#2660 -- Add safety checks to API auth process.
This commit is contained in:
parent
906ce8f8d4
commit
a83cdda264
|
@ -62,7 +62,7 @@ class ApiKey implements JsonSerializable
|
|||
* @param User $user
|
||||
* @param string|null $key An existing API key to import (if one exists).
|
||||
*/
|
||||
public function __construct(User $user, $key = null)
|
||||
public function __construct(User $user, ?string $key = null)
|
||||
{
|
||||
$this->user = $user;
|
||||
|
||||
|
@ -115,7 +115,7 @@ class ApiKey implements JsonSerializable
|
|||
*
|
||||
* @return bool
|
||||
*/
|
||||
public function verify($verifier): bool
|
||||
public function verify(string $verifier): bool
|
||||
{
|
||||
return hash_equals($this->verifier, $this->hashVerifier($verifier));
|
||||
}
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
<?php
|
||||
namespace App\Entity\Repository;
|
||||
|
||||
use App\Entity;
|
||||
use App\Doctrine\Repository;
|
||||
use App\Entity;
|
||||
|
||||
class ApiKeyRepository extends Repository
|
||||
{
|
||||
|
@ -13,10 +13,14 @@ class ApiKeyRepository extends Repository
|
|||
*
|
||||
* @return Entity\User|null
|
||||
*/
|
||||
public function authenticate($key_string): ?Entity\User
|
||||
public function authenticate(string $key_string): ?Entity\User
|
||||
{
|
||||
[$key_identifier, $key_verifier] = explode(':', $key_string);
|
||||
|
||||
if (empty($key_identifier) || empty($key_verifier)) {
|
||||
throw new \InvalidArgumentException('API key is not in a valid format.');
|
||||
}
|
||||
|
||||
$api_key = $this->repository->find($key_identifier);
|
||||
|
||||
if ($api_key instanceof Entity\ApiKey) {
|
||||
|
|
Loading…
Reference in New Issue