Nosial/socialbox-php
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Made message signing in Cryptography use SHA512 as the message content for... #1

Closed
netkas wants to merge 421 commits from master into dev
pull from: master
merge into: Nosial:dev
Conversation 3 Commits 421 Files changed 226 +19 -9
1 changed files with 19 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 388605dbce - Show all commits

28
src/Socialbox/Classes/StandardMethods/Settings/SettingsUpdatePassword.php
View file

@ -2,11 +2,13 @@
namespace Socialbox\Classes\StandardMethods\Settings;
use Exception;
use Socialbox\Abstracts\Method;
use Socialbox\Classes\Cryptography;
use Socialbox\Enums\StandardError;
use Socialbox\Exceptions\CryptographyException;
use Socialbox\Exceptions\DatabaseOperationException;
use Socialbox\Exceptions\Standard\InvalidRpcArgumentException;
use Socialbox\Exceptions\Standard\MissingRpcArgumentException;
use Socialbox\Exceptions\Standard\StandardRpcException;
use Socialbox\Interfaces\SerializableInterface;
use Socialbox\Managers\PasswordManager;
@ -22,29 +24,29 @@
{
if(!$rpcRequest->containsParameter('password'))
{
return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Missing 'password' parameter");
throw new MissingRpcArgumentException('password');
}
if(!Cryptography::validatePasswordHash($rpcRequest->getParameter('password')))
{
return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Invalid 'password' parameter, must be a valid argon2id hash");
throw new InvalidRpcArgumentException('password', 'Must be a valid argon2id hash');
}
if(!$rpcRequest->containsParameter('existing_password'))
{
return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Missing 'existing_password' parameter");
throw new MissingRpcArgumentException('existing_password');
}
if(!Cryptography::validateSha512($rpcRequest->getParameter('existing_password')))
{
return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Invalid 'existing_password' parameter, must be a valid SHA-512 hash");
throw new InvalidRpcArgumentException('existing_password', 'Must be a valid SHA-512 hash');
}
try
{
if (!PasswordManager::usesPassword($request->getPeer()->getUuid()))
{
return $rpcRequest->produceError(StandardError::METHOD_NOT_ALLOWED, "Cannot update password when one isn't already set, use 'settingsSetPassword' instead");
return $rpcRequest->produceResponse(false);
}
}
catch (DatabaseOperationException $e)
@ -56,10 +58,14 @@
{
if (!PasswordManager::verifyPassword($request->getPeer()->getUuid(), $rpcRequest->getParameter('existing_password')))
{
return $rpcRequest->produceError(StandardError::METHOD_NOT_ALLOWED, "Failed to update password due to incorrect existing password");
return $rpcRequest->produceResponse(false);
}
}
catch (Exception $e)
catch(CryptographyException $e)
{
throw new StandardRpcException($e->getMessage(), StandardError::CRYPTOGRAPHIC_ERROR, $e);
}
catch (DatabaseOperationException $e)
{
throw new StandardRpcException('Failed to verify existing password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e);
}
@ -69,7 +75,11 @@
// Set the password
PasswordManager::updatePassword($request->getPeer(), $rpcRequest->getParameter('password'));
}
catch(Exception $e)
catch(CryptographyException $e)
{
throw new StandardRpcException($e->getMessage(), StandardError::CRYPTOGRAPHIC_ERROR, $e);
}
catch(DatabaseOperationException $e)
{
throw new StandardRpcException('Failed to set password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e);
}