From d127393402ff31145d9c0097f49526fc6e8b2221 Mon Sep 17 00:00:00 2001
From: netkas <netkas.nosial@gmail.com>
Date: Wed, 12 Mar 2025 15:11:52 -0400
Subject: [PATCH] Refactor SettingsSetPassword and PasswordManager to enhance
 password handling and validate UUID format

https://github.com/nosial/Socialbox-PHP/issues/66
---
 .../StandardMethods/Settings/SettingsSetPassword.php   | 10 +---------
 src/Socialbox/Managers/PasswordManager.php             |  6 +++++-
 2 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/src/Socialbox/Classes/StandardMethods/Settings/SettingsSetPassword.php b/src/Socialbox/Classes/StandardMethods/Settings/SettingsSetPassword.php
index 54fbaab..3ae028d 100644
--- a/src/Socialbox/Classes/StandardMethods/Settings/SettingsSetPassword.php
+++ b/src/Socialbox/Classes/StandardMethods/Settings/SettingsSetPassword.php
@@ -3,12 +3,10 @@
     namespace Socialbox\Classes\StandardMethods\Settings;
 
     use Socialbox\Abstracts\Method;
-    use Socialbox\Classes\Cryptography;
     use Socialbox\Enums\Flags\SessionFlags;
     use Socialbox\Enums\StandardError;
     use Socialbox\Exceptions\CryptographyException;
     use Socialbox\Exceptions\DatabaseOperationException;
-    use Socialbox\Exceptions\Standard\InvalidRpcArgumentException;
     use Socialbox\Exceptions\Standard\MissingRpcArgumentException;
     use Socialbox\Exceptions\Standard\StandardRpcException;
     use Socialbox\Interfaces\SerializableInterface;
@@ -28,12 +26,6 @@
             {
                 throw new MissingRpcArgumentException('password');
             }
-
-            if(!Cryptography::validatePasswordHash($rpcRequest->getParameter('password')))
-            {
-                throw new InvalidRpcArgumentException('password', "Must be a valid argon2id hash");
-            }
-
             try
             {
                 if (PasswordManager::usesPassword($request->getPeer()->getUuid()))
@@ -49,7 +41,7 @@
             try
             {
                 // Set the password
-                PasswordManager::setPassword($request->getPeer(), $rpcRequest->getParameter('password'));
+                PasswordManager::setPassword($request->getPeer(), (string)$rpcRequest->getParameter('password'));
 
                 // Remove the SET_PASSWORD flag & update the session flow if necessary
                 SessionManager::updateFlow($request->getSession(), [SessionFlags::SET_PASSWORD]);
diff --git a/src/Socialbox/Managers/PasswordManager.php b/src/Socialbox/Managers/PasswordManager.php
index 2eaf6ab..f30f661 100644
--- a/src/Socialbox/Managers/PasswordManager.php
+++ b/src/Socialbox/Managers/PasswordManager.php
@@ -63,11 +63,15 @@
             {
                 $peerUuid = $peerUuid->getUuid();
             }
+            elseif(!Validator::validateUuid($peerUuid))
+            {
+                throw new InvalidArgumentException('The given internal peer UUID is not a valid UUID V4');
+            }
 
             // Throws an exception if the hash is invalid
             if(!Cryptography::validatePasswordHash($hash))
             {
-                throw new CryptographyException('Invalid password hash');
+                throw new CryptographyException('Invalid password aragon2id hash');
             }
 
             $encryptionKey = Configuration::getCryptographyConfiguration()->getRandomInternalEncryptionKey();