Nosial/socialbox-php
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Made message signing in Cryptography use SHA512 as the message content for... #1

Closed
netkas wants to merge 421 commits from master into dev
pull from: master
merge into: Nosial:dev
Conversation 3 Commits 421 Files changed 226 +27 -13
3 changed files with 27 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 1f9890bba0 - Show all commits

2
src/Socialbox/Classes/StandardMethods/ServerDocuments/AcceptTermsOfService.php
View file

@ -32,7 +32,7 @@
if(!$session->flagExists(SessionFlags::VER_TERMS_OF_SERVICE)) if(!$session->flagExists(SessionFlags::VER_TERMS_OF_SERVICE))
{ {
return $rpcRequest->produceError(StandardError::FORBIDDEN, 'Terms of service has already been accepted'); return $rpcRequest->produceError(StandardError::METHOD_NOT_ALLOWED, 'Terms of service has already been accepted');
} }
try try

25
src/Socialbox/Managers/SessionManager.php
View file

@ -179,11 +179,10 @@
* Retrieves a session record by its unique identifier. * Retrieves a session record by its unique identifier.
* *
* @param string $uuid The unique identifier of the session. * @param string $uuid The unique identifier of the session.
* @return SessionRecord The session record corresponding to the given UUID. * @return SessionRecord|null The session record corresponding to the given UUID.
* @throws DatabaseOperationException If the session record cannot be found or if there is an error during retrieval. * @throws DatabaseOperationException If the session record cannot be found or if there is an error during retrieval.
* @throws StandardRpcException
*/ */
public static function getSession(string $uuid): SessionRecord public static function getSession(string $uuid): ?SessionRecord
{ {
Logger::getLogger()->verbose(sprintf("Retrieving session %s from the database", $uuid)); Logger::getLogger()->verbose(sprintf("Retrieving session %s from the database", $uuid));
@ -196,7 +195,7 @@
if ($data === false) if ($data === false)
{ {
throw new StandardRpcException(sprintf("The requested session '%s' does not exist", $uuid), StandardError::SESSION_NOT_FOUND); return null;
} }
// Convert the timestamp fields to DateTime objects // Convert the timestamp fields to DateTime objects
@ -308,7 +307,6 @@
* *
* @param string $uuid The UUID of the session to retrieve flags for. * @param string $uuid The UUID of the session to retrieve flags for.
* @return SessionFlags[] An array of flags associated with the specified session. * @return SessionFlags[] An array of flags associated with the specified session.
* @throws StandardRpcException If the specified session does not exist.
* @throws DatabaseOperationException If there * @throws DatabaseOperationException If there
*/ */
private static function getFlags(string $uuid): array private static function getFlags(string $uuid): array
@ -324,7 +322,7 @@
if ($data === false) if ($data === false)
{ {
throw new StandardRpcException(sprintf("The requested session '%s' does not exist", $uuid), StandardError::SESSION_NOT_FOUND); throw new DatabaseOperationException(sprintf("The session '%s' does not exist", $uuid));
} }
return SessionFlags::fromString($data['flags']); return SessionFlags::fromString($data['flags']);
@ -372,7 +370,7 @@
* @param string $uuid The UUID of the session from which the flags will be removed. * @param string $uuid The UUID of the session from which the flags will be removed.
* @param SessionFlags[] $flags An array of flags to be removed from the session. * @param SessionFlags[] $flags An array of flags to be removed from the session.
* @return void * @return void
* @throws DatabaseOperationException|StandardRpcException If there is an error while updating the session in the database. * @throws DatabaseOperationException If there is an error while updating the session in the database.
*/ */
public static function removeFlags(string $uuid, array $flags): void public static function removeFlags(string $uuid, array $flags): void
{ {
@ -429,7 +427,6 @@
* @param array $flagsToRemove An array of flags to remove from the session if it is marked as complete. * @param array $flagsToRemove An array of flags to remove from the session if it is marked as complete.
* @return void * @return void
* @throws DatabaseOperationException If there is an error while updating the session in the database. * @throws DatabaseOperationException If there is an error while updating the session in the database.
* @throws StandardRpcException If the session record cannot be found or if there is an error during retrieval.
*/ */
public static function updateFlow(SessionRecord $session, array $flagsToRemove=[]): void public static function updateFlow(SessionRecord $session, array $flagsToRemove=[]): void
{ {
@ -447,13 +444,19 @@
// Remove & update the session flags // Remove & update the session flags
self::removeFlags($session->getUuid(), $flagsToRemove); self::removeFlags($session->getUuid(), $flagsToRemove);
$session = self::getSession($session->getUuid()); $sessionUuid = $session->getUuid();
$session = self::getSession($sessionUuid);
if($session === null)
{
throw new DatabaseOperationException(sprintf('The session %s was not found', $sessionUuid));
}
// Check if all registration/authentication requirements are met // Check if all registration/authentication requirements are met
if(SessionFlags::isComplete($session->getFlags())) if(SessionFlags::isComplete($session->getFlags()))
{ {
SessionManager::removeFlags($session->getUuid(), [SessionFlags::REGISTRATION_REQUIRED, SessionFlags::AUTHENTICATION_REQUIRED]); // Remove the registration/authentication flags SessionManager::removeFlags($sessionUuid, [SessionFlags::REGISTRATION_REQUIRED, SessionFlags::AUTHENTICATION_REQUIRED]); // Remove the registration/authentication flags
SessionManager::setAuthenticated($session->getUuid(), true); // Mark the session as authenticated SessionManager::setAuthenticated($sessionUuid, true); // Mark the session as authenticated
RegisteredPeerManager::enablePeer($session->getPeerUuid()); // Enable the peer RegisteredPeerManager::enablePeer($session->getPeerUuid()); // Enable the peer
} }
} }

13
src/Socialbox/Socialbox.php
View file

@ -523,14 +523,25 @@
// If the client has provided an identification header, further validation and resolution is required // If the client has provided an identification header, further validation and resolution is required
if($clientRequest->getIdentifyAs() !== null) if($clientRequest->getIdentifyAs() !== null)
{ {
try
{
$peer = $clientRequest->getPeer();
}
catch (DatabaseOperationException $e)
{
self::returnError(500, StandardError::INTERNAL_SERVER_ERROR, 'Failed to resolve host peer', $e);
}
// First check if the client is identifying as the host // First check if the client is identifying as the host
if($clientRequest->getPeer()->getAddress() !== ReservedUsernames::HOST->value) if($peer->getAddress() !== ReservedUsernames::HOST->value)
{ {
// TODO: Maybe allow user client to change identification but within an RPC method rather than the headers // TODO: Maybe allow user client to change identification but within an RPC method rather than the headers
self::returnError(403, StandardError::FORBIDDEN, 'Unauthorized: Not allowed to identify as a different peer'); self::returnError(403, StandardError::FORBIDDEN, 'Unauthorized: Not allowed to identify as a different peer');
return; return;
} }
if($clientRequest->getIdentifyAs()->getDomain() != $)
// Synchronize the peer // Synchronize the peer
try try
{ {