Nosial/socialbox-php
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Refactor SettingsUpdatePassword and PasswordManager to improve password validation and ensure UUID integrity

Browse source 
https://github.com/nosial/Socialbox-PHP/issues/70
This commit is contained in:
netkas 2025-03-12 14:14:03 -04:00
parent 76a343a36d
commit 9c8945141c
Signed by: netkas
GPG key ID: 4D8629441B76E4CC
2 changed files with 11 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
src/Socialbox/Classes/StandardMethods/Settings/SettingsUpdatePassword.php
View file

@ -3,11 +3,9 @@
namespace Socialbox\Classes\StandardMethods\Settings;
use Socialbox\Abstracts\Method;
use Socialbox\Classes\Cryptography;
use Socialbox\Enums\StandardError;
use Socialbox\Exceptions\CryptographyException;
use Socialbox\Exceptions\DatabaseOperationException;
use Socialbox\Exceptions\Standard\InvalidRpcArgumentException;
use Socialbox\Exceptions\Standard\MissingRpcArgumentException;
use Socialbox\Exceptions\Standard\StandardRpcException;
use Socialbox\Interfaces\SerializableInterface;
@ -26,22 +24,11 @@
{
throw new MissingRpcArgumentException('password');
}
if(!Cryptography::validatePasswordHash($rpcRequest->getParameter('password')))
{
throw new InvalidRpcArgumentException('password', 'Must be a valid argon2id hash');
}
if(!$rpcRequest->containsParameter('existing_password'))
{
throw new MissingRpcArgumentException('existing_password');
}
if(!Cryptography::validateSha512($rpcRequest->getParameter('existing_password')))
{
throw new InvalidRpcArgumentException('existing_password', 'Must be a valid SHA-512 hash');
}
try
{
if (!PasswordManager::usesPassword($request->getPeer()->getUuid()))
@ -73,7 +60,7 @@
try
{
// Set the password
PasswordManager::updatePassword($request->getPeer(), $rpcRequest->getParameter('password'));
PasswordManager::updatePassword($request->getPeer(), (string)$rpcRequest->getParameter('password'));
}
catch(CryptographyException $e)
{

11
src/Socialbox/Managers/PasswordManager.php
View file

@ -3,6 +3,7 @@
namespace Socialbox\Managers;
use DateTime;
use InvalidArgumentException;
use PDO;
use PDOException;
use Socialbox\Classes\Configuration;
@ -28,6 +29,10 @@
{
$peerUuid = $peerUuid->getUuid();
}
elseif(!Validator::validateUuid($peerUuid))
{
throw new InvalidArgumentException('The given internal peer UUID is not a valid UUID V4');
}
try
{
@ -97,10 +102,14 @@
{
$peerUuid = $peerUuid->getUuid();
}
elseif(!Validator::validateUuid($peerUuid))
{
throw new CryptographyException('The given internal peer UUID is not a valid UUID V4');
}
if(!Cryptography::validatePasswordHash($hash))
{
throw new CryptographyException('Invalid password hash');
throw new CryptographyException('Invalid password argon2id hash');
}
$encryptionKey = Configuration::getCryptographyConfiguration()->getRandomInternalEncryptionKey();