tilderadio
/
AzuraCast
mirror of https://github.com/AzuraCast/AzuraCast.git
4
0
Fork 0
Code Issues Releases Wiki Activity

#2660 -- Add safety checks to API auth process.

This commit is contained in:
Buster "Silver Eagle" Neece 2020-04-17 00:37:52 -05:00
parent 906ce8f8d4
commit a83cdda264
No known key found for this signature in database
GPG Key ID: 6D9E12FF03411F4E
2 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/Entity/ApiKey.php
View File

@ -62,7 +62,7 @@ class ApiKey implements JsonSerializable
* @param User $user
* @param string|null $key An existing API key to import (if one exists).
*/
public function __construct(User $user, $key = null)
public function __construct(User $user, ?string $key = null)
{
$this->user = $user;
@ -115,7 +115,7 @@ class ApiKey implements JsonSerializable
*
* @return bool
*/
public function verify($verifier): bool
public function verify(string $verifier): bool
{
return hash_equals($this->verifier, $this->hashVerifier($verifier));
}

8
src/Entity/Repository/ApiKeyRepository.php
View File

@ -1,8 +1,8 @@
<?php
namespace App\Entity\Repository;
use App\Entity;
use App\Doctrine\Repository;
use App\Entity;
class ApiKeyRepository extends Repository
{
@ -13,10 +13,14 @@ class ApiKeyRepository extends Repository
*
* @return Entity\User|null
*/
public function authenticate($key_string): ?Entity\User
public function authenticate(string $key_string): ?Entity\User
{
[$key_identifier, $key_verifier] = explode(':', $key_string);
if (empty($key_identifier) || empty($key_verifier)) {
throw new \InvalidArgumentException('API key is not in a valid format.');
}
$api_key = $this->repository->find($key_identifier);
if ($api_key instanceof Entity\ApiKey) {