Fix hash password

0607665b · Camille Simiand · b3c6e2ec · 0607665b · 0607665b · 0607665b
Commit 0607665b authored 3 years ago by Camille Simiand
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -35,4 +35,3 @@ security:

    access_control:
        - { path: ^/(?!register|login|generate-captcha|verify/email|reset-password), roles: ROLE_USER }
+\ No newline at end of file
-        - { path: ^/*/edition, roles: ROLE_EDITOR }
\ No newline at end of file
--- a/public/cookies.txt
+++ b/public/cookies.txt
+# Netscape HTTP Cookie File
+# https://curl.se/docs/http-cookies.html
+# This file was generated by libcurl! Edit at your own risk.
+
--- a/src/Controller/CapsuleController.php
+++ b/src/Controller/CapsuleController.php
@@ -7,7 +7,6 @@ use App\Form\CreateCapsuleFormType;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
-use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
 use Symfony\Component\Routing\Annotation\Route;

 class CapsuleController extends AbstractController
@@ -26,22 +25,20 @@ class CapsuleController extends AbstractController
    /**
     * @Route("/create", name="create_capsule")
     */
-    public function new(Request $request, UserPasswordHasherInterface $password_hasher): Response
+    public function new(Request $request): Response
    {
-        $this->denyAccessUnlessGranted('IS_AUTHENTICATED_REMEMBERED');
-
        $capsule = new Capsule();
        $form = $this->createForm(CreateCapsuleFormType::class, $capsule);
        $form->handleRequest($request);

        if ($form->isSubmitted() && $form->isValid()) {
-//            $capsulePass = $request->request->get('p');
            $new_date_time = new \DateTime();
            $capsule_name = $form->get('name')->getData();
-//            $sanitized_capsule_name = $this->sanitize($capsule_name);
+            $sanitized_capsule_name = $this->sanitize($capsule_name);

-            $preview_link = password_hash($capsule_name, PASSWORD_BCRYPT);
-            $edition_link = $preview_link . '/edition';
+            $hashed_and_salted_access_link = password_hash($sanitized_capsule_name, PASSWORD_BCRYPT);
+            $preview_link = 'preview/' . $hashed_and_salted_access_link;
+            $edition_link = 'edition/' . $hashed_and_salted_access_link;

            $capsule->setName($capsule_name);
            $capsule->setCreationAuthor($this->getUser());
@@ -62,7 +59,6 @@ class CapsuleController extends AbstractController
            ]);
    }

-    // copy of function used by memorekall to calculate real project name !
    public static function sanitize($string, $force_lowercase = true, $anal = false)
    {
        $strip = array("~", "`", "!", "@", "#", "$", "%", "^", "&", "*", "(", ")", "_", "=", "+", "[", "{", "]",