mirror of
https://github.com/the-djmaze/snappymail.git
synced 2026-07-13 03:27:39 +03:00
Set more #[\SensitiveParameter] for #1343
This commit is contained in:
parent
f869ed5121
commit
7bd76a19b5
4 changed files with 31 additions and 7 deletions
|
|
@ -22,7 +22,10 @@ trait UserAuth
|
||||||
/**
|
/**
|
||||||
* @throws \RainLoop\Exceptions\ClientException
|
* @throws \RainLoop\Exceptions\ClientException
|
||||||
*/
|
*/
|
||||||
public function resolveLoginCredentials(string &$sEmail, string &$sPassword, string &$sLogin): void
|
public function resolveLoginCredentials(string &$sEmail,
|
||||||
|
#[\SensitiveParameter]
|
||||||
|
string &$sPassword,
|
||||||
|
string &$sLogin): void
|
||||||
{
|
{
|
||||||
$this->Plugins()->RunHook('login.credentials.step-1', array(&$sEmail));
|
$this->Plugins()->RunHook('login.credentials.step-1', array(&$sEmail));
|
||||||
|
|
||||||
|
|
@ -113,7 +116,11 @@ trait UserAuth
|
||||||
/**
|
/**
|
||||||
* @throws \RainLoop\Exceptions\ClientException
|
* @throws \RainLoop\Exceptions\ClientException
|
||||||
*/
|
*/
|
||||||
public function LoginProcess(string &$sEmail, string &$sPassword, bool $bMainAccount = true): Account
|
public function LoginProcess(string &$sEmail,
|
||||||
|
#[\SensitiveParameter]
|
||||||
|
string &$sPassword,
|
||||||
|
bool $bMainAccount = true
|
||||||
|
): Account
|
||||||
{
|
{
|
||||||
$sInputEmail = $sEmail;
|
$sInputEmail = $sEmail;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -77,7 +77,11 @@ abstract class Api
|
||||||
return APP_VERSION;
|
return APP_VERSION;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static function CreateUserSsoHash(string $sEmail, string $sPassword, array $aAdditionalOptions = array(), bool $bUseTimeout = true) : ?string
|
public static function CreateUserSsoHash(string $sEmail,
|
||||||
|
#[\SensitiveParameter]
|
||||||
|
string $sPassword,
|
||||||
|
array $aAdditionalOptions = array(), bool $bUseTimeout = true
|
||||||
|
) : ?string
|
||||||
{
|
{
|
||||||
$sSsoHash = \MailSo\Base\Utils::Sha1Rand(\sha1($sPassword.$sEmail));
|
$sSsoHash = \MailSo\Base\Utils::Sha1Rand(\sha1($sPassword.$sEmail));
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -116,12 +116,18 @@ class Application extends \RainLoop\Config\AbstractConfig
|
||||||
parent::Set($sSectionKey, $sParamKey, $mParamValue);
|
parent::Set($sSectionKey, $sParamKey, $mParamValue);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function SetPassword(string $sPassword) : void
|
public function SetPassword(
|
||||||
|
#[\SensitiveParameter]
|
||||||
|
string $sPassword
|
||||||
|
) : void
|
||||||
{
|
{
|
||||||
$this->Set('security', 'admin_password', \password_hash($sPassword, PASSWORD_DEFAULT));
|
$this->Set('security', 'admin_password', \password_hash($sPassword, PASSWORD_DEFAULT));
|
||||||
}
|
}
|
||||||
|
|
||||||
public function ValidatePassword(string $sPassword) : bool
|
public function ValidatePassword(
|
||||||
|
#[\SensitiveParameter]
|
||||||
|
string $sPassword
|
||||||
|
) : bool
|
||||||
{
|
{
|
||||||
$sConfigPassword = (string) $this->Get('security', 'admin_password', '');
|
$sConfigPassword = (string) $this->Get('security', 'admin_password', '');
|
||||||
if (32 == \strlen($sPassword) && \md5(APP_SALT.$sPassword.APP_SALT) === $sConfigPassword) {
|
if (32 == \strlen($sPassword) && \md5(APP_SALT.$sPassword.APP_SALT) === $sConfigPassword) {
|
||||||
|
|
|
||||||
|
|
@ -130,7 +130,10 @@ trait CardDAV
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
private function getContactsPaths(DAVClient $oClient, string $sPath, string $sUser, string $sPassword, string $sProxy = '') : array
|
private function getContactsPaths(DAVClient $oClient, string $sPath, string $sUser,
|
||||||
|
#[\SensitiveParameter]
|
||||||
|
string $sPassword,
|
||||||
|
string $sProxy = '') : array
|
||||||
{
|
{
|
||||||
$aContactsPaths = array();
|
$aContactsPaths = array();
|
||||||
|
|
||||||
|
|
@ -291,7 +294,11 @@ trait CardDAV
|
||||||
return $bGood;
|
return $bGood;
|
||||||
}
|
}
|
||||||
|
|
||||||
private function getDavClientFromUrl(string $sUrl, string $sUser, string $sPassword, string $sProxy = '') : DAVClient
|
private function getDavClientFromUrl(string $sUrl, string $sUser,
|
||||||
|
#[\SensitiveParameter]
|
||||||
|
string $sPassword,
|
||||||
|
string $sProxy = ''
|
||||||
|
) : DAVClient
|
||||||
{
|
{
|
||||||
if (!\preg_match('/^http[s]?:\/\//i', $sUrl)) {
|
if (!\preg_match('/^http[s]?:\/\//i', $sUrl)) {
|
||||||
$sUrl = \preg_replace('/^fruux\.com/i', 'dav.fruux.com', $sUrl);
|
$sUrl = \preg_replace('/^fruux\.com/i', 'dav.fruux.com', $sUrl);
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue