Replaced account password verification through "sudo doveadm" with password_verify() call
This commit is contained in:
parent
50f16788f9
commit
1269a40f3f
|
@ -1,5 +1,6 @@
|
|||
<?php
|
||||
namespace App;
|
||||
use App\User;
|
||||
|
||||
class DovecotPw
|
||||
{
|
||||
|
@ -27,32 +28,4 @@ class DovecotPw
|
|||
return $lines[0];
|
||||
}
|
||||
|
||||
public static function Validate($user, $password)
|
||||
{
|
||||
$fp = [];
|
||||
$m = static::$method;
|
||||
$r = static::$rounds;
|
||||
$proc = proc_open( "'sudo' '/usr/bin/doveadm' 'auth' 'test' '-x' 'service=imap' '{$user}'",
|
||||
[0 => ["pipe","r"], 1 => ["pipe", "w"], 2 => ["pipe", "w"]],
|
||||
$fp);
|
||||
|
||||
// write password
|
||||
fwrite($fp[0],$password . "\n");
|
||||
|
||||
// retrieve hash
|
||||
$s = fread($fp[1],512);
|
||||
|
||||
// and only return the parts before the first line end
|
||||
$lines = preg_split("/\r\n|\n|\r/", $s);
|
||||
if(preg_match('/(.*)auth succeeded$/',$lines[0]))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
else
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
|
@ -57,13 +57,6 @@ class AccountPwController extends Controller
|
|||
'newpass' => ['required', 'string',],
|
||||
]);
|
||||
|
||||
// now validate if proper password credentials were sent
|
||||
$validCredentials = DovecotPw::Validate($validatedData['username'],$validatedData['pass']);
|
||||
if(!$validCredentials)
|
||||
{
|
||||
throw new ErrorException("Username/Password do not match");
|
||||
}
|
||||
|
||||
// split account into user and domain
|
||||
$dparts = explode('@',$validatedData['username'],2);
|
||||
$username = $dparts[0];
|
||||
|
@ -71,9 +64,17 @@ class AccountPwController extends Controller
|
|||
|
||||
// retrieve proper account
|
||||
$account = Account::where('username',$username)->where('domain', $domain)->firstOr(function(){
|
||||
throw new ErrorException('Account not found');
|
||||
throw new ErrorException("Username not recognized");
|
||||
});
|
||||
|
||||
// now validate if proper password credentials were sent
|
||||
$hash = preg_replace("/^\{.*?\}/","",$account->password);
|
||||
$validCredentials = password_verify($validatedData['pass'],$hash);
|
||||
if(!$validCredentials)
|
||||
{
|
||||
throw new ErrorException("Username/Password combination not recognized");
|
||||
}
|
||||
|
||||
// Check if password meets policy and set if so
|
||||
|
||||
if(Entropy::Calculate($validatedData['newpass']) < static::MinimumEntropy) {
|
||||
|
|
Loading…
Reference in New Issue
Block a user