Nosial/socialbox-php
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Refactor SettingsSetPassword and PasswordManager to enhance password handling and validate UUID format

Browse source 
https://github.com/nosial/Socialbox-PHP/issues/66
This commit is contained in:
netkas 2025-03-12 15:11:52 -04:00
parent c3b1ee799a
commit d127393402
Signed by: netkas
GPG key ID: 4D8629441B76E4CC
2 changed files with 6 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/Socialbox/Classes/StandardMethods/Settings/SettingsSetPassword.php
View file

@ -3,12 +3,10 @@
namespace Socialbox\Classes\StandardMethods\Settings; namespace Socialbox\Classes\StandardMethods\Settings;
use Socialbox\Abstracts\Method; use Socialbox\Abstracts\Method;
use Socialbox\Classes\Cryptography;
use Socialbox\Enums\Flags\SessionFlags; use Socialbox\Enums\Flags\SessionFlags;
use Socialbox\Enums\StandardError; use Socialbox\Enums\StandardError;
use Socialbox\Exceptions\CryptographyException; use Socialbox\Exceptions\CryptographyException;
use Socialbox\Exceptions\DatabaseOperationException; use Socialbox\Exceptions\DatabaseOperationException;
use Socialbox\Exceptions\Standard\InvalidRpcArgumentException;
use Socialbox\Exceptions\Standard\MissingRpcArgumentException; use Socialbox\Exceptions\Standard\MissingRpcArgumentException;
use Socialbox\Exceptions\Standard\StandardRpcException; use Socialbox\Exceptions\Standard\StandardRpcException;
use Socialbox\Interfaces\SerializableInterface; use Socialbox\Interfaces\SerializableInterface;
@ -28,12 +26,6 @@
{ {
throw new MissingRpcArgumentException('password'); throw new MissingRpcArgumentException('password');
} }
if(!Cryptography::validatePasswordHash($rpcRequest->getParameter('password')))
{
throw new InvalidRpcArgumentException('password', "Must be a valid argon2id hash");
}
try try
{ {
if (PasswordManager::usesPassword($request->getPeer()->getUuid())) if (PasswordManager::usesPassword($request->getPeer()->getUuid()))
@ -49,7 +41,7 @@
try try
{ {
// Set the password // Set the password
PasswordManager::setPassword($request->getPeer(), $rpcRequest->getParameter('password')); PasswordManager::setPassword($request->getPeer(), (string)$rpcRequest->getParameter('password'));
// Remove the SET_PASSWORD flag & update the session flow if necessary // Remove the SET_PASSWORD flag & update the session flow if necessary
SessionManager::updateFlow($request->getSession(), [SessionFlags::SET_PASSWORD]); SessionManager::updateFlow($request->getSession(), [SessionFlags::SET_PASSWORD]);

6
src/Socialbox/Managers/PasswordManager.php
View file

@ -63,11 +63,15 @@
{ {
$peerUuid = $peerUuid->getUuid(); $peerUuid = $peerUuid->getUuid();
} }
elseif(!Validator::validateUuid($peerUuid))
{
throw new InvalidArgumentException('The given internal peer UUID is not a valid UUID V4');
}
// Throws an exception if the hash is invalid // Throws an exception if the hash is invalid
if(!Cryptography::validatePasswordHash($hash)) if(!Cryptography::validatePasswordHash($hash))
{ {
throw new CryptographyException('Invalid password hash'); throw new CryptographyException('Invalid password aragon2id hash');
} }
$encryptionKey = Configuration::getCryptographyConfiguration()->getRandomInternalEncryptionKey(); $encryptionKey = Configuration::getCryptographyConfiguration()->getRandomInternalEncryptionKey();