SetCryptKey() use APP_SALT

This way the key is something the server has and something the user knows.
So that both can revoke the key validity.
This commit is contained in:
djmaze 2021-11-12 08:43:33 +01:00
parent 0de87e334c
commit 9b0f9be23c
2 changed files with 3 additions and 3 deletions

View file

@ -160,7 +160,7 @@ abstract class Account implements \JsonSerializable
bool $bThrowException = false): ?self bool $bThrowException = false): ?self
{ {
$oAccount = null; $oAccount = null;
if (\strlen($sEmail) && \strlen($sLogin) && \strlen($sPassword)) { if ($sEmail && $sLogin && $sPassword) {
$oDomain = $oActions->DomainProvider()->Load(\MailSo\Base\Utils::GetDomainFromEmail($sEmail), true); $oDomain = $oActions->DomainProvider()->Load(\MailSo\Base\Utils::GetDomainFromEmail($sEmail), true);
if ($oDomain) { if ($oDomain) {
if ($oDomain->ValidateWhiteList($sEmail, $sLogin)) { if ($oDomain->ValidateWhiteList($sEmail, $sLogin)) {

View file

@ -15,13 +15,13 @@ class MainAccount extends Account
public function CryptKey() : string public function CryptKey() : string
{ {
if (!$this->sCryptKey) { if (!$this->sCryptKey) {
$this->SetCryptKey($this->IncPassword() ?: APP_SALT); $this->SetCryptKey($this->IncPassword());
} }
return $this->sCryptKey; return $this->sCryptKey;
} }
public function SetCryptKey(string $sKey) : void public function SetCryptKey(string $sKey) : void
{ {
$this->sCryptKey = \sha1($sKey, true); $this->sCryptKey = \sha1($sKey . APP_SALT, true);
} }
} }