Simple idea for #1343

This commit is contained in:
the-djmaze 2023-12-03 21:42:30 +01:00
parent c61c3c6ce7
commit cabc652aa2
9 changed files with 60 additions and 14 deletions

View file

@ -48,7 +48,10 @@ abstract class Request
$this->user_agent = 'SnappyMail/' . APP_VERSION; $this->user_agent = 'SnappyMail/' . APP_VERSION;
} }
public function setAuth(int $type, string $user, string $pass) : void public function setAuth(int $type, string $user,
#[\SensitiveParameter]
string $pass
) : void
{ {
$this->auth = [ $this->auth = [
'type' => $type, 'type' => $type,

View file

@ -84,7 +84,10 @@ class GnuPG
/** /**
* Add a key for decryption * Add a key for decryption
*/ */
public function addDecryptKey(string $fingerprint, string $passphrase) : bool public function addDecryptKey(string $fingerprint,
#[\SensitiveParameter]
string $passphrase
) : bool
{ {
return $this->handler()->adddecryptkey($fingerprint, $passphrase); return $this->handler()->adddecryptkey($fingerprint, $passphrase);
} }
@ -100,7 +103,10 @@ class GnuPG
/** /**
* Add a key for signing * Add a key for signing
*/ */
public function addSignKey(string $fingerprint, ?string $passphrase) : bool public function addSignKey(string $fingerprint,
#[\SensitiveParameter]
?string $passphrase
) : bool
{ {
return $this->handler()->addsignkey($fingerprint, $passphrase); return $this->handler()->addsignkey($fingerprint, $passphrase);
} }
@ -218,7 +224,10 @@ class GnuPG
/** /**
* Exports a key * Exports a key
*/ */
public function export(string $fingerprint, string $passphrase = '') /*: string|false*/ public function export(string $fingerprint,
#[\SensitiveParameter]
string $passphrase = ''
) /*: string|false*/
{ {
if ($passphrase) { if ($passphrase) {
return $this->getGPG() return $this->getGPG()
@ -265,7 +274,10 @@ class GnuPG
/** /**
* Generates a key * Generates a key
*/ */
public function generateKey(string $uid, string $passphrase) /*: string|false*/ public function generateKey(string $uid,
#[\SensitiveParameter]
string $passphrase
) /*: string|false*/
{ {
$GPG = $this->getGPG(false); $GPG = $this->getGPG(false);
return $GPG ? $GPG->generateKey($uid, $passphrase) : false; return $GPG ? $GPG->generateKey($uid, $passphrase) : false;

View file

@ -136,7 +136,10 @@ class GPG
/** /**
* Add a key for decryption * Add a key for decryption
*/ */
public function addDecryptKey(string $fingerprint, string $passphrase) : bool public function addDecryptKey(string $fingerprint,
#[\SensitiveParameter]
string $passphrase
) : bool
{ {
$this->decryptKeys[$fingerprint] = $passphrase; $this->decryptKeys[$fingerprint] = $passphrase;
// $this->decryptKeys[\substr($fingerprint, -16)] = $passphrase; // $this->decryptKeys[\substr($fingerprint, -16)] = $passphrase;
@ -155,7 +158,10 @@ class GPG
/** /**
* Add a key for signing * Add a key for signing
*/ */
public function addSignKey(string $fingerprint, string $passphrase) : bool public function addSignKey(string $fingerprint,
#[\SensitiveParameter]
string $passphrase
) : bool
{ {
$this->signKeys[$fingerprint] = $passphrase; $this->signKeys[$fingerprint] = $passphrase;
// $this->signKeys[\substr($fingerprint, -16)] = $passphrase; // $this->signKeys[\substr($fingerprint, -16)] = $passphrase;
@ -419,7 +425,10 @@ class GPG
return 0; return 0;
} }
public function addPassphrase($keyId, $passphrase) public function addPassphrase($keyId,
#[\SensitiveParameter]
$passphrase
)
{ {
$this->passphrases[$keyId] = $passphrase; $this->passphrases[$keyId] = $passphrase;
return $this; return $this;

View file

@ -14,7 +14,11 @@ class Cram extends \SnappyMail\SASL
$this->algo = $algo; $this->algo = $algo;
} }
public function authenticate(string $authcid, string $passphrase, ?string $challenge = null) : string public function authenticate(string $authcid,
#[\SensitiveParameter]
string $passphrase,
?string $challenge = null
) : string
{ {
return $this->encode($authcid . ' ' . \hash_hmac($this->algo, $this->decode($challenge), $passphrase)); return $this->encode($authcid . ' ' . \hash_hmac($this->algo, $this->decode($challenge), $passphrase));
} }

View file

@ -7,7 +7,10 @@ class Login extends \SnappyMail\SASL
protected protected
$passphrase; $passphrase;
public function authenticate(string $username, string $passphrase, ?string $challenge = null) : string public function authenticate(string $username,
#[\SensitiveParameter]
string $passphrase,
?string $challenge = null) : string
{ {
// $challenge should be 'VXNlcm5hbWU6', but broken on some systems // $challenge should be 'VXNlcm5hbWU6', but broken on some systems
// See https://github.com/the-djmaze/snappymail/issues/693 // See https://github.com/the-djmaze/snappymail/issues/693

View file

@ -9,7 +9,11 @@ namespace SnappyMail\SASL;
class OAuthBearer extends \SnappyMail\SASL class OAuthBearer extends \SnappyMail\SASL
{ {
public function authenticate(string $username, string $passphrase, ?string $authzid = null) : string public function authenticate(string $username,
#[\SensitiveParameter]
string $passphrase,
?string $authzid = null
) : string
{ {
return $this->encode("n,a={$username},\x01auth=Bearer {$passphrase}\x01\x01"); return $this->encode("n,a={$username},\x01auth=Bearer {$passphrase}\x01\x01");
} }

View file

@ -5,7 +5,10 @@ namespace SnappyMail\SASL;
class Plain extends \SnappyMail\SASL class Plain extends \SnappyMail\SASL
{ {
public function authenticate(string $username, string $passphrase, ?string $authzid = null) : string public function authenticate(string $username,
#[\SensitiveParameter]
string $passphrase,
?string $authzid = null) : string
{ {
return $this->encode("{$authzid}\x00{$username}\x00{$passphrase}"); return $this->encode("{$authzid}\x00{$username}\x00{$passphrase}");
} }

View file

@ -31,7 +31,11 @@ class Scram extends \SnappyMail\SASL
$this->algo = $algo; $this->algo = $algo;
} }
public function authenticate(string $authcid, string $passphrase, ?string $authzid = null) : string public function authenticate(string $authcid,
#[\SensitiveParameter]
string $passphrase,
?string $authzid = null
) : string
{ {
// SASLprep // SASLprep
$authcid = \str_replace(array('=',','), array('=3D','=2C'), $authcid); $authcid = \str_replace(array('=',','), array('=3D','=2C'), $authcid);

View file

@ -9,7 +9,11 @@ namespace SnappyMail\SASL;
class XOAuth2 extends \SnappyMail\SASL class XOAuth2 extends \SnappyMail\SASL
{ {
public function authenticate(string $username, string $passphrase, ?string $authzid = null) : string public function authenticate(string $username,
#[\SensitiveParameter]
string $passphrase,
?string $authzid = null
) : string
{ {
return $this->encode("user={$username}\x01auth=Bearer {$passphrase}\x01\x01"); return $this->encode("user={$username}\x01auth=Bearer {$passphrase}\x01\x01");
} }