Simple idea for #1343

This commit is contained in:
the-djmaze 2023-12-03 21:42:30 +01:00
parent c61c3c6ce7
commit cabc652aa2
9 changed files with 60 additions and 14 deletions

View file

@ -48,7 +48,10 @@ abstract class Request
$this->user_agent = 'SnappyMail/' . APP_VERSION;
}
public function setAuth(int $type, string $user, string $pass) : void
public function setAuth(int $type, string $user,
#[\SensitiveParameter]
string $pass
) : void
{
$this->auth = [
'type' => $type,

View file

@ -84,7 +84,10 @@ class GnuPG
/**
* Add a key for decryption
*/
public function addDecryptKey(string $fingerprint, string $passphrase) : bool
public function addDecryptKey(string $fingerprint,
#[\SensitiveParameter]
string $passphrase
) : bool
{
return $this->handler()->adddecryptkey($fingerprint, $passphrase);
}
@ -100,7 +103,10 @@ class GnuPG
/**
* Add a key for signing
*/
public function addSignKey(string $fingerprint, ?string $passphrase) : bool
public function addSignKey(string $fingerprint,
#[\SensitiveParameter]
?string $passphrase
) : bool
{
return $this->handler()->addsignkey($fingerprint, $passphrase);
}
@ -218,7 +224,10 @@ class GnuPG
/**
* Exports a key
*/
public function export(string $fingerprint, string $passphrase = '') /*: string|false*/
public function export(string $fingerprint,
#[\SensitiveParameter]
string $passphrase = ''
) /*: string|false*/
{
if ($passphrase) {
return $this->getGPG()
@ -265,7 +274,10 @@ class GnuPG
/**
* Generates a key
*/
public function generateKey(string $uid, string $passphrase) /*: string|false*/
public function generateKey(string $uid,
#[\SensitiveParameter]
string $passphrase
) /*: string|false*/
{
$GPG = $this->getGPG(false);
return $GPG ? $GPG->generateKey($uid, $passphrase) : false;

View file

@ -136,7 +136,10 @@ class GPG
/**
* Add a key for decryption
*/
public function addDecryptKey(string $fingerprint, string $passphrase) : bool
public function addDecryptKey(string $fingerprint,
#[\SensitiveParameter]
string $passphrase
) : bool
{
$this->decryptKeys[$fingerprint] = $passphrase;
// $this->decryptKeys[\substr($fingerprint, -16)] = $passphrase;
@ -155,7 +158,10 @@ class GPG
/**
* Add a key for signing
*/
public function addSignKey(string $fingerprint, string $passphrase) : bool
public function addSignKey(string $fingerprint,
#[\SensitiveParameter]
string $passphrase
) : bool
{
$this->signKeys[$fingerprint] = $passphrase;
// $this->signKeys[\substr($fingerprint, -16)] = $passphrase;
@ -419,7 +425,10 @@ class GPG
return 0;
}
public function addPassphrase($keyId, $passphrase)
public function addPassphrase($keyId,
#[\SensitiveParameter]
$passphrase
)
{
$this->passphrases[$keyId] = $passphrase;
return $this;

View file

@ -14,7 +14,11 @@ class Cram extends \SnappyMail\SASL
$this->algo = $algo;
}
public function authenticate(string $authcid, string $passphrase, ?string $challenge = null) : string
public function authenticate(string $authcid,
#[\SensitiveParameter]
string $passphrase,
?string $challenge = null
) : string
{
return $this->encode($authcid . ' ' . \hash_hmac($this->algo, $this->decode($challenge), $passphrase));
}

View file

@ -7,7 +7,10 @@ class Login extends \SnappyMail\SASL
protected
$passphrase;
public function authenticate(string $username, string $passphrase, ?string $challenge = null) : string
public function authenticate(string $username,
#[\SensitiveParameter]
string $passphrase,
?string $challenge = null) : string
{
// $challenge should be 'VXNlcm5hbWU6', but broken on some systems
// See https://github.com/the-djmaze/snappymail/issues/693

View file

@ -9,7 +9,11 @@ namespace SnappyMail\SASL;
class OAuthBearer extends \SnappyMail\SASL
{
public function authenticate(string $username, string $passphrase, ?string $authzid = null) : string
public function authenticate(string $username,
#[\SensitiveParameter]
string $passphrase,
?string $authzid = null
) : string
{
return $this->encode("n,a={$username},\x01auth=Bearer {$passphrase}\x01\x01");
}

View file

@ -5,7 +5,10 @@ namespace SnappyMail\SASL;
class Plain extends \SnappyMail\SASL
{
public function authenticate(string $username, string $passphrase, ?string $authzid = null) : string
public function authenticate(string $username,
#[\SensitiveParameter]
string $passphrase,
?string $authzid = null) : string
{
return $this->encode("{$authzid}\x00{$username}\x00{$passphrase}");
}

View file

@ -31,7 +31,11 @@ class Scram extends \SnappyMail\SASL
$this->algo = $algo;
}
public function authenticate(string $authcid, string $passphrase, ?string $authzid = null) : string
public function authenticate(string $authcid,
#[\SensitiveParameter]
string $passphrase,
?string $authzid = null
) : string
{
// SASLprep
$authcid = \str_replace(array('=',','), array('=3D','=2C'), $authcid);

View file

@ -9,7 +9,11 @@ namespace SnappyMail\SASL;
class XOAuth2 extends \SnappyMail\SASL
{
public function authenticate(string $username, string $passphrase, ?string $authzid = null) : string
public function authenticate(string $username,
#[\SensitiveParameter]
string $passphrase,
?string $authzid = null
) : string
{
return $this->encode("user={$username}\x01auth=Bearer {$passphrase}\x01\x01");
}