Nosial/socialbox-php
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Made message signing in Cryptography use SHA512 as the message content for... #1

Closed
netkas wants to merge 421 commits from master into dev
pull from: master
merge into: Nosial:dev
Conversation 3 Commits 421 Files changed 226 +10 -4
1 changed files with 10 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 056ee90515 - Show all commits

14
src/Socialbox/Classes/StandardMethods/Settings/SettingsSetPassword.php
View file

@ -2,12 +2,14 @@
namespace Socialbox\Classes\StandardMethods\Settings; namespace Socialbox\Classes\StandardMethods\Settings;
use Exception;
use Socialbox\Abstracts\Method; use Socialbox\Abstracts\Method;
use Socialbox\Classes\Cryptography; use Socialbox\Classes\Cryptography;
use Socialbox\Enums\Flags\SessionFlags; use Socialbox\Enums\Flags\SessionFlags;
use Socialbox\Enums\StandardError; use Socialbox\Enums\StandardError;
use Socialbox\Exceptions\CryptographyException;
use Socialbox\Exceptions\DatabaseOperationException; use Socialbox\Exceptions\DatabaseOperationException;
use Socialbox\Exceptions\Standard\InvalidRpcArgumentException;
use Socialbox\Exceptions\Standard\MissingRpcArgumentException;
use Socialbox\Exceptions\Standard\StandardRpcException; use Socialbox\Exceptions\Standard\StandardRpcException;
use Socialbox\Interfaces\SerializableInterface; use Socialbox\Interfaces\SerializableInterface;
use Socialbox\Managers\PasswordManager; use Socialbox\Managers\PasswordManager;
@ -24,12 +26,12 @@
{ {
if(!$rpcRequest->containsParameter('password')) if(!$rpcRequest->containsParameter('password'))
{ {
return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Missing 'password' parameter"); throw new MissingRpcArgumentException('password');
} }
if(!Cryptography::validatePasswordHash($rpcRequest->getParameter('password'))) if(!Cryptography::validatePasswordHash($rpcRequest->getParameter('password')))
{ {
return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Invalid 'password' parameter, must be a valid argon2id hash"); throw new InvalidRpcArgumentException('password', "Must be a valid argon2id hash");
} }
try try
@ -52,7 +54,11 @@
// Remove the SET_PASSWORD flag & update the session flow if necessary // Remove the SET_PASSWORD flag & update the session flow if necessary
SessionManager::updateFlow($request->getSession(), [SessionFlags::SET_PASSWORD]); SessionManager::updateFlow($request->getSession(), [SessionFlags::SET_PASSWORD]);
} }
catch(Exception $e) catch(CryptographyException $e)
{
throw new StandardRpcException($e->getMessage(), StandardError::CRYPTOGRAPHIC_ERROR, $e);
}
catch(DatabaseOperationException $e)
{ {
throw new StandardRpcException('Failed to set password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e); throw new StandardRpcException('Failed to set password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e);
} }