Nosial/socialbox-php
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Refactor SettingsSetPassword and PasswordManager to enhance password handling and validate UUID format

Browse source 
https://github.com/nosial/Socialbox-PHP/issues/66
This commit is contained in:
netkas 2025-03-12 15:11:52 -04:00
parent c3b1ee799a
commit d127393402
Signed by: netkas
GPG key ID: 4D8629441B76E4CC
2 changed files with 6 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/Socialbox/Classes/StandardMethods/Settings/SettingsSetPassword.php
View file

@ -3,12 +3,10 @@
namespace Socialbox\Classes\StandardMethods\Settings;
use Socialbox\Abstracts\Method;
use Socialbox\Classes\Cryptography;
use Socialbox\Enums\Flags\SessionFlags;
use Socialbox\Enums\StandardError;
use Socialbox\Exceptions\CryptographyException;
use Socialbox\Exceptions\DatabaseOperationException;
use Socialbox\Exceptions\Standard\InvalidRpcArgumentException;
use Socialbox\Exceptions\Standard\MissingRpcArgumentException;
use Socialbox\Exceptions\Standard\StandardRpcException;
use Socialbox\Interfaces\SerializableInterface;
@ -28,12 +26,6 @@
{
throw new MissingRpcArgumentException('password');
}
if(!Cryptography::validatePasswordHash($rpcRequest->getParameter('password')))
{
throw new InvalidRpcArgumentException('password', "Must be a valid argon2id hash");
}
try
{
if (PasswordManager::usesPassword($request->getPeer()->getUuid()))
@ -49,7 +41,7 @@
try
{
// Set the password
PasswordManager::setPassword($request->getPeer(), $rpcRequest->getParameter('password'));
PasswordManager::setPassword($request->getPeer(), (string)$rpcRequest->getParameter('password'));
// Remove the SET_PASSWORD flag & update the session flow if necessary
SessionManager::updateFlow($request->getSession(), [SessionFlags::SET_PASSWORD]);

6
src/Socialbox/Managers/PasswordManager.php
View file

@ -63,11 +63,15 @@
{
$peerUuid = $peerUuid->getUuid();
}
elseif(!Validator::validateUuid($peerUuid))
{
throw new InvalidArgumentException('The given internal peer UUID is not a valid UUID V4');
}
// Throws an exception if the hash is invalid
if(!Cryptography::validatePasswordHash($hash))
{
throw new CryptographyException('Invalid password hash');
throw new CryptographyException('Invalid password aragon2id hash');
}
$encryptionKey = Configuration::getCryptographyConfiguration()->getRandomInternalEncryptionKey();