mirror of
https://we.phorge.it/source/phorge.git
synced 2025-01-03 11:21:01 +01:00
Move computeMailHash() to PhabricatorObjectMailReceiver
Summary: Kick this out of here. Ref T1205. Test Plan: Grep. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T1205 Differential Revision: https://secure.phabricator.com/D5942
This commit is contained in:
parent
bb0a39a48c
commit
5243b0d653
4 changed files with 14 additions and 13 deletions
|
@ -30,7 +30,7 @@ final class PhabricatorMetaMTAReceiveController
|
|||
throw new Exception(pht("No such task or revision!"));
|
||||
}
|
||||
|
||||
$hash = PhabricatorMetaMTAReceivedMail::computeMailHash(
|
||||
$hash = PhabricatorObjectMailReceiver::computeMailHash(
|
||||
$receiver->getMailKey(),
|
||||
$user->getPHID());
|
||||
|
||||
|
|
|
@ -33,5 +33,11 @@ abstract class PhabricatorObjectMailReceiver extends PhabricatorMailReceiver {
|
|||
return $regexp;
|
||||
}
|
||||
|
||||
public static function computeMailHash($mail_key, $phid) {
|
||||
$global_mail_key = PhabricatorEnv::getEnvConfig('phabricator.mail-key');
|
||||
|
||||
$hash = PhabricatorHash::digest($mail_key.$global_mail_key.$phid);
|
||||
return substr($hash, 0, 16);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -260,7 +260,7 @@ EOBODY;
|
|||
// We compute a hash using the object's own PHID to prevent an attacker
|
||||
// from blindly interacting with objects that they haven't ever received
|
||||
// mail about by just sending to D1@, D2@, etc...
|
||||
$hash = PhabricatorMetaMTAReceivedMail::computeMailHash(
|
||||
$hash = PhabricatorObjectMailReceiver::computeMailHash(
|
||||
$receiver->getMailKey(),
|
||||
$receiver->getPHID());
|
||||
|
||||
|
@ -292,7 +292,7 @@ EOBODY;
|
|||
$receiver = $this->getMailReceiver();
|
||||
$receiver_id = $receiver->getID();
|
||||
$user_id = $user->getID();
|
||||
$hash = PhabricatorMetaMTAReceivedMail::computeMailHash(
|
||||
$hash = PhabricatorObjectMailReceiver::computeMailHash(
|
||||
$receiver->getMailKey(),
|
||||
$handle->getPHID());
|
||||
$domain = $this->getReplyHandlerDomain();
|
||||
|
|
|
@ -337,7 +337,9 @@ final class PhabricatorMetaMTAReceivedMail extends PhabricatorMetaMTADAO {
|
|||
$check_phid = $receiver->getPHID();
|
||||
}
|
||||
|
||||
$expect_hash = self::computeMailHash($receiver->getMailKey(), $check_phid);
|
||||
$expect_hash = PhabricatorObjectMailReceiver::computeMailHash(
|
||||
$receiver->getMailKey(),
|
||||
$check_phid);
|
||||
|
||||
if ($expect_hash != $hash) {
|
||||
return $this->setMessage("Invalid mail hash!")->save();
|
||||
|
@ -407,13 +409,6 @@ final class PhabricatorMetaMTAReceivedMail extends PhabricatorMetaMTADAO {
|
|||
return $class_obj->load($receiver_id);
|
||||
}
|
||||
|
||||
public static function computeMailHash($mail_key, $phid) {
|
||||
$global_mail_key = PhabricatorEnv::getEnvConfig('phabricator.mail-key');
|
||||
|
||||
$hash = PhabricatorHash::digest($mail_key.$global_mail_key.$phid);
|
||||
return substr($hash, 0, 16);
|
||||
}
|
||||
|
||||
/**
|
||||
* Strip an email address down to the actual user@domain.tld part if
|
||||
* necessary, since sometimes it will have formatting like
|
||||
|
|
Loading…
Reference in a new issue