Nosial/socialbox-php
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Refactor VerificationPasswordAuthentication and PasswordManager to enhance validation for password hashes and UUIDs

Browse source 
https://github.com/nosial/Socialbox-PHP/issues/79
This commit is contained in:
netkas 2025-03-12 00:54:35 -04:00
parent 1d6820a4f1
commit 938c558cdc
Signed by: netkas
GPG key ID: 4D8629441B76E4CC
2 changed files with 10 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
src/Socialbox/Classes/StandardMethods/Verification/VerificationPasswordAuthentication.php
View file

@ -4,11 +4,9 @@
use Exception; use Exception;
use Socialbox\Abstracts\Method; use Socialbox\Abstracts\Method;
use Socialbox\Classes\Cryptography;
use Socialbox\Enums\Flags\SessionFlags; use Socialbox\Enums\Flags\SessionFlags;
use Socialbox\Enums\StandardError; use Socialbox\Enums\StandardError;
use Socialbox\Exceptions\CryptographyException; use Socialbox\Exceptions\CryptographyException;
use Socialbox\Exceptions\Standard\InvalidRpcArgumentException;
use Socialbox\Exceptions\Standard\MissingRpcArgumentException; use Socialbox\Exceptions\Standard\MissingRpcArgumentException;
use Socialbox\Exceptions\Standard\StandardRpcException; use Socialbox\Exceptions\Standard\StandardRpcException;
use Socialbox\Interfaces\SerializableInterface; use Socialbox\Interfaces\SerializableInterface;
@ -30,11 +28,6 @@
throw new MissingRpcArgumentException('password'); throw new MissingRpcArgumentException('password');
} }
if(!Cryptography::validateSha512($rpcRequest->getParameter('password')))
{
throw new InvalidRpcArgumentException('password', 'Invalid SHA-512 hash');
}
try try
{ {
$session = $request->getSession(); $session = $request->getSession();

10
src/Socialbox/Managers/PasswordManager.php
View file

@ -8,6 +8,7 @@
use Socialbox\Classes\Configuration; use Socialbox\Classes\Configuration;
use Socialbox\Classes\Cryptography; use Socialbox\Classes\Cryptography;
use Socialbox\Classes\Database; use Socialbox\Classes\Database;
use Socialbox\Classes\Validator;
use Socialbox\Exceptions\CryptographyException; use Socialbox\Exceptions\CryptographyException;
use Socialbox\Exceptions\DatabaseOperationException; use Socialbox\Exceptions\DatabaseOperationException;
use Socialbox\Objects\Database\PeerDatabaseRecord; use Socialbox\Objects\Database\PeerDatabaseRecord;
@ -162,6 +163,15 @@
{ {
$peerUuid = $peerUuid->getUuid(); $peerUuid = $peerUuid->getUuid();
} }
elseif(!Validator::validateUuid($peerUuid))
{
throw new CryptographyException('The given internal peer UUID is not a valid UUID V4');
}
if(!Cryptography::validateSha512($sha512))
{
throw new CryptographyException('Invalid SHA-512 hash');
}
try try
{ {