Nosial/socialbox-php
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Made message signing in Cryptography use SHA512 as the message content for... #1

Closed
netkas wants to merge 421 commits from master into dev
pull from: master
merge into: Nosial:dev
Conversation 3 Commits 421 Files changed 226 +15 -7
2 changed files with 15 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit bda8fdc623 - Show all commits

8
src/Socialbox/Classes/StandardMethods/VerificationGetImageCaptcha.php
View file

@ -4,7 +4,7 @@
use Gregwar\Captcha\CaptchaBuilder; use Gregwar\Captcha\CaptchaBuilder;
use Socialbox\Abstracts\Method; use Socialbox\Abstracts\Method;
use Socialbox\Classes\Logger; use Socialbox\Enums\Flags\SessionFlags;
use Socialbox\Enums\StandardError; use Socialbox\Enums\StandardError;
use Socialbox\Exceptions\DatabaseOperationException; use Socialbox\Exceptions\DatabaseOperationException;
use Socialbox\Exceptions\StandardException; use Socialbox\Exceptions\StandardException;
@ -22,18 +22,16 @@
public static function execute(ClientRequest $request, RpcRequest $rpcRequest): ?SerializableInterface public static function execute(ClientRequest $request, RpcRequest $rpcRequest): ?SerializableInterface
{ {
$session = $request->getSession(); $session = $request->getSession();
// Check for session conditions // Check for session conditions
if($session->getPeerUuid() === null) if(!$session->flagExists(SessionFlags::VER_IMAGE_CAPTCHA))
{ {
return $rpcRequest->produceError(StandardError::AUTHENTICATION_REQUIRED); return $rpcRequest->produceError(StandardError::METHOD_NOT_ALLOWED, 'Solving an image captcha is not required at this time');
} }
$peer = $request->getPeer(); $peer = $request->getPeer();
try try
{ {
Logger::getLogger()->debug('Creating a new captcha for peer ' . $peer->getUuid());
if(CaptchaManager::captchaExists($peer)) if(CaptchaManager::captchaExists($peer))
{ {
$captchaRecord = CaptchaManager::getCaptcha($peer); $captchaRecord = CaptchaManager::getCaptcha($peer);

14
src/Socialbox/Classes/StandardMethods/VerificationPasswordAuthentication.php
View file

@ -6,11 +6,13 @@
use Socialbox\Abstracts\Method; use Socialbox\Abstracts\Method;
use Socialbox\Classes\Cryptography; use Socialbox\Classes\Cryptography;
use Socialbox\Classes\Logger; use Socialbox\Classes\Logger;
use Socialbox\Enums\Flags\SessionFlags;
use Socialbox\Enums\StandardError; use Socialbox\Enums\StandardError;
use Socialbox\Exceptions\CryptographyException; use Socialbox\Exceptions\CryptographyException;
use Socialbox\Exceptions\StandardException; use Socialbox\Exceptions\StandardException;
use Socialbox\Interfaces\SerializableInterface; use Socialbox\Interfaces\SerializableInterface;
use Socialbox\Managers\PasswordManager; use Socialbox\Managers\PasswordManager;
use Socialbox\Managers\SessionManager;
use Socialbox\Objects\ClientRequest; use Socialbox\Objects\ClientRequest;
use Socialbox\Objects\RpcRequest; use Socialbox\Objects\RpcRequest;
@ -32,9 +34,16 @@
return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Invalid 'password' parameter, must be a valid SHA-512 hash"); return $rpcRequest->produceError(StandardError::RPC_INVALID_ARGUMENTS, "Invalid 'password' parameter, must be a valid SHA-512 hash");
} }
$session = $request->getSession();
if(!$session->flagExists(SessionFlags::VER_PASSWORD))
{
return $rpcRequest->produceError(StandardError::FORBIDDEN, 'Password verification is not required at this time');
}
try try
{ {
return $rpcRequest->produceResponse(PasswordManager::verifyPassword($request->getPeer()->getUuid(), $rpcRequest->getParameter('password'))); $result = PasswordManager::verifyPassword($request->getPeer()->getUuid(), $rpcRequest->getParameter('password'));
SessionManager::updateFlow($request->getSession(), [SessionFlags::VER_PASSWORD]);
} }
catch (CryptographyException) catch (CryptographyException)
{ {
@ -42,8 +51,9 @@
} }
catch (Exception $e) catch (Exception $e)
{ {
Logger::getLogger()->error('Failed to verify password due to an internal exception', $e);
throw new StandardException('Failed to verify password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e); throw new StandardException('Failed to verify password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e);
} }
return $rpcRequest->produceResponse($result);
} }
} }