From bda8fdc623e7e9aa1caa959f3a3807cef5c72de5 Mon Sep 17 00:00:00 2001 From: netkas Date: Mon, 6 Jan 2025 14:58:53 -0500 Subject: [PATCH] Added parameter check and condition check --- .../VerificationGetImageCaptcha.php | 8 +++----- .../VerificationPasswordAuthentication.php | 14 ++++++++++++-- 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/src/Socialbox/Classes/StandardMethods/VerificationGetImageCaptcha.php b/src/Socialbox/Classes/StandardMethods/VerificationGetImageCaptcha.php index 515938b..34672d7 100644 --- a/src/Socialbox/Classes/StandardMethods/VerificationGetImageCaptcha.php +++ b/src/Socialbox/Classes/StandardMethods/VerificationGetImageCaptcha.php @@ -4,7 +4,7 @@ use Gregwar\Captcha\CaptchaBuilder; use Socialbox\Abstracts\Method; - use Socialbox\Classes\Logger; + use Socialbox\Enums\Flags\SessionFlags; use Socialbox\Enums\StandardError; use Socialbox\Exceptions\DatabaseOperationException; use Socialbox\Exceptions\StandardException; @@ -22,18 +22,16 @@ public static function execute(ClientRequest $request, RpcRequest $rpcRequest): ?SerializableInterface { $session = $request->getSession(); - // Check for session conditions - if($session->getPeerUuid() === null) + if(!$session->flagExists(SessionFlags::VER_IMAGE_CAPTCHA)) { - return $rpcRequest->produceError(StandardError::AUTHENTICATION_REQUIRED); + return $rpcRequest->produceError(StandardError::METHOD_NOT_ALLOWED, 'Solving an image captcha is not required at this time'); } $peer = $request->getPeer(); try { - Logger::getLogger()->debug('Creating a new captcha for peer ' . $peer->getUuid()); if(CaptchaManager::captchaExists($peer)) { $captchaRecord = CaptchaManager::getCaptcha($peer); diff --git a/src/Socialbox/Classes/StandardMethods/VerificationPasswordAuthentication.php b/src/Socialbox/Classes/StandardMethods/VerificationPasswordAuthentication.php index e5b0521..d8f9458 100644 --- a/src/Socialbox/Classes/StandardMethods/VerificationPasswordAuthentication.php +++ b/src/Socialbox/Classes/StandardMethods/VerificationPasswordAuthentication.php @@ -6,11 +6,13 @@ use Socialbox\Abstracts\Method; use Socialbox\Classes\Cryptography; use Socialbox\Classes\Logger; + use Socialbox\Enums\Flags\SessionFlags; use Socialbox\Enums\StandardError; use Socialbox\Exceptions\CryptographyException; use Socialbox\Exceptions\StandardException; use Socialbox\Interfaces\SerializableInterface; use Socialbox\Managers\PasswordManager; + use Socialbox\Managers\SessionManager; use Socialbox\Objects\ClientRequest; use Socialbox\Objects\RpcRequest; @@ -32,9 +34,16 @@ return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Invalid 'password' parameter, must be a valid SHA-512 hash"); } + $session = $request->getSession(); + if(!$session->flagExists(SessionFlags::VER_PASSWORD)) + { + return $rpcRequest->produceError(StandardError::FORBIDDEN, 'Password verification is not required at this time'); + } + try { - return $rpcRequest->produceResponse(PasswordManager::verifyPassword($request->getPeer()->getUuid(), $rpcRequest->getParameter('password'))); + $result = PasswordManager::verifyPassword($request->getPeer()->getUuid(), $rpcRequest->getParameter('password')); + SessionManager::updateFlow($request->getSession(), [SessionFlags::VER_PASSWORD]); } catch (CryptographyException) { @@ -42,8 +51,9 @@ } catch (Exception $e) { - Logger::getLogger()->error('Failed to verify password due to an internal exception', $e); throw new StandardException('Failed to verify password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e); } + + return $rpcRequest->produceResponse($result); } } \ No newline at end of file