1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-01-20 11:41:08 +01:00

Move computeMailHash() to PhabricatorObjectMailReceiver

Summary: Kick this out of here. Ref T1205.

Test Plan: Grep.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T1205

Differential Revision: https://secure.phabricator.com/D5942
This commit is contained in:
epriestley 2013-05-17 03:49:00 -07:00
parent bb0a39a48c
commit 5243b0d653
4 changed files with 14 additions and 13 deletions

View file

@ -30,9 +30,9 @@ final class PhabricatorMetaMTAReceiveController
throw new Exception(pht("No such task or revision!")); throw new Exception(pht("No such task or revision!"));
} }
$hash = PhabricatorMetaMTAReceivedMail::computeMailHash( $hash = PhabricatorObjectMailReceiver::computeMailHash(
$receiver->getMailKey(), $receiver->getMailKey(),
$user->getPHID()); $user->getPHID());
$header_content['to'] = $header_content['to'] =
$to.'+'.$user->getID().'+'.$hash.'@'; $to.'+'.$user->getID().'+'.$hash.'@';

View file

@ -33,5 +33,11 @@ abstract class PhabricatorObjectMailReceiver extends PhabricatorMailReceiver {
return $regexp; return $regexp;
} }
public static function computeMailHash($mail_key, $phid) {
$global_mail_key = PhabricatorEnv::getEnvConfig('phabricator.mail-key');
$hash = PhabricatorHash::digest($mail_key.$global_mail_key.$phid);
return substr($hash, 0, 16);
}
} }

View file

@ -260,7 +260,7 @@ EOBODY;
// We compute a hash using the object's own PHID to prevent an attacker // We compute a hash using the object's own PHID to prevent an attacker
// from blindly interacting with objects that they haven't ever received // from blindly interacting with objects that they haven't ever received
// mail about by just sending to D1@, D2@, etc... // mail about by just sending to D1@, D2@, etc...
$hash = PhabricatorMetaMTAReceivedMail::computeMailHash( $hash = PhabricatorObjectMailReceiver::computeMailHash(
$receiver->getMailKey(), $receiver->getMailKey(),
$receiver->getPHID()); $receiver->getPHID());
@ -292,7 +292,7 @@ EOBODY;
$receiver = $this->getMailReceiver(); $receiver = $this->getMailReceiver();
$receiver_id = $receiver->getID(); $receiver_id = $receiver->getID();
$user_id = $user->getID(); $user_id = $user->getID();
$hash = PhabricatorMetaMTAReceivedMail::computeMailHash( $hash = PhabricatorObjectMailReceiver::computeMailHash(
$receiver->getMailKey(), $receiver->getMailKey(),
$handle->getPHID()); $handle->getPHID());
$domain = $this->getReplyHandlerDomain(); $domain = $this->getReplyHandlerDomain();

View file

@ -337,7 +337,9 @@ final class PhabricatorMetaMTAReceivedMail extends PhabricatorMetaMTADAO {
$check_phid = $receiver->getPHID(); $check_phid = $receiver->getPHID();
} }
$expect_hash = self::computeMailHash($receiver->getMailKey(), $check_phid); $expect_hash = PhabricatorObjectMailReceiver::computeMailHash(
$receiver->getMailKey(),
$check_phid);
if ($expect_hash != $hash) { if ($expect_hash != $hash) {
return $this->setMessage("Invalid mail hash!")->save(); return $this->setMessage("Invalid mail hash!")->save();
@ -407,13 +409,6 @@ final class PhabricatorMetaMTAReceivedMail extends PhabricatorMetaMTADAO {
return $class_obj->load($receiver_id); return $class_obj->load($receiver_id);
} }
public static function computeMailHash($mail_key, $phid) {
$global_mail_key = PhabricatorEnv::getEnvConfig('phabricator.mail-key');
$hash = PhabricatorHash::digest($mail_key.$global_mail_key.$phid);
return substr($hash, 0, 16);
}
/** /**
* Strip an email address down to the actual user@domain.tld part if * Strip an email address down to the actual user@domain.tld part if
* necessary, since sometimes it will have formatting like * necessary, since sometimes it will have formatting like