Nosial/socialbox-php
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Improve password validation and error handling in delete flow

Browse source
This commit is contained in:
netkas 2025-01-06 01:49:34 -05:00
parent a85534dfe6
commit dfc198cca3
1 changed files with 25 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
src/Socialbox/Classes/StandardMethods/SettingsDeletePassword.php
View file

@ -7,7 +7,7 @@
use Socialbox\Classes\Configuration; use Socialbox\Classes\Configuration;
use Socialbox\Classes\Cryptography; use Socialbox\Classes\Cryptography;
use Socialbox\Enums\StandardError; use Socialbox\Enums\StandardError;
use Socialbox\Exceptions\DatabaseOperationException; use Socialbox\Exceptions\CryptographyException;
use Socialbox\Exceptions\StandardException; use Socialbox\Exceptions\StandardException;
use Socialbox\Interfaces\SerializableInterface; use Socialbox\Interfaces\SerializableInterface;
use Socialbox\Managers\PasswordManager; use Socialbox\Managers\PasswordManager;
@ -26,26 +26,40 @@
return $rpcRequest->produceError(StandardError::FORBIDDEN, 'A password is required for this server'); return $rpcRequest->produceError(StandardError::FORBIDDEN, 'A password is required for this server');
} }
try if(!$rpcRequest->containsParameter('password'))
{ {
if (!PasswordManager::usesPassword($request->getPeer()->getUuid())) return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Missing 'password' parameter");
}
if(!Cryptography::validateSha512($rpcRequest->getParameter('password')))
{ {
return $rpcRequest->produceError(StandardError::METHOD_NOT_ALLOWED, "Cannot update password when one isn't already set, use 'settingsSetPassword' instead"); return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Invalid 'password' parameter, must be a valid SHA-512 hash");
}
}
catch (DatabaseOperationException $e)
{
throw new StandardException('Failed to check password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e);
} }
$peer = $request->getPeer();
try try
{ {
// Set the password if (!PasswordManager::usesPassword($peer->getUuid()))
PasswordManager::updatePassword($request->getPeer(), $rpcRequest->getParameter('password'));
}
catch(Exception $e)
{ {
throw new StandardException('Failed to set password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e); return $rpcRequest->produceError(StandardError::METHOD_NOT_ALLOWED, "Cannot update password when one isn't already set, use 'settingsSetPassword' instead");
}
if (!PasswordManager::verifyPassword($peer->getUuid(), $rpcRequest->getParameter('password')))
{
return $rpcRequest->produceError(StandardError::FORBIDDEN, "Failed to update password due to incorrect existing password");
}
// Set the password
PasswordManager::updatePassword($peer->getUuid(), $rpcRequest->getParameter('password'));
}
catch(CryptographyException)
{
return $rpcRequest->produceError(StandardError::CRYPTOGRAPHIC_ERROR, 'Failed to update password due to a cryptographic error');
}
catch (Exception $e)
{
throw new StandardException('Failed to check password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e);
} }
return $rpcRequest->produceResponse(true); return $rpcRequest->produceResponse(true);