Set more #[\SensitiveParameter] for #1343

This commit is contained in:
the-djmaze 2023-12-04 00:41:20 +01:00
parent f869ed5121
commit 7bd76a19b5
4 changed files with 31 additions and 7 deletions

View file

@ -22,7 +22,10 @@ trait UserAuth
/** /**
* @throws \RainLoop\Exceptions\ClientException * @throws \RainLoop\Exceptions\ClientException
*/ */
public function resolveLoginCredentials(string &$sEmail, string &$sPassword, string &$sLogin): void public function resolveLoginCredentials(string &$sEmail,
#[\SensitiveParameter]
string &$sPassword,
string &$sLogin): void
{ {
$this->Plugins()->RunHook('login.credentials.step-1', array(&$sEmail)); $this->Plugins()->RunHook('login.credentials.step-1', array(&$sEmail));
@ -113,7 +116,11 @@ trait UserAuth
/** /**
* @throws \RainLoop\Exceptions\ClientException * @throws \RainLoop\Exceptions\ClientException
*/ */
public function LoginProcess(string &$sEmail, string &$sPassword, bool $bMainAccount = true): Account public function LoginProcess(string &$sEmail,
#[\SensitiveParameter]
string &$sPassword,
bool $bMainAccount = true
): Account
{ {
$sInputEmail = $sEmail; $sInputEmail = $sEmail;

View file

@ -77,7 +77,11 @@ abstract class Api
return APP_VERSION; return APP_VERSION;
} }
public static function CreateUserSsoHash(string $sEmail, string $sPassword, array $aAdditionalOptions = array(), bool $bUseTimeout = true) : ?string public static function CreateUserSsoHash(string $sEmail,
#[\SensitiveParameter]
string $sPassword,
array $aAdditionalOptions = array(), bool $bUseTimeout = true
) : ?string
{ {
$sSsoHash = \MailSo\Base\Utils::Sha1Rand(\sha1($sPassword.$sEmail)); $sSsoHash = \MailSo\Base\Utils::Sha1Rand(\sha1($sPassword.$sEmail));

View file

@ -116,12 +116,18 @@ class Application extends \RainLoop\Config\AbstractConfig
parent::Set($sSectionKey, $sParamKey, $mParamValue); parent::Set($sSectionKey, $sParamKey, $mParamValue);
} }
public function SetPassword(string $sPassword) : void public function SetPassword(
#[\SensitiveParameter]
string $sPassword
) : void
{ {
$this->Set('security', 'admin_password', \password_hash($sPassword, PASSWORD_DEFAULT)); $this->Set('security', 'admin_password', \password_hash($sPassword, PASSWORD_DEFAULT));
} }
public function ValidatePassword(string $sPassword) : bool public function ValidatePassword(
#[\SensitiveParameter]
string $sPassword
) : bool
{ {
$sConfigPassword = (string) $this->Get('security', 'admin_password', ''); $sConfigPassword = (string) $this->Get('security', 'admin_password', '');
if (32 == \strlen($sPassword) && \md5(APP_SALT.$sPassword.APP_SALT) === $sConfigPassword) { if (32 == \strlen($sPassword) && \md5(APP_SALT.$sPassword.APP_SALT) === $sConfigPassword) {

View file

@ -130,7 +130,10 @@ trait CardDAV
return null; return null;
} }
private function getContactsPaths(DAVClient $oClient, string $sPath, string $sUser, string $sPassword, string $sProxy = '') : array private function getContactsPaths(DAVClient $oClient, string $sPath, string $sUser,
#[\SensitiveParameter]
string $sPassword,
string $sProxy = '') : array
{ {
$aContactsPaths = array(); $aContactsPaths = array();
@ -291,7 +294,11 @@ trait CardDAV
return $bGood; return $bGood;
} }
private function getDavClientFromUrl(string $sUrl, string $sUser, string $sPassword, string $sProxy = '') : DAVClient private function getDavClientFromUrl(string $sUrl, string $sUser,
#[\SensitiveParameter]
string $sPassword,
string $sProxy = ''
) : DAVClient
{ {
if (!\preg_match('/^http[s]?:\/\//i', $sUrl)) { if (!\preg_match('/^http[s]?:\/\//i', $sUrl)) {
$sUrl = \preg_replace('/^fruux\.com/i', 'dav.fruux.com', $sUrl); $sUrl = \preg_replace('/^fruux\.com/i', 'dav.fruux.com', $sUrl);