SetCryptKey() use APP_SALT

This way the key is something the server has and something the user knows.
So that both can revoke the key validity.
This commit is contained in:
djmaze 2021-11-12 08:43:33 +01:00
parent 0de87e334c
commit 9b0f9be23c
2 changed files with 3 additions and 3 deletions

View file

@ -160,7 +160,7 @@ abstract class Account implements \JsonSerializable
bool $bThrowException = false): ?self
{
$oAccount = null;
if (\strlen($sEmail) && \strlen($sLogin) && \strlen($sPassword)) {
if ($sEmail && $sLogin && $sPassword) {
$oDomain = $oActions->DomainProvider()->Load(\MailSo\Base\Utils::GetDomainFromEmail($sEmail), true);
if ($oDomain) {
if ($oDomain->ValidateWhiteList($sEmail, $sLogin)) {

View file

@ -15,13 +15,13 @@ class MainAccount extends Account
public function CryptKey() : string
{
if (!$this->sCryptKey) {
$this->SetCryptKey($this->IncPassword() ?: APP_SALT);
$this->SetCryptKey($this->IncPassword());
}
return $this->sCryptKey;
}
public function SetCryptKey(string $sKey) : void
{
$this->sCryptKey = \sha1($sKey, true);
$this->sCryptKey = \sha1($sKey . APP_SALT, true);
}
}