mirror of
https://we.phorge.it/source/phorge.git
synced 2025-01-20 11:41:08 +01:00
Move computeMailHash() to PhabricatorObjectMailReceiver
Summary: Kick this out of here. Ref T1205. Test Plan: Grep. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T1205 Differential Revision: https://secure.phabricator.com/D5942
This commit is contained in:
parent
bb0a39a48c
commit
5243b0d653
4 changed files with 14 additions and 13 deletions
|
@ -30,9 +30,9 @@ final class PhabricatorMetaMTAReceiveController
|
||||||
throw new Exception(pht("No such task or revision!"));
|
throw new Exception(pht("No such task or revision!"));
|
||||||
}
|
}
|
||||||
|
|
||||||
$hash = PhabricatorMetaMTAReceivedMail::computeMailHash(
|
$hash = PhabricatorObjectMailReceiver::computeMailHash(
|
||||||
$receiver->getMailKey(),
|
$receiver->getMailKey(),
|
||||||
$user->getPHID());
|
$user->getPHID());
|
||||||
|
|
||||||
$header_content['to'] =
|
$header_content['to'] =
|
||||||
$to.'+'.$user->getID().'+'.$hash.'@';
|
$to.'+'.$user->getID().'+'.$hash.'@';
|
||||||
|
|
|
@ -33,5 +33,11 @@ abstract class PhabricatorObjectMailReceiver extends PhabricatorMailReceiver {
|
||||||
return $regexp;
|
return $regexp;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static function computeMailHash($mail_key, $phid) {
|
||||||
|
$global_mail_key = PhabricatorEnv::getEnvConfig('phabricator.mail-key');
|
||||||
|
|
||||||
|
$hash = PhabricatorHash::digest($mail_key.$global_mail_key.$phid);
|
||||||
|
return substr($hash, 0, 16);
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -260,7 +260,7 @@ EOBODY;
|
||||||
// We compute a hash using the object's own PHID to prevent an attacker
|
// We compute a hash using the object's own PHID to prevent an attacker
|
||||||
// from blindly interacting with objects that they haven't ever received
|
// from blindly interacting with objects that they haven't ever received
|
||||||
// mail about by just sending to D1@, D2@, etc...
|
// mail about by just sending to D1@, D2@, etc...
|
||||||
$hash = PhabricatorMetaMTAReceivedMail::computeMailHash(
|
$hash = PhabricatorObjectMailReceiver::computeMailHash(
|
||||||
$receiver->getMailKey(),
|
$receiver->getMailKey(),
|
||||||
$receiver->getPHID());
|
$receiver->getPHID());
|
||||||
|
|
||||||
|
@ -292,7 +292,7 @@ EOBODY;
|
||||||
$receiver = $this->getMailReceiver();
|
$receiver = $this->getMailReceiver();
|
||||||
$receiver_id = $receiver->getID();
|
$receiver_id = $receiver->getID();
|
||||||
$user_id = $user->getID();
|
$user_id = $user->getID();
|
||||||
$hash = PhabricatorMetaMTAReceivedMail::computeMailHash(
|
$hash = PhabricatorObjectMailReceiver::computeMailHash(
|
||||||
$receiver->getMailKey(),
|
$receiver->getMailKey(),
|
||||||
$handle->getPHID());
|
$handle->getPHID());
|
||||||
$domain = $this->getReplyHandlerDomain();
|
$domain = $this->getReplyHandlerDomain();
|
||||||
|
|
|
@ -337,7 +337,9 @@ final class PhabricatorMetaMTAReceivedMail extends PhabricatorMetaMTADAO {
|
||||||
$check_phid = $receiver->getPHID();
|
$check_phid = $receiver->getPHID();
|
||||||
}
|
}
|
||||||
|
|
||||||
$expect_hash = self::computeMailHash($receiver->getMailKey(), $check_phid);
|
$expect_hash = PhabricatorObjectMailReceiver::computeMailHash(
|
||||||
|
$receiver->getMailKey(),
|
||||||
|
$check_phid);
|
||||||
|
|
||||||
if ($expect_hash != $hash) {
|
if ($expect_hash != $hash) {
|
||||||
return $this->setMessage("Invalid mail hash!")->save();
|
return $this->setMessage("Invalid mail hash!")->save();
|
||||||
|
@ -407,13 +409,6 @@ final class PhabricatorMetaMTAReceivedMail extends PhabricatorMetaMTADAO {
|
||||||
return $class_obj->load($receiver_id);
|
return $class_obj->load($receiver_id);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static function computeMailHash($mail_key, $phid) {
|
|
||||||
$global_mail_key = PhabricatorEnv::getEnvConfig('phabricator.mail-key');
|
|
||||||
|
|
||||||
$hash = PhabricatorHash::digest($mail_key.$global_mail_key.$phid);
|
|
||||||
return substr($hash, 0, 16);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Strip an email address down to the actual user@domain.tld part if
|
* Strip an email address down to the actual user@domain.tld part if
|
||||||
* necessary, since sometimes it will have formatting like
|
* necessary, since sometimes it will have formatting like
|
||||||
|
|
Loading…
Reference in a new issue