Nosial/socialbox-php
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactor SettingsUpdatePassword and PasswordManager to improve password validation and ensure UUID integrity

Browse source 
https://github.com/nosial/Socialbox-PHP/issues/70
This commit is contained in:
netkas 2025-03-12 14:14:03 -04:00
parent 76a343a36d
commit 9c8945141c
Signed by: netkas
GPG key ID: 4D8629441B76E4CC
2 changed files with 11 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/Socialbox/Managers/PasswordManager.php
View file

@ -3,6 +3,7 @@
namespace Socialbox\Managers;
use DateTime;
use InvalidArgumentException;
use PDO;
use PDOException;
use Socialbox\Classes\Configuration;
@ -28,6 +29,10 @@
{
$peerUuid = $peerUuid->getUuid();
}
elseif(!Validator::validateUuid($peerUuid))
{
throw new InvalidArgumentException('The given internal peer UUID is not a valid UUID V4');
}
try
{
@ -97,10 +102,14 @@
{
$peerUuid = $peerUuid->getUuid();
}
elseif(!Validator::validateUuid($peerUuid))
{
throw new CryptographyException('The given internal peer UUID is not a valid UUID V4');
}
if(!Cryptography::validatePasswordHash($hash))
{
throw new CryptographyException('Invalid password hash');
throw new CryptographyException('Invalid password argon2id hash');
}
$encryptionKey = Configuration::getCryptographyConfiguration()->getRandomInternalEncryptionKey();