Nosial/socialbox-php
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Made message signing in Cryptography use SHA512 as the message content for... #1

Closed
netkas wants to merge 421 commits from master into dev
pull from: master
merge into: Nosial:dev
Conversation 3 Commits 421 Files changed 226 +25 -14
3 changed files with 25 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 2a0aab4a21 - Show all commits

13
src/Socialbox/Classes/StandardMethods/Verification/VerificationGetImageCaptcha.php
View file

@ -21,17 +21,24 @@
*/ */
public static function execute(ClientRequest $request, RpcRequest $rpcRequest): ?SerializableInterface public static function execute(ClientRequest $request, RpcRequest $rpcRequest): ?SerializableInterface
{ {
$session = $request->getSession(); try
{
$session = $request->getSession();
}
catch (DatabaseOperationException $e)
{
throw new StandardRpcException('An error occurred while trying to get the session', StandardError::INTERNAL_SERVER_ERROR, $e);
}
// Check for session conditions // Check for session conditions
if(!$session->flagExists(SessionFlags::VER_IMAGE_CAPTCHA)) if(!$session->flagExists(SessionFlags::VER_IMAGE_CAPTCHA))
{ {
return $rpcRequest->produceError(StandardError::METHOD_NOT_ALLOWED, 'Solving an image captcha is not required at this time'); return $rpcRequest->produceError(StandardError::METHOD_NOT_ALLOWED, 'Solving an image captcha is not required at this time');
} }
$peer = $request->getPeer();
try try
{ {
$peer = $request->getPeer();
if(CaptchaManager::captchaExists($peer)) if(CaptchaManager::captchaExists($peer))
{ {
$captchaRecord = CaptchaManager::getCaptcha($peer); $captchaRecord = CaptchaManager::getCaptcha($peer);

8
src/Socialbox/Classes/StandardMethods/Verification/VerificationOtpAuthentication.php
View file

@ -8,6 +8,8 @@
use Socialbox\Enums\Flags\SessionFlags; use Socialbox\Enums\Flags\SessionFlags;
use Socialbox\Enums\StandardError; use Socialbox\Enums\StandardError;
use Socialbox\Exceptions\CryptographyException; use Socialbox\Exceptions\CryptographyException;
use Socialbox\Exceptions\Standard\InvalidRpcArgumentException;
use Socialbox\Exceptions\Standard\MissingRpcArgumentException;
use Socialbox\Exceptions\Standard\StandardRpcException; use Socialbox\Exceptions\Standard\StandardRpcException;
use Socialbox\Interfaces\SerializableInterface; use Socialbox\Interfaces\SerializableInterface;
use Socialbox\Managers\OneTimePasswordManager; use Socialbox\Managers\OneTimePasswordManager;
@ -25,18 +27,18 @@
{ {
if(!$rpcRequest->containsParameter('code')) if(!$rpcRequest->containsParameter('code'))
{ {
return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Missing 'code' parameter"); throw new MissingRpcArgumentException('code');
} }
if(strlen($rpcRequest->getParameter('code')) !== Configuration::getSecurityConfiguration()->getOtpDigits()) if(strlen($rpcRequest->getParameter('code')) !== Configuration::getSecurityConfiguration()->getOtpDigits())
{ {
return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Invalid 'code' parameter length"); throw new InvalidRpcArgumentException('code', 'Invalid OTP code length');
} }
$session = $request->getSession(); $session = $request->getSession();
if(!$session->flagExists(SessionFlags::VER_OTP)) if(!$session->flagExists(SessionFlags::VER_OTP))
{ {
return $rpcRequest->produceError(StandardError::FORBIDDEN, 'One Time Password verification is not required at this time'); return $rpcRequest->produceError(StandardError::METHOD_NOT_ALLOWED, 'One Time Password verification is not required at this time');
} }
try try

18
src/Socialbox/Classes/StandardMethods/Verification/VerificationPasswordAuthentication.php
View file

@ -8,6 +8,8 @@
use Socialbox\Enums\Flags\SessionFlags; use Socialbox\Enums\Flags\SessionFlags;
use Socialbox\Enums\StandardError; use Socialbox\Enums\StandardError;
use Socialbox\Exceptions\CryptographyException; use Socialbox\Exceptions\CryptographyException;
use Socialbox\Exceptions\Standard\InvalidRpcArgumentException;
use Socialbox\Exceptions\Standard\MissingRpcArgumentException;
use Socialbox\Exceptions\Standard\StandardRpcException; use Socialbox\Exceptions\Standard\StandardRpcException;
use Socialbox\Interfaces\SerializableInterface; use Socialbox\Interfaces\SerializableInterface;
use Socialbox\Managers\PasswordManager; use Socialbox\Managers\PasswordManager;
@ -25,22 +27,22 @@
{ {
if(!$rpcRequest->containsParameter('password')) if(!$rpcRequest->containsParameter('password'))
{ {
return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Missing 'password' parameter"); throw new MissingRpcArgumentException('password');
} }
if(!Cryptography::validateSha512($rpcRequest->getParameter('password'))) if(!Cryptography::validateSha512($rpcRequest->getParameter('password')))
{ {
return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Invalid 'password' parameter, must be a valid SHA-512 hash"); throw new InvalidRpcArgumentException('password', 'Invalid SHA-512 hash');
}
$session = $request->getSession();
if(!$session->flagExists(SessionFlags::VER_PASSWORD))
{
return $rpcRequest->produceError(StandardError::FORBIDDEN, 'Password verification is not required at this time');
} }
try try
{ {
$session = $request->getSession();
if(!$session->flagExists(SessionFlags::VER_PASSWORD))
{
return $rpcRequest->produceError(StandardError::METHOD_NOT_ALLOWED, 'Password verification is not required at this time');
}
$result = PasswordManager::verifyPassword($request->getPeer()->getUuid(), $rpcRequest->getParameter('password')); $result = PasswordManager::verifyPassword($request->getPeer()->getUuid(), $rpcRequest->getParameter('password'));
if($result) if($result)