Refactor VerificationPasswordAuthentication and PasswordManager to enhance validation for password hashes and UUIDs

https://github.com/nosial/Socialbox-PHP/issues/79
This commit is contained in:
netkas 2025-03-12 00:54:35 -04:00
parent 1d6820a4f1
commit 938c558cdc
Signed by: netkas
GPG key ID: 4D8629441B76E4CC
2 changed files with 10 additions and 7 deletions

View file

@ -4,11 +4,9 @@
use Exception;
use Socialbox\Abstracts\Method;
use Socialbox\Classes\Cryptography;
use Socialbox\Enums\Flags\SessionFlags;
use Socialbox\Enums\StandardError;
use Socialbox\Exceptions\CryptographyException;
use Socialbox\Exceptions\Standard\InvalidRpcArgumentException;
use Socialbox\Exceptions\Standard\MissingRpcArgumentException;
use Socialbox\Exceptions\Standard\StandardRpcException;
use Socialbox\Interfaces\SerializableInterface;
@ -30,11 +28,6 @@
throw new MissingRpcArgumentException('password');
}
if(!Cryptography::validateSha512($rpcRequest->getParameter('password')))
{
throw new InvalidRpcArgumentException('password', 'Invalid SHA-512 hash');
}
try
{
$session = $request->getSession();

View file

@ -8,6 +8,7 @@
use Socialbox\Classes\Configuration;
use Socialbox\Classes\Cryptography;
use Socialbox\Classes\Database;
use Socialbox\Classes\Validator;
use Socialbox\Exceptions\CryptographyException;
use Socialbox\Exceptions\DatabaseOperationException;
use Socialbox\Objects\Database\PeerDatabaseRecord;
@ -162,6 +163,15 @@
{
$peerUuid = $peerUuid->getUuid();
}
elseif(!Validator::validateUuid($peerUuid))
{
throw new CryptographyException('The given internal peer UUID is not a valid UUID V4');
}
if(!Cryptography::validateSha512($sha512))
{
throw new CryptographyException('Invalid SHA-512 hash');
}
try
{