Set more #[\SensitiveParameter] for #1343

This commit is contained in:
the-djmaze 2023-12-04 00:41:20 +01:00
parent f869ed5121
commit 7bd76a19b5
4 changed files with 31 additions and 7 deletions

View file

@ -22,7 +22,10 @@ trait UserAuth
/**
* @throws \RainLoop\Exceptions\ClientException
*/
public function resolveLoginCredentials(string &$sEmail, string &$sPassword, string &$sLogin): void
public function resolveLoginCredentials(string &$sEmail,
#[\SensitiveParameter]
string &$sPassword,
string &$sLogin): void
{
$this->Plugins()->RunHook('login.credentials.step-1', array(&$sEmail));
@ -113,7 +116,11 @@ trait UserAuth
/**
* @throws \RainLoop\Exceptions\ClientException
*/
public function LoginProcess(string &$sEmail, string &$sPassword, bool $bMainAccount = true): Account
public function LoginProcess(string &$sEmail,
#[\SensitiveParameter]
string &$sPassword,
bool $bMainAccount = true
): Account
{
$sInputEmail = $sEmail;

View file

@ -77,7 +77,11 @@ abstract class Api
return APP_VERSION;
}
public static function CreateUserSsoHash(string $sEmail, string $sPassword, array $aAdditionalOptions = array(), bool $bUseTimeout = true) : ?string
public static function CreateUserSsoHash(string $sEmail,
#[\SensitiveParameter]
string $sPassword,
array $aAdditionalOptions = array(), bool $bUseTimeout = true
) : ?string
{
$sSsoHash = \MailSo\Base\Utils::Sha1Rand(\sha1($sPassword.$sEmail));

View file

@ -116,12 +116,18 @@ class Application extends \RainLoop\Config\AbstractConfig
parent::Set($sSectionKey, $sParamKey, $mParamValue);
}
public function SetPassword(string $sPassword) : void
public function SetPassword(
#[\SensitiveParameter]
string $sPassword
) : void
{
$this->Set('security', 'admin_password', \password_hash($sPassword, PASSWORD_DEFAULT));
}
public function ValidatePassword(string $sPassword) : bool
public function ValidatePassword(
#[\SensitiveParameter]
string $sPassword
) : bool
{
$sConfigPassword = (string) $this->Get('security', 'admin_password', '');
if (32 == \strlen($sPassword) && \md5(APP_SALT.$sPassword.APP_SALT) === $sConfigPassword) {

View file

@ -130,7 +130,10 @@ trait CardDAV
return null;
}
private function getContactsPaths(DAVClient $oClient, string $sPath, string $sUser, string $sPassword, string $sProxy = '') : array
private function getContactsPaths(DAVClient $oClient, string $sPath, string $sUser,
#[\SensitiveParameter]
string $sPassword,
string $sProxy = '') : array
{
$aContactsPaths = array();
@ -291,7 +294,11 @@ trait CardDAV
return $bGood;
}
private function getDavClientFromUrl(string $sUrl, string $sUser, string $sPassword, string $sProxy = '') : DAVClient
private function getDavClientFromUrl(string $sUrl, string $sUser,
#[\SensitiveParameter]
string $sPassword,
string $sProxy = ''
) : DAVClient
{
if (!\preg_match('/^http[s]?:\/\//i', $sUrl)) {
$sUrl = \preg_replace('/^fruux\.com/i', 'dav.fruux.com', $sUrl);