mirror of
https://github.com/the-djmaze/snappymail.git
synced 2026-07-10 15:08:28 +03:00
Rename the new PasswordHash() to CryptKey() and added SetCryptKey() to support XOAUTHBEARER/XOAuth2 and others
This commit is contained in:
parent
1767ba7ec9
commit
4690f367c1
4 changed files with 24 additions and 11 deletions
|
|
@ -63,7 +63,7 @@ trait Accounts
|
|||
$aAccounts
|
||||
));
|
||||
}
|
||||
$sHash = $oMainAccount->PasswordHash();
|
||||
$sHash = $oMainAccount->CryptKey();
|
||||
foreach ($aAccounts as $sEmail => $sToken) {
|
||||
try {
|
||||
$aNewAccounts[$sEmail] = [
|
||||
|
|
|
|||
|
|
@ -242,9 +242,9 @@ trait Contacts
|
|||
protected function setContactsSyncData(\RainLoop\Model\Account $oAccount, array $aData) : bool
|
||||
{
|
||||
if ($aData['Password']) {
|
||||
$aData['Password'] = \SnappyMail\Crypt::EncryptToJSON($aData['Password'], $oAccount->PasswordHash());
|
||||
$aData['Password'] = \SnappyMail\Crypt::EncryptToJSON($aData['Password'], $oAccount->CryptKey());
|
||||
}
|
||||
$aData['PasswordHMAC'] = $aData['Password'] ? \hash_hmac('sha1', $aData['Password'], $oAccount->PasswordHash()) : null;
|
||||
$aData['PasswordHMAC'] = $aData['Password'] ? \hash_hmac('sha1', $aData['Password'], $oAccount->CryptKey()) : null;
|
||||
return $this->StorageProvider()->Put(
|
||||
$oAccount,
|
||||
\RainLoop\Providers\Storage\Enumerations\StorageType::CONFIG,
|
||||
|
|
@ -264,14 +264,14 @@ trait Contacts
|
|||
if ($aData) {
|
||||
if ($aData['Password']) {
|
||||
// Verify oAccount password hasn't changed so that Password can be decrypted
|
||||
if ($aData['PasswordHMAC'] !== \hash_hmac('sha1', $aData['Password'], $oAccount->PasswordHash())) {
|
||||
if ($aData['PasswordHMAC'] !== \hash_hmac('sha1', $aData['Password'], $oAccount->CryptKey())) {
|
||||
// Failed
|
||||
$aData['Password'] = null;
|
||||
} else {
|
||||
// Success
|
||||
$aData['Password'] = \SnappyMail\Crypt::DecryptFromJSON(
|
||||
$aData['Password'],
|
||||
$oAccount->PasswordHash()
|
||||
$oAccount->CryptKey()
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ class Account implements \JsonSerializable
|
|||
private $sLogin;
|
||||
|
||||
/**
|
||||
* @var int
|
||||
* @var string
|
||||
*/
|
||||
private $sPassword;
|
||||
|
||||
|
|
@ -42,6 +42,11 @@ class Account implements \JsonSerializable
|
|||
*/
|
||||
private $oDomain;
|
||||
|
||||
/**
|
||||
* @var string
|
||||
*/
|
||||
private $sCryptKey;
|
||||
|
||||
public function Email() : string
|
||||
{
|
||||
return $this->sEmail;
|
||||
|
|
@ -94,9 +99,12 @@ class Account implements \JsonSerializable
|
|||
return $this->IncPassword();
|
||||
}
|
||||
|
||||
public function PasswordHash() : string
|
||||
public function CryptKey() : string
|
||||
{
|
||||
return \sha1($this->IncPassword() ?: APP_SALT, true);
|
||||
if (!$this->sCryptKey) {
|
||||
$this->SetCryptKey($this->IncPassword() ?: APP_SALT);
|
||||
}
|
||||
return $this->sCryptKey;
|
||||
}
|
||||
|
||||
public function ClientCert() : string
|
||||
|
|
@ -124,6 +132,11 @@ class Account implements \JsonSerializable
|
|||
$this->sPassword = $sPassword;
|
||||
}
|
||||
|
||||
public function SetCryptKey(string $sKey) : void
|
||||
{
|
||||
$this->sCryptKey = \sha1($sKey, true);
|
||||
}
|
||||
|
||||
public function SetProxyAuthUser(string $sProxyAuthUser) : void
|
||||
{
|
||||
$this->sProxyAuthUser = $sProxyAuthUser;
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ class AdditionalAccount extends Account
|
|||
$this->sParentEmail = \trim(\MailSo\Base\Utils::IdnToAscii($sParentEmail, true));
|
||||
}
|
||||
|
||||
public function PasswordHash() : string
|
||||
public function CryptKey() : string
|
||||
{
|
||||
throw new \LogicException('Not allowed on AdditionalAccount');
|
||||
}
|
||||
|
|
@ -41,7 +41,7 @@ class AdditionalAccount extends Account
|
|||
|
||||
public function asTokenArray(Account $oMainAccount) : array
|
||||
{
|
||||
$sHash = $oMainAccount->PasswordHash();
|
||||
$sHash = $oMainAccount->CryptKey();
|
||||
$aData = $this->jsonSerialize();
|
||||
$aData[3] = \SnappyMail\Crypt::EncryptUrlSafe($aData[3], $sHash);
|
||||
$aData[] = \hash_hmac('sha1', $aData[3], $sHash);
|
||||
|
|
@ -55,7 +55,7 @@ class AdditionalAccount extends Account
|
|||
{
|
||||
$iCount = \count($aAccountHash);
|
||||
if (!empty($aAccountHash[0]) && 'account' === $aAccountHash[0] && 8 <= $iCount && 9 >= $iCount) {
|
||||
$sHash = $oActions->getMainAccountFromToken()->PasswordHash();
|
||||
$sHash = $oActions->getMainAccountFromToken()->CryptKey();
|
||||
$sPasswordHMAC = (8 < $iCount) ? \array_pop($aAccountHash) : null;
|
||||
$sParentEmail = \array_pop($aAccountHash);
|
||||
if ($sPasswordHMAC && $sPasswordHMAC === \hash_hmac('sha1', $aAccountHash[3], $sHash)) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue