Improve password validation and error handling in delete flow
This commit is contained in:
netkas
parent
a85534dfe6
commit
dfc198cca3
1 changed files with 25 additions and 11 deletions
|
|
@ -7,7 +7,7 @@
|
||||||
use Socialbox\Classes\Configuration;
|
use Socialbox\Classes\Configuration;
|
||||||
use Socialbox\Classes\Cryptography;
|
use Socialbox\Classes\Cryptography;
|
||||||
use Socialbox\Enums\StandardError;
|
use Socialbox\Enums\StandardError;
|
||||||
use Socialbox\Exceptions\DatabaseOperationException;
|
use Socialbox\Exceptions\CryptographyException;
|
||||||
use Socialbox\Exceptions\StandardException;
|
use Socialbox\Exceptions\StandardException;
|
||||||
use Socialbox\Interfaces\SerializableInterface;
|
use Socialbox\Interfaces\SerializableInterface;
|
||||||
use Socialbox\Managers\PasswordManager;
|
use Socialbox\Managers\PasswordManager;
|
||||||
|
|
@ -26,26 +26,40 @@
|
||||||
return $rpcRequest->produceError(StandardError::FORBIDDEN, 'A password is required for this server');
|
return $rpcRequest->produceError(StandardError::FORBIDDEN, 'A password is required for this server');
|
||||||
}
|
}
|
||||||
|
|
||||||
try
|
if(!$rpcRequest->containsParameter('password'))
|
||||||
{
|
{
|
||||||
if (!PasswordManager::usesPassword($request->getPeer()->getUuid()))
|
return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Missing 'password' parameter");
|
||||||
|
}
|
||||||
|
|
||||||
|
if(!Cryptography::validateSha512($rpcRequest->getParameter('password')))
|
||||||
{
|
{
|
||||||
return $rpcRequest->produceError(StandardError::METHOD_NOT_ALLOWED, "Cannot update password when one isn't already set, use 'settingsSetPassword' instead");
|
return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Invalid 'password' parameter, must be a valid SHA-512 hash");
|
||||||
}
|
|
||||||
}
|
|
||||||
catch (DatabaseOperationException $e)
|
|
||||||
{
|
|
||||||
throw new StandardException('Failed to check password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$peer = $request->getPeer();
|
||||||
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
|
if (!PasswordManager::usesPassword($peer->getUuid()))
|
||||||
|
{
|
||||||
|
return $rpcRequest->produceError(StandardError::METHOD_NOT_ALLOWED, "Cannot update password when one isn't already set, use 'settingsSetPassword' instead");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!PasswordManager::verifyPassword($peer->getUuid(), $rpcRequest->getParameter('password')))
|
||||||
|
{
|
||||||
|
return $rpcRequest->produceError(StandardError::FORBIDDEN, "Failed to update password due to incorrect existing password");
|
||||||
|
}
|
||||||
|
|
||||||
// Set the password
|
// Set the password
|
||||||
PasswordManager::updatePassword($request->getPeer(), $rpcRequest->getParameter('password'));
|
PasswordManager::updatePassword($peer->getUuid(), $rpcRequest->getParameter('password'));
|
||||||
|
}
|
||||||
|
catch(CryptographyException)
|
||||||
|
{
|
||||||
|
return $rpcRequest->produceError(StandardError::CRYPTOGRAPHIC_ERROR, 'Failed to update password due to a cryptographic error');
|
||||||
}
|
}
|
||||||
catch (Exception $e)
|
catch (Exception $e)
|
||||||
{
|
{
|
||||||
throw new StandardException('Failed to set password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e);
|
throw new StandardException('Failed to check password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e);
|
||||||
}
|
}
|
||||||
|
|
||||||
return $rpcRequest->produceResponse(true);
|
return $rpcRequest->produceResponse(true);
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue