tilderadio
/
AzuraCast
mirror of https://github.com/AzuraCast/AzuraCast.git
4
0
Fork 0
Code Issues Releases Wiki Activity

Tag split tokens as sensitive parameters.

This commit is contained in:
Buster Neece 2023-01-12 16:59:01 -06:00
parent 84d25adc3b
commit 03f1f5840a
No known key found for this signature in database
GPG Key ID: F1D2E64A0005E80E
1 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/Security/SplitToken.php
View File

@ -5,6 +5,7 @@ declare(strict_types=1);
namespace App\Security;
use InvalidArgumentException;
use SensitiveParameter;
final class SplitToken
{
@ -19,8 +20,9 @@ final class SplitToken
return hash('sha512', $this->verifier);
}
public function verify(string $hashedVerifier): bool
{
public function verify(
#[SensitiveParameter] string $hashedVerifier
): bool {
return hash_equals($hashedVerifier, $this->hashVerifier());
}
@ -29,8 +31,9 @@ final class SplitToken
return $this->identifier . self::SEPARATOR . $this->verifier;
}
public static function fromKeyString(string $key): self
{
public static function fromKeyString(
#[SensitiveParameter] string $key
): self {
[$identifier, $verifier] = explode(self::SEPARATOR, $key, 2);
if (empty($identifier) || empty($verifier)) {
@ -44,8 +47,9 @@ final class SplitToken
return $token;
}
public static function isValidKeyString(string $key): bool
{
public static function isValidKeyString(
#[SensitiveParameter] string $key
): bool {
return str_contains($key, self::SEPARATOR);
}