feat: replace sha1 with sha256
This commit is contained in:
parent
5b482f2468
commit
3439917b33
|
|
@ -350,14 +350,14 @@ class AuthController extends Controller
|
|||
throw new PrettyPageException(trans('user.verification.disabled'), 1);
|
||||
}
|
||||
|
||||
abort_unless($request->hasValidSignature(false) && hash_equals((string)$request->route('hash'), sha1($user->email)), 403, trans('auth.verify.invalid'));
|
||||
abort_unless($request->hasValidSignature(false) && hash_equals((string)$request->route('hash'), hash('sha256', $user->email)), 403, trans('auth.verify.invalid'));
|
||||
|
||||
return view('auth.verify');
|
||||
}
|
||||
|
||||
public function handleVerify(Request $request, User $user)
|
||||
{
|
||||
abort_unless($request->hasValidSignature(false) && hash_equals((string)$request->route('hash'), sha1($user->email)), 403, trans('auth.verify.invalid'));
|
||||
abort_unless($request->hasValidSignature(false) && hash_equals((string)$request->route('hash'), hash('sha256', $user->email)), 403, trans('auth.verify.invalid'));
|
||||
|
||||
['email' => $email] = $request->validate(['email' => 'required|email']);
|
||||
|
||||
|
|
|
|||
|
|
@ -157,7 +157,7 @@ class UserController extends Controller
|
|||
return json(trans('user.verification.verified'), 1);
|
||||
}
|
||||
|
||||
$url = URL::temporarySignedRoute('auth.verify', Carbon::now()->addHour(), ['user' => $user, 'hash' => sha1($user->email)], false);
|
||||
$url = URL::temporarySignedRoute('auth.verify', Carbon::now()->addHour(), ['user' => $user, 'hash' => hash('sha256', $user->email)], false);
|
||||
|
||||
try {
|
||||
Mail::to($user->email)->send(new EmailVerification(url($url)));
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ class SendEmailVerification
|
|||
public function handle(User $user)
|
||||
{
|
||||
if (option('require_verification')) {
|
||||
$url = URL::temporarySignedRoute('auth.verify', Carbon::now()->addHour(), ['user' => $user, 'hash' => sha1($user->email)], false);
|
||||
$url = URL::temporarySignedRoute('auth.verify', Carbon::now()->addHour(), ['user' => $user, 'hash' => hash('sha256', $user->email)], false);
|
||||
|
||||
try {
|
||||
Mail::to($user->email)->send(new EmailVerification(url($url)));
|
||||
|
|
|
|||
|
|
@ -724,7 +724,7 @@ class AuthControllerTest extends TestCase
|
|||
|
||||
public function testVerify()
|
||||
{
|
||||
$url = URL::temporarySignedRoute('auth.verify', Carbon::now()->addHour(), ['user' => 1, 'hash' => sha1('a@b.c')], false);
|
||||
$url = URL::temporarySignedRoute('auth.verify', Carbon::now()->addHour(), ['user' => 1, 'hash' => hash('sha256', 'a@b.c')], false);
|
||||
|
||||
// should be forbidden if account verification is disabled
|
||||
option(['require_verification' => false]);
|
||||
|
|
@ -732,17 +732,17 @@ class AuthControllerTest extends TestCase
|
|||
option(['require_verification' => true]);
|
||||
|
||||
// invalid link
|
||||
$this->get(route('auth.verify', ['user' => 1, 'hash' => sha1('a@b.c')]))->assertForbidden();
|
||||
$this->get(route('auth.verify', ['user' => 1, 'hash' => hash('sha256', 'a@b.c')]))->assertForbidden();
|
||||
|
||||
$user = User::factory()->create(['verified' => false]);
|
||||
$url = URL::temporarySignedRoute('auth.verify', Carbon::now()->addHour(), ['user' => $user, 'hash' => sha1($user->email)], false);
|
||||
$url = URL::temporarySignedRoute('auth.verify', Carbon::now()->addHour(), ['user' => $user, 'hash' => hash('sha256', $user->email)], false);
|
||||
$this->get($url)->assertViewIs('auth.verify');
|
||||
}
|
||||
|
||||
public function testHandleVerify()
|
||||
{
|
||||
$user = User::factory()->create(['verified' => false]);
|
||||
$url = URL::temporarySignedRoute('auth.verify', Carbon::now()->addHour(), ['user' => $user, 'hash' => sha1($user->email)], false);
|
||||
$url = URL::temporarySignedRoute('auth.verify', Carbon::now()->addHour(), ['user' => $user, 'hash' => hash('sha256', $user->email)], false);
|
||||
|
||||
// empty email
|
||||
$this->post($url, [], ['Referer' => $url])->assertRedirect($url);
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user