bitPickups/friendica_2021.01_tupambae_shared_hosting
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #8500 from lynn-stephenson/develop

Browse source 
Fix Password Reset Token Security
This commit is contained in:
Hypolite Petovan 2020-04-05 08:15:31 -04:00 committed by GitHub
parent d44c858320 6cbcea1aac
commit 594db70a72
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
mod/lostpass.php
View file

@ -41,10 +41,10 @@ function lostpass_post(App $a)
DI::baseUrl()->redirect(); DI::baseUrl()->redirect();
} }
$pwdreset_token = Strings::getRandomName(12) . random_int(1000, 9999); $pwdreset_token = Strings::getRandomHex(32);
$fields = [ $fields = [
'pwdreset' => $pwdreset_token, 'pwdreset' => hash('sha256', $pwdreset_token),
'pwdreset_time' => DateTimeFormat::utcNow() 'pwdreset_time' => DateTimeFormat::utcNow()
]; ];
$result = DBA::update('user', $fields, ['uid' => $user['uid']]); $result = DBA::update('user', $fields, ['uid' => $user['uid']]);
@ -95,7 +95,7 @@ function lostpass_content(App $a)
if ($a->argc > 1) { if ($a->argc > 1) {
$pwdreset_token = $a->argv[1]; $pwdreset_token = $a->argv[1];
$user = DBA::selectFirst('user', ['uid', 'username', 'nickname', 'email', 'pwdreset_time', 'language'], ['pwdreset' => $pwdreset_token]); $user = DBA::selectFirst('user', ['uid', 'username', 'nickname', 'email', 'pwdreset_time', 'language'], ['pwdreset' => hash('sha256', $pwdreset_token)]);
if (!DBA::isResult($user)) { if (!DBA::isResult($user)) {
notice(DI::l10n()->t("Request could not be verified. \x28You may have previously submitted it.\x29 Password reset failed.")); notice(DI::l10n()->t("Request could not be verified. \x28You may have previously submitted it.\x29 Password reset failed."));