+                    SessionManager::updateFlow($request->getSession(), [SessionFlags::SET_PASSWORD]);
+                }
            }
            catch(Exception $e)
            {
--- a/src/Socialbox/Classes/StandardMethods/SettingsUpdatePassword.php
+++ b/src/Socialbox/Classes/StandardMethods/SettingsUpdatePassword.php
@ -0,0 +1,57 @@
+<?php
+
+    namespace Socialbox\Classes\StandardMethods;
+
+    use Exception;
+    use Socialbox\Abstracts\Method;
+    use Socialbox\Classes\Cryptography;
+    use Socialbox\Enums\StandardError;
+    use Socialbox\Exceptions\DatabaseOperationException;
+    use Socialbox\Exceptions\StandardException;
+    use Socialbox\Interfaces\SerializableInterface;
+    use Socialbox\Managers\PasswordManager;
+    use Socialbox\Objects\ClientRequest;
+    use Socialbox\Objects\RpcRequest;
+
+    class SettingsUpdatePassword extends Method
+    {
+        /**
+         * @inheritDoc
+         */
+        public static function execute(ClientRequest $request, RpcRequest $rpcRequest): ?SerializableInterface
+        {
+            if(!$rpcRequest->containsParameter('password'))
+            {
+                return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Missing 'password' parameter");
+            }
+
+            if(!Cryptography::validatePasswordHash($rpcRequest->getParameter('password')))
+            {
+                return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Invalid 'password' parameter, must be a valid argon2id hash");
+            }
+
+            try
+            {
+                if (!PasswordManager::usesPassword($request->getPeer()->getUuid()))
+                {
+                    return $rpcRequest->produceError(StandardError::METHOD_NOT_ALLOWED, "Cannot update password when one isn't already set, use 'settingsSetPassword' instead");
+                }
+            }
+            catch (DatabaseOperationException $e)
+            {
+                throw new StandardException('Failed to check password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e);
+            }
+
+            try
+            {
+                // Set the password
+                PasswordManager::updatePassword($request->getPeer(), $rpcRequest->getParameter('password'));
+            }
+            catch(Exception $e)
+            {
+                throw new StandardException('Failed to set password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e);
+            }
+
+            return $rpcRequest->produceResponse(true);
+        }
+    }