kenmirrors/firefly-iii
1
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-10-12 15:35:15 +00:00
Code Issues Projects Releases Wiki Activity

Change to safer hash methods.

Browse Source
This commit is contained in:
James Cole
2020-04-11 06:42:21 +02:00
parent 91deb22a3f
commit 6829003f5e
8 changed files with 15 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/Handlers/Events/UserEventHandler.php
View File

@@ -165,7 +165,8 @@ class UserEventHandler
$user = $event->user; $user = $event->user;
$ipAddress = $event->ipAddress; $ipAddress = $event->ipAddress;
$token = app('preferences')->getForUser($user, 'email_change_undo_token', 'invalid'); $token = app('preferences')->getForUser($user, 'email_change_undo_token', 'invalid');
$uri = route('profile.undo-email-change', [$token->data, hash('sha256', $oldEmail)]); $hashed = hash('sha256', sprintf('%s%s', (string) config('app.key'), $oldEmail));
$uri = route('profile.undo-email-change', [$token->data,$hashed]);
try { try {
Mail::to($oldEmail)->send(new UndoEmailChangeMail($newEmail, $oldEmail, $uri, $ipAddress)); Mail::to($oldEmail)->send(new UndoEmailChangeMail($newEmail, $oldEmail, $uri, $ipAddress));
// @codeCoverageIgnoreStart // @codeCoverageIgnoreStart

2
app/Http/Controllers/JavascriptController.php
View File

@@ -126,7 +126,7 @@ class JavascriptController extends Controller
/** @noinspection NullPointerExceptionInspection */ /** @noinspection NullPointerExceptionInspection */
$lang = $pref->data; $lang = $pref->data;
$dateRange = $this->getDateRangeConfig(); $dateRange = $this->getDateRangeConfig();
$uid = substr(hash('sha256', auth()->user()->id . auth()->user()->email), 0, 12); $uid = substr(hash('sha256', sprintf('%s-%s-%s', (string) config('app.key'), auth()->user()->id, auth()->user()->email)), 0, 12);
$data = [ $data = [
'currencyCode' => $currency->code, 'currencyCode' => $currency->code,

2
app/Http/Controllers/ProfileController.php
View File

@@ -555,7 +555,7 @@ class ProfileController extends Controller
/** @var string $match */ /** @var string $match */
$match = null; $match = null;
foreach ($set as $entry) { foreach ($set as $entry) {
$hashed = hash('sha256', $entry->data); $hashed = hash('sha256', sprintf('%s%s', (string) config('app.key'), $entry->data));
if ($hashed === $hash) { if ($hashed === $hash) {
$match = $entry->data; $match = $entry->data;
break; break;

2
app/Repositories/ImportJob/ImportJobRepository.php
View File

@@ -384,7 +384,7 @@ class ImportJobRepository implements ImportJobRepositoryInterface
$attachment = new Attachment; // create Attachment object. $attachment = new Attachment; // create Attachment object.
$attachment->user()->associate($job->user); $attachment->user()->associate($job->user);
$attachment->attachable()->associate($job); $attachment->attachable()->associate($job);
$attachment->md5 = md5($content); $attachment->md5 = substr(hash('sha256', $content), 0, 32); // limit due to DB.
$attachment->filename = $name; $attachment->filename = $name;
$attachment->mime = 'plain/txt'; $attachment->mime = 'plain/txt';
$attachment->size = strlen($content); $attachment->size = strlen($content);

9
app/Services/Password/PwndVerifierV2.php
View File

@@ -58,8 +58,11 @@ class PwndVerifierV2 implements Verifier
$rest = substr($hash, 5); $rest = substr($hash, 5);
$uri = sprintf('https://api.pwnedpasswords.com/range/%s', $prefix); $uri = sprintf('https://api.pwnedpasswords.com/range/%s', $prefix);
$opt = [ $opt = [
'headers' => ['User-Agent' => 'Firefly III v' . config('firefly.version')], 'headers' => [
'timeout' => 5]; 'User-Agent' => 'Firefly III v' . config('firefly.version'),
'Add-Padding' => 'true',
],
'timeout' => 3.1415];
Log::debug(sprintf('hash prefix is %s', $prefix)); Log::debug(sprintf('hash prefix is %s', $prefix));
Log::debug(sprintf('rest is %s', $rest)); Log::debug(sprintf('rest is %s', $rest));
@@ -87,7 +90,7 @@ class PwndVerifierV2 implements Verifier
return true; return true;
} }
Log::debug(sprintf('Could not find %s, return FALSE.', $rest)); Log::debug(sprintf('Found %s, return FALSE.', $rest));
return false; return false;
} }

4
app/Support/CacheProperties.php
View File

@@ -101,8 +101,8 @@ class CacheProperties
{ {
$content = ''; $content = '';
foreach ($this->properties as $property) { foreach ($this->properties as $property) {
$content .= json_encode($property); $content .= json_encode($property, JSON_THROW_ON_ERROR, 512);
} }
$this->hash = substr(sha1($content), 0, 16); $this->hash = substr(hash('sha256', $content), 0, 16);
} }
} }

3
app/Support/Preferences.php
View File

@@ -26,7 +26,6 @@ use Cache;
use Exception; use Exception;
use FireflyIII\Models\Preference; use FireflyIII\Models\Preference;
use FireflyIII\User; use FireflyIII\User;
use Illuminate\Contracts\Auth\Authenticatable;
use Illuminate\Support\Collection; use Illuminate\Support\Collection;
use Log; use Log;
use Session; use Session;
@@ -200,7 +199,7 @@ class Preferences
$lastActivity = implode(',', $lastActivity); $lastActivity = implode(',', $lastActivity);
} }
return md5($lastActivity); return hash('sha256', $lastActivity);
} }
/** /**

2
database/migrations/2016_06_16_000002_create_main_tables.php
View File

@@ -133,7 +133,7 @@ class CreateMainTables extends Migration
$table->integer('user_id', false, true); $table->integer('user_id', false, true);
$table->integer('attachable_id', false, true); $table->integer('attachable_id', false, true);
$table->string('attachable_type', 255); $table->string('attachable_type', 255);
$table->string('md5', 32); $table->string('md5', 128);
$table->string('filename', 1024); $table->string('filename', 1024);
$table->string('title', 1024)->nullable(); $table->string('title', 1024)->nullable();
$table->text('description')->nullable(); $table->text('description')->nullable();