mirror of
https://github.com/the-djmaze/snappymail.git
synced 2026-07-13 03:27:39 +03:00
Bugfix: Security issue with "remember me"
When (backup)server is compromised it is possible to decrypt RainLoop 'sign_me' files. Found by further investigating #126
This commit is contained in:
parent
aed4d9e4c2
commit
7020345739
1 changed files with 6 additions and 4 deletions
|
|
@ -293,17 +293,19 @@ trait UserAuth
|
||||||
$this->ClearSignMeData($oAccount);
|
$this->ClearSignMeData($oAccount);
|
||||||
|
|
||||||
$uuid = \SnappyMail\UUID::generate();
|
$uuid = \SnappyMail\UUID::generate();
|
||||||
|
$salt = \sha1(\microtime(true));
|
||||||
Utils::SetCookie(self::AUTH_SIGN_ME_TOKEN_KEY,
|
Utils::SetCookie(self::AUTH_SIGN_ME_TOKEN_KEY,
|
||||||
Utils::EncodeKeyValuesQ(array(
|
Utils::EncodeKeyValuesQ(array(
|
||||||
'e' => $oAccount->Email(),
|
'e' => $oAccount->Email(),
|
||||||
'u' => $uuid
|
'u' => $uuid,
|
||||||
|
's' => $salt
|
||||||
)),
|
)),
|
||||||
\time() + 3600 * 24 * 30); // 30 days
|
\time() + 3600 * 24 * 30); // 30 days
|
||||||
|
|
||||||
$this->StorageProvider()->Put($oAccount,
|
$this->StorageProvider()->Put($oAccount,
|
||||||
StorageType::SIGN_ME,
|
StorageType::SIGN_ME,
|
||||||
$uuid,
|
$uuid,
|
||||||
Utils::EncryptString($oAccount->GetAuthToken(), \sha1(APP_SALT . $uuid))
|
Utils::EncryptString($oAccount->GetAuthToken(), $salt)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -313,7 +315,7 @@ trait UserAuth
|
||||||
|
|
||||||
$aTokenData = static::GetSignMeToken();
|
$aTokenData = static::GetSignMeToken();
|
||||||
if (!empty($aTokenData)) {
|
if (!empty($aTokenData)) {
|
||||||
if (!empty($aTokenData['e']) && !empty($aTokenData['u']) && \SnappyMail\UUID::isValid($aTokenData['u'])) {
|
if (!empty($aTokenData['e']) && !empty($aTokenData['u']) && !empty($aTokenData['s']) && \SnappyMail\UUID::isValid($aTokenData['u'])) {
|
||||||
$sAuthToken = $this->StorageProvider()->Get($aTokenData['e'],
|
$sAuthToken = $this->StorageProvider()->Get($aTokenData['e'],
|
||||||
StorageType::SIGN_ME,
|
StorageType::SIGN_ME,
|
||||||
$aTokenData['u']
|
$aTokenData['u']
|
||||||
|
|
@ -321,7 +323,7 @@ trait UserAuth
|
||||||
if (empty($sAuthToken)) {
|
if (empty($sAuthToken)) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
$sAuthToken = Utils::DecryptString($sAuthToken, \sha1(APP_SALT . $aTokenData['u']));
|
$sAuthToken = Utils::DecryptString($sAuthToken, $aTokenData['s']);
|
||||||
if (!empty($sAuthToken)) {
|
if (!empty($sAuthToken)) {
|
||||||
$oAccount = $this->GetAccountFromCustomToken($sAuthToken, false, false, true);
|
$oAccount = $this->GetAccountFromCustomToken($sAuthToken, false, false, true);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue