Refactor SettingsSetPassword and PasswordManager to enhance password handling and validate UUID format
https://github.com/nosial/Socialbox-PHP/issues/66
This commit is contained in:
parent
c3b1ee799a
commit
d127393402
2 changed files with 6 additions and 10 deletions
|
@ -3,12 +3,10 @@
|
||||||
namespace Socialbox\Classes\StandardMethods\Settings;
|
namespace Socialbox\Classes\StandardMethods\Settings;
|
||||||
|
|
||||||
use Socialbox\Abstracts\Method;
|
use Socialbox\Abstracts\Method;
|
||||||
use Socialbox\Classes\Cryptography;
|
|
||||||
use Socialbox\Enums\Flags\SessionFlags;
|
use Socialbox\Enums\Flags\SessionFlags;
|
||||||
use Socialbox\Enums\StandardError;
|
use Socialbox\Enums\StandardError;
|
||||||
use Socialbox\Exceptions\CryptographyException;
|
use Socialbox\Exceptions\CryptographyException;
|
||||||
use Socialbox\Exceptions\DatabaseOperationException;
|
use Socialbox\Exceptions\DatabaseOperationException;
|
||||||
use Socialbox\Exceptions\Standard\InvalidRpcArgumentException;
|
|
||||||
use Socialbox\Exceptions\Standard\MissingRpcArgumentException;
|
use Socialbox\Exceptions\Standard\MissingRpcArgumentException;
|
||||||
use Socialbox\Exceptions\Standard\StandardRpcException;
|
use Socialbox\Exceptions\Standard\StandardRpcException;
|
||||||
use Socialbox\Interfaces\SerializableInterface;
|
use Socialbox\Interfaces\SerializableInterface;
|
||||||
|
@ -28,12 +26,6 @@
|
||||||
{
|
{
|
||||||
throw new MissingRpcArgumentException('password');
|
throw new MissingRpcArgumentException('password');
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!Cryptography::validatePasswordHash($rpcRequest->getParameter('password')))
|
|
||||||
{
|
|
||||||
throw new InvalidRpcArgumentException('password', "Must be a valid argon2id hash");
|
|
||||||
}
|
|
||||||
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
if (PasswordManager::usesPassword($request->getPeer()->getUuid()))
|
if (PasswordManager::usesPassword($request->getPeer()->getUuid()))
|
||||||
|
@ -49,7 +41,7 @@
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
// Set the password
|
// Set the password
|
||||||
PasswordManager::setPassword($request->getPeer(), $rpcRequest->getParameter('password'));
|
PasswordManager::setPassword($request->getPeer(), (string)$rpcRequest->getParameter('password'));
|
||||||
|
|
||||||
// Remove the SET_PASSWORD flag & update the session flow if necessary
|
// Remove the SET_PASSWORD flag & update the session flow if necessary
|
||||||
SessionManager::updateFlow($request->getSession(), [SessionFlags::SET_PASSWORD]);
|
SessionManager::updateFlow($request->getSession(), [SessionFlags::SET_PASSWORD]);
|
||||||
|
|
|
@ -63,11 +63,15 @@
|
||||||
{
|
{
|
||||||
$peerUuid = $peerUuid->getUuid();
|
$peerUuid = $peerUuid->getUuid();
|
||||||
}
|
}
|
||||||
|
elseif(!Validator::validateUuid($peerUuid))
|
||||||
|
{
|
||||||
|
throw new InvalidArgumentException('The given internal peer UUID is not a valid UUID V4');
|
||||||
|
}
|
||||||
|
|
||||||
// Throws an exception if the hash is invalid
|
// Throws an exception if the hash is invalid
|
||||||
if(!Cryptography::validatePasswordHash($hash))
|
if(!Cryptography::validatePasswordHash($hash))
|
||||||
{
|
{
|
||||||
throw new CryptographyException('Invalid password hash');
|
throw new CryptographyException('Invalid password aragon2id hash');
|
||||||
}
|
}
|
||||||
|
|
||||||
$encryptionKey = Configuration::getCryptographyConfiguration()->getRandomInternalEncryptionKey();
|
$encryptionKey = Configuration::getCryptographyConfiguration()->getRandomInternalEncryptionKey();
|
||||||
|
|
Loading…
Add table
Reference in a new issue