From 0607665bfd3da0ca28536a3cb647cf048df8763d Mon Sep 17 00:00:00 2001
From: Camille Simiand <camille.simiand@tetras-libre.fr>
Date: Tue, 28 Dec 2021 17:01:12 +0100
Subject: [PATCH] Fix hash password
---
config/packages/security.yaml | 3 +--
public/cookies.txt | 4 ++++
src/Controller/CapsuleController.php | 14 +++++---------
3 files changed, 10 insertions(+), 11 deletions(-)
create mode 100644 public/cookies.txt
diff --git a/config/packages/security.yaml b/config/packages/security.yaml
index d04ac40..9a6f39d 100644
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -34,5 +34,4 @@ security:
# switch_user: true
access_control:
- - { path: ^/(?!register|login|generate-captcha|verify/email|reset-password), roles: ROLE_USER }
- - { path: ^/*/edition, roles: ROLE_EDITOR }
\ No newline at end of file
+ - { path: ^/(?!register|login|generate-captcha|verify/email|reset-password), roles: ROLE_USER }
\ No newline at end of file
diff --git a/public/cookies.txt b/public/cookies.txt
new file mode 100644
index 0000000..c31d989
--- /dev/null
+++ b/public/cookies.txt
@@ -0,0 +1,4 @@
+# Netscape HTTP Cookie File
+# https://curl.se/docs/http-cookies.html
+# This file was generated by libcurl! Edit at your own risk.
+
diff --git a/src/Controller/CapsuleController.php b/src/Controller/CapsuleController.php
index 0226e8c..654522c 100644
--- a/src/Controller/CapsuleController.php
+++ b/src/Controller/CapsuleController.php
@@ -7,7 +7,6 @@ use App\Form\CreateCapsuleFormType;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
-use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
use Symfony\Component\Routing\Annotation\Route;
class CapsuleController extends AbstractController
@@ -26,22 +25,20 @@ class CapsuleController extends AbstractController
/**
* @Route("/create", name="create_capsule")
*/
- public function new(Request $request, UserPasswordHasherInterface $password_hasher): Response
+ public function new(Request $request): Response
{
- $this->denyAccessUnlessGranted('IS_AUTHENTICATED_REMEMBERED');
-
$capsule = new Capsule();
$form = $this->createForm(CreateCapsuleFormType::class, $capsule);
$form->handleRequest($request);
if ($form->isSubmitted() && $form->isValid()) {
-// $capsulePass = $request->request->get('p');
$new_date_time = new \DateTime();
$capsule_name = $form->get('name')->getData();
-// $sanitized_capsule_name = $this->sanitize($capsule_name);
+ $sanitized_capsule_name = $this->sanitize($capsule_name);
- $preview_link = password_hash($capsule_name, PASSWORD_BCRYPT);
- $edition_link = $preview_link . '/edition';
+ $hashed_and_salted_access_link = password_hash($sanitized_capsule_name, PASSWORD_BCRYPT);
+ $preview_link = 'preview/' . $hashed_and_salted_access_link;
+ $edition_link = 'edition/' . $hashed_and_salted_access_link;
$capsule->setName($capsule_name);
$capsule->setCreationAuthor($this->getUser());
@@ -62,7 +59,6 @@ class CapsuleController extends AbstractController
]);
}
- // copy of function used by memorekall to calculate real project name !
public static function sanitize($string, $force_lowercase = true, $anal = false)
{
$strip = array("~", "`", "!", "@", "#", "$", "%", "^", "&", "*", "(", ")", "_", "=", "+", "[", "{", "]",
--
GitLab