Refactor VerificationPasswordAuthentication and PasswordManager to enhance validation for password hashes and UUIDs
https://github.com/nosial/Socialbox-PHP/issues/79
This commit is contained in:
parent
1d6820a4f1
commit
938c558cdc
2 changed files with 10 additions and 7 deletions
|
@ -4,11 +4,9 @@
|
|||
|
||||
use Exception;
|
||||
use Socialbox\Abstracts\Method;
|
||||
use Socialbox\Classes\Cryptography;
|
||||
use Socialbox\Enums\Flags\SessionFlags;
|
||||
use Socialbox\Enums\StandardError;
|
||||
use Socialbox\Exceptions\CryptographyException;
|
||||
use Socialbox\Exceptions\Standard\InvalidRpcArgumentException;
|
||||
use Socialbox\Exceptions\Standard\MissingRpcArgumentException;
|
||||
use Socialbox\Exceptions\Standard\StandardRpcException;
|
||||
use Socialbox\Interfaces\SerializableInterface;
|
||||
|
@ -30,11 +28,6 @@
|
|||
throw new MissingRpcArgumentException('password');
|
||||
}
|
||||
|
||||
if(!Cryptography::validateSha512($rpcRequest->getParameter('password')))
|
||||
{
|
||||
throw new InvalidRpcArgumentException('password', 'Invalid SHA-512 hash');
|
||||
}
|
||||
|
||||
try
|
||||
{
|
||||
$session = $request->getSession();
|
||||
|
|
|
@ -8,6 +8,7 @@
|
|||
use Socialbox\Classes\Configuration;
|
||||
use Socialbox\Classes\Cryptography;
|
||||
use Socialbox\Classes\Database;
|
||||
use Socialbox\Classes\Validator;
|
||||
use Socialbox\Exceptions\CryptographyException;
|
||||
use Socialbox\Exceptions\DatabaseOperationException;
|
||||
use Socialbox\Objects\Database\PeerDatabaseRecord;
|
||||
|
@ -162,6 +163,15 @@
|
|||
{
|
||||
$peerUuid = $peerUuid->getUuid();
|
||||
}
|
||||
elseif(!Validator::validateUuid($peerUuid))
|
||||
{
|
||||
throw new CryptographyException('The given internal peer UUID is not a valid UUID V4');
|
||||
}
|
||||
|
||||
if(!Cryptography::validateSha512($sha512))
|
||||
{
|
||||
throw new CryptographyException('Invalid SHA-512 hash');
|
||||
}
|
||||
|
||||
try
|
||||
{
|
||||
|
|
Loading…
Add table
Reference in a new issue