mirror of
https://github.com/the-djmaze/snappymail.git
synced 2026-07-13 03:27:39 +03:00
Rename the new PasswordHash() to CryptKey() and added SetCryptKey() to support XOAUTHBEARER/XOAuth2 and others
This commit is contained in:
parent
1767ba7ec9
commit
4690f367c1
4 changed files with 24 additions and 11 deletions
|
|
@ -63,7 +63,7 @@ trait Accounts
|
||||||
$aAccounts
|
$aAccounts
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
$sHash = $oMainAccount->PasswordHash();
|
$sHash = $oMainAccount->CryptKey();
|
||||||
foreach ($aAccounts as $sEmail => $sToken) {
|
foreach ($aAccounts as $sEmail => $sToken) {
|
||||||
try {
|
try {
|
||||||
$aNewAccounts[$sEmail] = [
|
$aNewAccounts[$sEmail] = [
|
||||||
|
|
|
||||||
|
|
@ -242,9 +242,9 @@ trait Contacts
|
||||||
protected function setContactsSyncData(\RainLoop\Model\Account $oAccount, array $aData) : bool
|
protected function setContactsSyncData(\RainLoop\Model\Account $oAccount, array $aData) : bool
|
||||||
{
|
{
|
||||||
if ($aData['Password']) {
|
if ($aData['Password']) {
|
||||||
$aData['Password'] = \SnappyMail\Crypt::EncryptToJSON($aData['Password'], $oAccount->PasswordHash());
|
$aData['Password'] = \SnappyMail\Crypt::EncryptToJSON($aData['Password'], $oAccount->CryptKey());
|
||||||
}
|
}
|
||||||
$aData['PasswordHMAC'] = $aData['Password'] ? \hash_hmac('sha1', $aData['Password'], $oAccount->PasswordHash()) : null;
|
$aData['PasswordHMAC'] = $aData['Password'] ? \hash_hmac('sha1', $aData['Password'], $oAccount->CryptKey()) : null;
|
||||||
return $this->StorageProvider()->Put(
|
return $this->StorageProvider()->Put(
|
||||||
$oAccount,
|
$oAccount,
|
||||||
\RainLoop\Providers\Storage\Enumerations\StorageType::CONFIG,
|
\RainLoop\Providers\Storage\Enumerations\StorageType::CONFIG,
|
||||||
|
|
@ -264,14 +264,14 @@ trait Contacts
|
||||||
if ($aData) {
|
if ($aData) {
|
||||||
if ($aData['Password']) {
|
if ($aData['Password']) {
|
||||||
// Verify oAccount password hasn't changed so that Password can be decrypted
|
// Verify oAccount password hasn't changed so that Password can be decrypted
|
||||||
if ($aData['PasswordHMAC'] !== \hash_hmac('sha1', $aData['Password'], $oAccount->PasswordHash())) {
|
if ($aData['PasswordHMAC'] !== \hash_hmac('sha1', $aData['Password'], $oAccount->CryptKey())) {
|
||||||
// Failed
|
// Failed
|
||||||
$aData['Password'] = null;
|
$aData['Password'] = null;
|
||||||
} else {
|
} else {
|
||||||
// Success
|
// Success
|
||||||
$aData['Password'] = \SnappyMail\Crypt::DecryptFromJSON(
|
$aData['Password'] = \SnappyMail\Crypt::DecryptFromJSON(
|
||||||
$aData['Password'],
|
$aData['Password'],
|
||||||
$oAccount->PasswordHash()
|
$oAccount->CryptKey()
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,7 @@ class Account implements \JsonSerializable
|
||||||
private $sLogin;
|
private $sLogin;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @var int
|
* @var string
|
||||||
*/
|
*/
|
||||||
private $sPassword;
|
private $sPassword;
|
||||||
|
|
||||||
|
|
@ -42,6 +42,11 @@ class Account implements \JsonSerializable
|
||||||
*/
|
*/
|
||||||
private $oDomain;
|
private $oDomain;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @var string
|
||||||
|
*/
|
||||||
|
private $sCryptKey;
|
||||||
|
|
||||||
public function Email() : string
|
public function Email() : string
|
||||||
{
|
{
|
||||||
return $this->sEmail;
|
return $this->sEmail;
|
||||||
|
|
@ -94,9 +99,12 @@ class Account implements \JsonSerializable
|
||||||
return $this->IncPassword();
|
return $this->IncPassword();
|
||||||
}
|
}
|
||||||
|
|
||||||
public function PasswordHash() : string
|
public function CryptKey() : string
|
||||||
{
|
{
|
||||||
return \sha1($this->IncPassword() ?: APP_SALT, true);
|
if (!$this->sCryptKey) {
|
||||||
|
$this->SetCryptKey($this->IncPassword() ?: APP_SALT);
|
||||||
|
}
|
||||||
|
return $this->sCryptKey;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function ClientCert() : string
|
public function ClientCert() : string
|
||||||
|
|
@ -124,6 +132,11 @@ class Account implements \JsonSerializable
|
||||||
$this->sPassword = $sPassword;
|
$this->sPassword = $sPassword;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function SetCryptKey(string $sKey) : void
|
||||||
|
{
|
||||||
|
$this->sCryptKey = \sha1($sKey, true);
|
||||||
|
}
|
||||||
|
|
||||||
public function SetProxyAuthUser(string $sProxyAuthUser) : void
|
public function SetProxyAuthUser(string $sProxyAuthUser) : void
|
||||||
{
|
{
|
||||||
$this->sProxyAuthUser = $sProxyAuthUser;
|
$this->sProxyAuthUser = $sProxyAuthUser;
|
||||||
|
|
|
||||||
|
|
@ -22,7 +22,7 @@ class AdditionalAccount extends Account
|
||||||
$this->sParentEmail = \trim(\MailSo\Base\Utils::IdnToAscii($sParentEmail, true));
|
$this->sParentEmail = \trim(\MailSo\Base\Utils::IdnToAscii($sParentEmail, true));
|
||||||
}
|
}
|
||||||
|
|
||||||
public function PasswordHash() : string
|
public function CryptKey() : string
|
||||||
{
|
{
|
||||||
throw new \LogicException('Not allowed on AdditionalAccount');
|
throw new \LogicException('Not allowed on AdditionalAccount');
|
||||||
}
|
}
|
||||||
|
|
@ -41,7 +41,7 @@ class AdditionalAccount extends Account
|
||||||
|
|
||||||
public function asTokenArray(Account $oMainAccount) : array
|
public function asTokenArray(Account $oMainAccount) : array
|
||||||
{
|
{
|
||||||
$sHash = $oMainAccount->PasswordHash();
|
$sHash = $oMainAccount->CryptKey();
|
||||||
$aData = $this->jsonSerialize();
|
$aData = $this->jsonSerialize();
|
||||||
$aData[3] = \SnappyMail\Crypt::EncryptUrlSafe($aData[3], $sHash);
|
$aData[3] = \SnappyMail\Crypt::EncryptUrlSafe($aData[3], $sHash);
|
||||||
$aData[] = \hash_hmac('sha1', $aData[3], $sHash);
|
$aData[] = \hash_hmac('sha1', $aData[3], $sHash);
|
||||||
|
|
@ -55,7 +55,7 @@ class AdditionalAccount extends Account
|
||||||
{
|
{
|
||||||
$iCount = \count($aAccountHash);
|
$iCount = \count($aAccountHash);
|
||||||
if (!empty($aAccountHash[0]) && 'account' === $aAccountHash[0] && 8 <= $iCount && 9 >= $iCount) {
|
if (!empty($aAccountHash[0]) && 'account' === $aAccountHash[0] && 8 <= $iCount && 9 >= $iCount) {
|
||||||
$sHash = $oActions->getMainAccountFromToken()->PasswordHash();
|
$sHash = $oActions->getMainAccountFromToken()->CryptKey();
|
||||||
$sPasswordHMAC = (8 < $iCount) ? \array_pop($aAccountHash) : null;
|
$sPasswordHMAC = (8 < $iCount) ? \array_pop($aAccountHash) : null;
|
||||||
$sParentEmail = \array_pop($aAccountHash);
|
$sParentEmail = \array_pop($aAccountHash);
|
||||||
if ($sPasswordHMAC && $sPasswordHMAC === \hash_hmac('sha1', $aAccountHash[3], $sHash)) {
|
if ($sPasswordHMAC && $sPasswordHMAC === \hash_hmac('sha1', $aAccountHash[3], $sHash)) {
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue