Nosial/socialbox-php
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Made message signing in Cryptography use SHA512 as the message content for... #1

Closed
netkas wants to merge 421 commits from master into dev
pull from: master
merge into: Nosial:dev
Conversation 3 Commits 421 Files changed 226 +239 -70
11 changed files with 239 additions and 70 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 85814913e4 - Show all commits

14
src/Socialbox/Classes/Cryptography.php
View file

@ -642,7 +642,6 @@
* *
* @param string $hash The hash string to be validated. * @param string $hash The hash string to be validated.
* @return bool Returns true if the hash is valid and meets current security standards. * @return bool Returns true if the hash is valid and meets current security standards.
* @throws CryptographyException If the hash format is invalid or does not meet security requirements.
*/ */
public static function validatePasswordHash(string $hash): bool public static function validatePasswordHash(string $hash): bool
{ {
@ -652,22 +651,21 @@
$argon2id_pattern = '/^\$argon2id\$v=\d+\$m=\d+,t=\d+,p=\d+\$[A-Za-z0-9+\/=]+\$[A-Za-z0-9+\/=]+$/D'; $argon2id_pattern = '/^\$argon2id\$v=\d+\$m=\d+,t=\d+,p=\d+\$[A-Za-z0-9+\/=]+\$[A-Za-z0-9+\/=]+$/D';
if (!preg_match($argon2id_pattern, $hash)) if (!preg_match($argon2id_pattern, $hash))
{ {
throw new CryptographyException("Invalid hash format"); return false;
} }
// Step 2: Check if it needs rehashing (validates the hash structure) // Step 2: Check if it needs rehashing (validates the hash structure)
if (sodium_crypto_pwhash_str_needs_rehash($hash, SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE)) if (sodium_crypto_pwhash_str_needs_rehash($hash, SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE))
{ {
throw new CryptographyException("Hash does not meet current security requirements"); return false;
} }
// If all checks pass, the hash is valid.
return true;
} }
catch (Exception $e) catch (Exception)
{ {
throw new CryptographyException("Invalid hash: " . $e->getMessage()); return false;
} }
return true;
} }
/** /**

6
src/Socialbox/Classes/StandardMethods/GetSessionState.php
View file

@ -3,7 +3,6 @@
namespace Socialbox\Classes\StandardMethods; namespace Socialbox\Classes\StandardMethods;
use Socialbox\Abstracts\Method; use Socialbox\Abstracts\Method;
use Socialbox\Enums\StandardError;
use Socialbox\Interfaces\SerializableInterface; use Socialbox\Interfaces\SerializableInterface;
use Socialbox\Objects\ClientRequest; use Socialbox\Objects\ClientRequest;
use Socialbox\Objects\RpcRequest; use Socialbox\Objects\RpcRequest;
@ -16,11 +15,6 @@
*/ */
public static function execute(ClientRequest $request, RpcRequest $rpcRequest): ?SerializableInterface public static function execute(ClientRequest $request, RpcRequest $rpcRequest): ?SerializableInterface
{ {
if($request->getSessionUuid() === null)
{
return $rpcRequest->produceError(StandardError::SESSION_REQUIRED);
}
return $rpcRequest->produceResponse($request->getSession()->toStandardSessionState()); return $rpcRequest->produceResponse($request->getSession()->toStandardSessionState());
} }
} }

53
src/Socialbox/Classes/StandardMethods/SettingsDeletePassword.php Normal file
View file

@ -0,0 +1,53 @@
<?php
namespace Socialbox\Classes\StandardMethods;
use Exception;
use Socialbox\Abstracts\Method;
use Socialbox\Classes\Configuration;
use Socialbox\Classes\Cryptography;
use Socialbox\Enums\StandardError;
use Socialbox\Exceptions\DatabaseOperationException;
use Socialbox\Exceptions\StandardException;
use Socialbox\Interfaces\SerializableInterface;
use Socialbox\Managers\PasswordManager;
use Socialbox\Objects\ClientRequest;
use Socialbox\Objects\RpcRequest;
class SettingsDeletePassword extends Method
{
/**
* @inheritDoc
*/
public static function execute(ClientRequest $request, RpcRequest $rpcRequest): ?SerializableInterface
{
if(Configuration::getRegistrationConfiguration()->isPasswordRequired())
{
return $rpcRequest->produceError(StandardError::FORBIDDEN, 'A password is required for this server');
}
try
{
if (!PasswordManager::usesPassword($request->getPeer()->getUuid()))
{
return $rpcRequest->produceError(StandardError::METHOD_NOT_ALLOWED, "Cannot update password when one isn't already set, use 'settingsSetPassword' instead");
}
}
catch (DatabaseOperationException $e)
{
throw new StandardException('Failed to check password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e);
}
try
{
// Set the password
PasswordManager::updatePassword($request->getPeer(), $rpcRequest->getParameter('password'));
}
catch(Exception $e)
{
throw new StandardException('Failed to set password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e);
}
return $rpcRequest->produceResponse(true);
}
}

17
src/Socialbox/Classes/StandardMethods/SettingsSetPassword.php
View file

@ -4,6 +4,7 @@
use Exception; use Exception;
use Socialbox\Abstracts\Method; use Socialbox\Abstracts\Method;
use Socialbox\Classes\Cryptography;
use Socialbox\Enums\Flags\SessionFlags; use Socialbox\Enums\Flags\SessionFlags;
use Socialbox\Enums\StandardError; use Socialbox\Enums\StandardError;
use Socialbox\Exceptions\DatabaseOperationException; use Socialbox\Exceptions\DatabaseOperationException;
@ -26,16 +27,16 @@
return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Missing 'password' parameter"); return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Missing 'password' parameter");
} }
if(!preg_match('/^[a-f0-9]{128}$/', $rpcRequest->getParameter('password'))) if(!Cryptography::validatePasswordHash($rpcRequest->getParameter('password')))
{ {
return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Invalid 'password' parameter, must be sha512 hexadecimal hash"); return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Invalid 'password' parameter, must be a valid argon2id hash");
} }
try try
{ {
if (PasswordManager::usesPassword($request->getPeer()->getUuid())) if (PasswordManager::usesPassword($request->getPeer()->getUuid()))
{ {
return $rpcRequest->produceError(StandardError::METHOD_NOT_ALLOWED, "Cannot set password when one is already set, use 'settingsChangePassword' instead"); return $rpcRequest->produceError(StandardError::METHOD_NOT_ALLOWED, "Cannot set password when one is already set, use 'settingsUpdatePassword' instead");
} }
} }
catch (DatabaseOperationException $e) catch (DatabaseOperationException $e)
@ -48,11 +49,11 @@
// Set the password // Set the password
PasswordManager::setPassword($request->getPeer(), $rpcRequest->getParameter('password')); PasswordManager::setPassword($request->getPeer(), $rpcRequest->getParameter('password'));
// Remove the SET_PASSWORD flag // Remove the SET_PASSWORD flag & update the session flow if necessary
SessionManager::removeFlags($request->getSessionUuid(), [SessionFlags::SET_PASSWORD]); if($request->getSession()->flagExists(SessionFlags::SET_PASSWORD))
{
// Check & update the session flow SessionManager::updateFlow($request->getSession(), [SessionFlags::SET_PASSWORD]);
SessionManager::updateFlow($request->getSession()); }
} }
catch(Exception $e) catch(Exception $e)
{ {

57
src/Socialbox/Classes/StandardMethods/SettingsUpdatePassword.php Normal file
View file

@ -0,0 +1,57 @@
<?php
namespace Socialbox\Classes\StandardMethods;
use Exception;
use Socialbox\Abstracts\Method;
use Socialbox\Classes\Cryptography;
use Socialbox\Enums\StandardError;
use Socialbox\Exceptions\DatabaseOperationException;
use Socialbox\Exceptions\StandardException;
use Socialbox\Interfaces\SerializableInterface;
use Socialbox\Managers\PasswordManager;
use Socialbox\Objects\ClientRequest;
use Socialbox\Objects\RpcRequest;
class SettingsUpdatePassword extends Method
{
/**
* @inheritDoc
*/
public static function execute(ClientRequest $request, RpcRequest $rpcRequest): ?SerializableInterface
{
if(!$rpcRequest->containsParameter('password'))
{
return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Missing 'password' parameter");
}
if(!Cryptography::validatePasswordHash($rpcRequest->getParameter('password')))
{
return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Invalid 'password' parameter, must be a valid argon2id hash");
}
try
{
if (!PasswordManager::usesPassword($request->getPeer()->getUuid()))
{
return $rpcRequest->produceError(StandardError::METHOD_NOT_ALLOWED, "Cannot update password when one isn't already set, use 'settingsSetPassword' instead");
}
}
catch (DatabaseOperationException $e)
{
throw new StandardException('Failed to check password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e);
}
try
{
// Set the password
PasswordManager::updatePassword($request->getPeer(), $rpcRequest->getParameter('password'));
}
catch(Exception $e)
{
throw new StandardException('Failed to set password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e);
}
return $rpcRequest->produceResponse(true);
}
}

12
src/Socialbox/Enums/StandardError.php
View file

@ -7,7 +7,7 @@ enum StandardError : int
// Fallback Codes // Fallback Codes
case UNKNOWN = -1; case UNKNOWN = -1;
// Server/Request Errors // Generic Errors
case INTERNAL_SERVER_ERROR = -100; case INTERNAL_SERVER_ERROR = -100;
case SERVER_UNAVAILABLE = -101; case SERVER_UNAVAILABLE = -101;
case BAD_REQUEST = -102; case BAD_REQUEST = -102;
@ -26,12 +26,7 @@ enum StandardError : int
// Authentication/Cryptography Errors // Authentication/Cryptography Errors
case INVALID_PUBLIC_KEY = -4000; // * case INVALID_PUBLIC_KEY = -4000; // *
case SESSION_REQUIRED = -5001; // *
case SESSION_NOT_FOUND = -5002; // * case SESSION_NOT_FOUND = -5002; // *
case SESSION_EXPIRED = -5003; // *
case SESSION_DHE_REQUIRED = -5004; // *
case ALREADY_AUTHENTICATED = -6005; case ALREADY_AUTHENTICATED = -6005;
case UNSUPPORTED_AUTHENTICATION_TYPE = -6006; case UNSUPPORTED_AUTHENTICATION_TYPE = -6006;
case AUTHENTICATION_REQUIRED = -6007; case AUTHENTICATION_REQUIRED = -6007;
@ -55,7 +50,7 @@ enum StandardError : int
{ {
return match ($this) return match ($this)
{ {
self::UNKNOWN => 'Unknown Error', default => 'Unknown Error',
self::RPC_METHOD_NOT_FOUND => 'The request method was not found', self::RPC_METHOD_NOT_FOUND => 'The request method was not found',
self::RPC_INVALID_ARGUMENTS => 'The request method contains one or more invalid arguments', self::RPC_INVALID_ARGUMENTS => 'The request method contains one or more invalid arguments',
@ -68,7 +63,6 @@ enum StandardError : int
self::ALREADY_AUTHENTICATED => 'The action cannot be preformed while authenticated', self::ALREADY_AUTHENTICATED => 'The action cannot be preformed while authenticated',
self::AUTHENTICATION_REQUIRED => 'Authentication is required to preform this action', self::AUTHENTICATION_REQUIRED => 'Authentication is required to preform this action',
self::SESSION_NOT_FOUND => 'The requested session UUID was not found', self::SESSION_NOT_FOUND => 'The requested session UUID was not found',
self::SESSION_REQUIRED => 'A session is required to preform this action',
self::REGISTRATION_DISABLED => 'Registration is disabled on the server', self::REGISTRATION_DISABLED => 'Registration is disabled on the server',
self::CAPTCHA_NOT_AVAILABLE => 'Captcha is not available', self::CAPTCHA_NOT_AVAILABLE => 'Captcha is not available',
self::INCORRECT_CAPTCHA_ANSWER => 'The Captcha answer is incorrect', self::INCORRECT_CAPTCHA_ANSWER => 'The Captcha answer is incorrect',
@ -79,8 +73,6 @@ enum StandardError : int
self::USERNAME_ALREADY_EXISTS => 'The given username already exists on the network', self::USERNAME_ALREADY_EXISTS => 'The given username already exists on the network',
self::NOT_REGISTERED => 'The given username is not registered on the server', self::NOT_REGISTERED => 'The given username is not registered on the server',
self::METHOD_NOT_ALLOWED => 'The requested method is not allowed', self::METHOD_NOT_ALLOWED => 'The requested method is not allowed',
self::SESSION_EXPIRED => 'The session has expired',
self::SESSION_DHE_REQUIRED => 'The session requires DHE to be established',
}; };
} }

98
src/Socialbox/Enums/StandardMethods.php
View file

@ -2,6 +2,7 @@
namespace Socialbox\Enums; namespace Socialbox\Enums;
use Socialbox\Classes\Configuration;
use Socialbox\Classes\StandardMethods\AcceptCommunityGuidelines; use Socialbox\Classes\StandardMethods\AcceptCommunityGuidelines;
use Socialbox\Classes\StandardMethods\AcceptPrivacyPolicy; use Socialbox\Classes\StandardMethods\AcceptPrivacyPolicy;
use Socialbox\Classes\StandardMethods\AcceptTermsOfService; use Socialbox\Classes\StandardMethods\AcceptTermsOfService;
@ -12,9 +13,11 @@
use Socialbox\Classes\StandardMethods\Ping; use Socialbox\Classes\StandardMethods\Ping;
use Socialbox\Classes\StandardMethods\SettingsAddSigningKey; use Socialbox\Classes\StandardMethods\SettingsAddSigningKey;
use Socialbox\Classes\StandardMethods\SettingsDeleteDisplayName; use Socialbox\Classes\StandardMethods\SettingsDeleteDisplayName;
use Socialbox\Classes\StandardMethods\SettingsDeletePassword;
use Socialbox\Classes\StandardMethods\SettingsGetSigningKeys; use Socialbox\Classes\StandardMethods\SettingsGetSigningKeys;
use Socialbox\Classes\StandardMethods\SettingsSetDisplayName; use Socialbox\Classes\StandardMethods\SettingsSetDisplayName;
use Socialbox\Classes\StandardMethods\SettingsSetPassword; use Socialbox\Classes\StandardMethods\SettingsSetPassword;
use Socialbox\Classes\StandardMethods\SettingsUpdatePassword;
use Socialbox\Classes\StandardMethods\VerificationAnswerImageCaptcha; use Socialbox\Classes\StandardMethods\VerificationAnswerImageCaptcha;
use Socialbox\Classes\StandardMethods\VerificationGetImageCaptcha; use Socialbox\Classes\StandardMethods\VerificationGetImageCaptcha;
use Socialbox\Enums\Flags\SessionFlags; use Socialbox\Enums\Flags\SessionFlags;
@ -54,6 +57,8 @@
case VERIFICATION_ANSWER_EXTERNAL_URL = 'verificationAnswerExternalUrl'; case VERIFICATION_ANSWER_EXTERNAL_URL = 'verificationAnswerExternalUrl';
case SETTINGS_SET_PASSWORD = 'settingsSetPassword'; case SETTINGS_SET_PASSWORD = 'settingsSetPassword';
case SETTINGS_UPDATE_PASSWORD = 'settingsUpdatePassword';
case SETTINGS_DELETE_PASSWORD = 'settingsDeletePassword';
case SETTINGS_SET_OTP = 'settingsSetOtp'; case SETTINGS_SET_OTP = 'settingsSetOtp';
case SETTINGS_SET_DISPLAY_NAME = 'settingsSetDisplayName'; case SETTINGS_SET_DISPLAY_NAME = 'settingsSetDisplayName';
case SETTINGS_DELETE_DISPLAY_NAME = 'settingsDeleteDisplayName'; case SETTINGS_DELETE_DISPLAY_NAME = 'settingsDeleteDisplayName';
@ -91,6 +96,8 @@
self::VERIFICATION_ANSWER_IMAGE_CAPTCHA => VerificationAnswerImageCaptcha::execute($request, $rpcRequest), self::VERIFICATION_ANSWER_IMAGE_CAPTCHA => VerificationAnswerImageCaptcha::execute($request, $rpcRequest),
self::SETTINGS_SET_PASSWORD => SettingsSetPassword::execute($request, $rpcRequest), self::SETTINGS_SET_PASSWORD => SettingsSetPassword::execute($request, $rpcRequest),
self::SETTINGS_UPDATE_PASSWORD => SettingsUpdatePassword::execute($request, $rpcRequest),
self::SETTINGS_DELETE_PASSWORD => SettingsDeletePassword::execute($request, $rpcRequest),
self::SETTINGS_SET_DISPLAY_NAME => SettingsSetDisplayName::execute($request, $rpcRequest), self::SETTINGS_SET_DISPLAY_NAME => SettingsSetDisplayName::execute($request, $rpcRequest),
self::SETTINGS_DELETE_DISPLAY_NAME => SettingsDeleteDisplayName::execute($request, $rpcRequest), self::SETTINGS_DELETE_DISPLAY_NAME => SettingsDeleteDisplayName::execute($request, $rpcRequest),
@ -138,43 +145,28 @@
$session = $clientRequest->getSession(); $session = $clientRequest->getSession();
// If the flag `VER_PRIVACY_POLICY` is set, then the user can accept the privacy policy // If the session is external (eg; coming from a different server)
if($session->flagExists(SessionFlags::VER_PRIVACY_POLICY)) // Servers will have their own access control mechanisms
if($session->isExternal())
{ {
$methods[] = self::ACCEPT_PRIVACY_POLICY; // TODO: Implement server access control
} }
// If the session is authenticated, then allow additional method calls
// If the flag `VER_TERMS_OF_SERVICE` is set, then the user can accept the terms of service elseif($session->isAuthenticated())
if($session->flagExists(SessionFlags::VER_TERMS_OF_SERVICE))
{ {
$methods[] = self::ACCEPT_TERMS_OF_SERVICE; // These methods are always allowed for authenticated users
} $methods = array_merge($methods, [
self::SETTINGS_ADD_SIGNING_KEY,
self::SETTINGS_GET_SIGNING_KEYS,
self::SETTINGS_SET_DISPLAY_NAME,
self::SETTINGS_SET_PASSWORD,
]);
// If the flag `VER_COMMUNITY_GUIDELINES` is set, then the user can accept the community guidelines // Prevent the user from deleting their display name if it is required
if($session->flagExists(SessionFlags::VER_COMMUNITY_GUIDELINES)) if(!Configuration::getRegistrationConfiguration()->isDisplayNameRequired())
{ {
$methods[] = self::ACCEPT_COMMUNITY_GUIDELINES; $methods[] = self::SETTINGS_DELETE_DISPLAY_NAME;
} }
// If the flag `VER_IMAGE_CAPTCHA` is set, then the user has to get and answer an image captcha
if($session->flagExists(SessionFlags::VER_IMAGE_CAPTCHA))
{
$methods[] = self::VERIFICATION_GET_IMAGE_CAPTCHA;
$methods[] = self::VERIFICATION_ANSWER_IMAGE_CAPTCHA;
}
// If the flag `SET_PASSWORD` is set, then the user has to set a password
if(in_array(SessionFlags::SET_PASSWORD, $session->getFlags()))
{
$methods[] = self::SETTINGS_SET_PASSWORD;
}
// If the user is authenticated, then allow additional method calls
if($session->isAuthenticated())
{
// Authenticated users can always manage their signing keys
$methods[] = self::SETTINGS_ADD_SIGNING_KEY;
$methods[] = self::SETTINGS_GET_SIGNING_KEYS;
// Always allow the authenticated user to change their password // Always allow the authenticated user to change their password
if(!in_array(SessionFlags::SET_PASSWORD, $session->getFlags())) if(!in_array(SessionFlags::SET_PASSWORD, $session->getFlags()))
@ -182,6 +174,46 @@
$methods[] = self::SETTINGS_SET_PASSWORD; $methods[] = self::SETTINGS_SET_PASSWORD;
} }
} }
// If the session isn't authenticated nor a host, a limited set of methods is available
else
{
// If the flag `VER_PRIVACY_POLICY` is set, then the user can accept the privacy policy
if($session->flagExists(SessionFlags::VER_PRIVACY_POLICY))
{
$methods[] = self::ACCEPT_PRIVACY_POLICY;
}
// If the flag `VER_TERMS_OF_SERVICE` is set, then the user can accept the terms of service
if($session->flagExists(SessionFlags::VER_TERMS_OF_SERVICE))
{
$methods[] = self::ACCEPT_TERMS_OF_SERVICE;
}
// If the flag `VER_COMMUNITY_GUIDELINES` is set, then the user can accept the community guidelines
if($session->flagExists(SessionFlags::VER_COMMUNITY_GUIDELINES))
{
$methods[] = self::ACCEPT_COMMUNITY_GUIDELINES;
}
// If the flag `VER_IMAGE_CAPTCHA` is set, then the user has to get and answer an image captcha
if($session->flagExists(SessionFlags::VER_IMAGE_CAPTCHA))
{
$methods[] = self::VERIFICATION_GET_IMAGE_CAPTCHA;
$methods[] = self::VERIFICATION_ANSWER_IMAGE_CAPTCHA;
}
// If the flag `SET_PASSWORD` is set, then the user has to set a password
if($session->flagExists(SessionFlags::SET_PASSWORD))
{
$methods[] = self::SETTINGS_SET_PASSWORD;
}
// If the flag `SET_DISPLAY_NAME` is set, then the user has to set a display name
if($session->flagExists(SessionFlags::SET_DISPLAY_NAME))
{
$methods[] = self::SETTINGS_SET_DISPLAY_NAME;
}
}
return $methods; return $methods;
} }

26
src/Socialbox/Managers/PasswordManager.php
View file

@ -115,6 +115,32 @@
} }
} }
/**
* Deletes the stored password for a specific peer.
*
* @param string|RegisteredPeerRecord $peerUuid The unique identifier of the peer, or an instance of RegisteredPeerRecord.
* @return void
* @throws DatabaseOperationException If an error occurs during the database operation.
*/
public static function deletePassword(string|RegisteredPeerRecord $peerUuid): void
{
if($peerUuid instanceof RegisteredPeerRecord)
{
$peerUuid = $peerUuid->getUuid();
}
try
{
$stmt = Database::getConnection()->prepare('DELETE FROM authentication_passwords WHERE peer_uuid=:uuid');
$stmt->bindParam(':uuid', $peerUuid);
$stmt->execute();
}
catch(PDOException $e)
{
throw new DatabaseOperationException('An error occurred while deleting the password', $e);
}
}
/** /**
* Verifies a given password against a stored password hash for a specific peer. * Verifies a given password against a stored password hash for a specific peer.
* *

8
src/Socialbox/Managers/SessionManager.php
View file

@ -423,11 +423,12 @@
* Marks the session as complete if all necessary conditions are met. * Marks the session as complete if all necessary conditions are met.
* *
* @param SessionRecord $session The session record to evaluate and potentially mark as complete. * @param SessionRecord $session The session record to evaluate and potentially mark as complete.
* @param array $flagsToRemove An array of flags to remove from the session if it is marked as complete.
* @return void
* @throws DatabaseOperationException If there is an error while updating the session in the database. * @throws DatabaseOperationException If there is an error while updating the session in the database.
* @throws StandardException If the session record cannot be found or if there is an error during retrieval. * @throws StandardException If the session record cannot be found or if there is an error during retrieval.
* @return void
*/ */
public static function updateFlow(SessionRecord $session): void public static function updateFlow(SessionRecord $session, array $flagsToRemove=[]): void
{ {
// Don't do anything if the session is already authenticated // Don't do anything if the session is already authenticated
if(!in_array(SessionFlags::REGISTRATION_REQUIRED, $session->getFlags()) || !in_array(SessionFlags::AUTHENTICATION_REQUIRED, $session->getFlags())) if(!in_array(SessionFlags::REGISTRATION_REQUIRED, $session->getFlags()) || !in_array(SessionFlags::AUTHENTICATION_REQUIRED, $session->getFlags()))
@ -435,6 +436,9 @@
return; return;
} }
self::removeFlags($session->getUuid(), $flagsToRemove);
$session = self::getSession($session->getUuid());
// Check if all registration/authentication requirements are met // Check if all registration/authentication requirements are met
if(SessionFlags::isComplete($session->getFlags())) if(SessionFlags::isComplete($session->getFlags()))
{ {

7
src/Socialbox/Objects/Database/RegisteredPeerRecord.php
View file

@ -228,13 +228,14 @@
} }
/** /**
* Determines if the server is external. * Determines if the user is considered external by checking if the username is 'host' and the server
* is not the same as the domain from the configuration.
* *
* @return bool True if the server is external, false otherwise. * @return bool True if the user is external, false otherwise.
*/ */
public function isExternal(): bool public function isExternal(): bool
{ {
return $this->server === 'host'; return $this->username === 'host' && $this->server !== Configuration::getInstanceConfiguration()->getDomain();
} }
/** /**

11
src/Socialbox/Objects/Database/SessionRecord.php
View file

@ -260,6 +260,17 @@
return $this->clientVersion; return $this->clientVersion;
} }
/**
* Returns whether the session is external.
*
* @return bool True if the session is external, false otherwise.
* @throws DatabaseOperationException Thrown if the peer record cannot be retrieved.
*/
public function isExternal(): bool
{
return RegisteredPeerManager::getPeer($this->peerUuid)->isExternal();
}
/** /**
* Converts the current session state into a standard session state object. * Converts the current session state into a standard session state object.
* *