Nosial/socialbox-php
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Refactor SettingsDeleteOtp to remove unnecessary cryptography validation and ensure password parameter is cast to string for verification

Browse source 
https://github.com/nosial/Socialbox-PHP/issues/57
This commit is contained in:
netkas 2025-03-12 15:24:19 -04:00
parent 0618ecc00f
commit f3f6cf973f
Signed by: netkas
GPG key ID: 4D8629441B76E4CC
1 changed files with 1 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/Socialbox/Classes/StandardMethods/Settings/SettingsDeleteOtp.php
View file

@ -4,7 +4,6 @@
use Socialbox\Abstracts\Method;
use Socialbox\Classes\Configuration;
use Socialbox\Classes\Cryptography;
use Socialbox\Enums\StandardError;
use Socialbox\Exceptions\CryptographyException;
use Socialbox\Exceptions\DatabaseOperationException;
@ -58,14 +57,9 @@
throw new InvalidRpcArgumentException('password', 'When a password is set, the current password must be provided to delete an OTP');
}
if(!Cryptography::validateSha512($rpcRequest->getParameter('password')))
{
throw new InvalidRpcArgumentException('password', 'The provided password is not a valid SHA-512 hash');
}
try
{
if(!PasswordManager::verifyPassword($peer, $rpcRequest->getParameter('password')))
if(!PasswordManager::verifyPassword($peer, (string)$rpcRequest->getParameter('password')))
{
return $rpcRequest->produceError(StandardError::FORBIDDEN, 'The provided password is incorrect');
}