From 38b992ed0fba68627732f3709814d1909afb5a6b Mon Sep 17 00:00:00 2001 From: Huong Nguyen Date: Thu, 5 Sep 2024 11:14:07 +0700 Subject: [PATCH] Fix the hashPassword in General Trait Also, we need to check the value from hashPassword in the BackOffice first before using it --- application/src/Controller/BackOfficeController.php | 7 +++++++ application/src/Traits/GeneralTrait.php | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/application/src/Controller/BackOfficeController.php b/application/src/Controller/BackOfficeController.php index 03e8d56..01c5455 100644 --- a/application/src/Controller/BackOfficeController.php +++ b/application/src/Controller/BackOfficeController.php @@ -69,6 +69,13 @@ public function backOfficeCreateAdmin(string $serverID, Request $request) : Json // 2. Generates and returns token pattern. $newpassword = $this->hashPassword('password', null, true); + if (!$newpassword['token']) { + return new JsonResponse((object) [ + 'errcode' => 'M_INVALID_TOKEN', + 'error' => 'Cannot hash the token.' + ], 400); + } + // New user, or existing user without any associated Tokens. $password = new Password(); $password->setPassword($newpassword['token']); diff --git a/application/src/Traits/GeneralTrait.php b/application/src/Traits/GeneralTrait.php index aa87847..91106b4 100644 --- a/application/src/Traits/GeneralTrait.php +++ b/application/src/Traits/GeneralTrait.php @@ -73,7 +73,7 @@ private function hashPassword(string $extra = null, string $dashedPattern = null $createdTokenPattern = []; $dashedPattern = $dashedPattern ? explode(',', $dashedPattern) : []; for ($i = 0; $i < strlen($string); $i++) { - $randomDashedPosition = count($dashedPattern) > 0 ? (int)$dashedPattern[$i] : (int)rand(1, 10); + $randomDashedPosition = count($dashedPattern) > 0 ? (int)$dashedPattern[$i] : rand(4, 10); if (count($dashedPattern) > 0) { $previousPosition = (int)($previousPosition + $randomDashedPosition); $token = substr_replace($token ?? $string, '-', $previousPosition, 1);