Commit 3fb07ca3 authored by Timothée Jaussoin's avatar Timothée Jaussoin

Validate the existence of the required parameters when setting passwords

parent 065f0d3d
Pipeline #10716 passed with stage
in 16 seconds
......@@ -28,6 +28,10 @@ define("OK_ACCOUNT", "OK_ACCOUNT");
define("MISSING_PHONE_PARAM", "ERROR_PHONE_PARAMETER_NOT_FOUND");
define("MISSING_USERNAME_PARAM", "ERROR_USERNAME_PARAMETER_NOT_FOUND");
define("MISSING_EMAIL_PARAM", "ERROR_EMAIL_PARAMETER_NOT_FOUND");
define("MISSING_OLD_HASH", "ERROR_OLD_HASH_NOT_FOUND");
define("MISSING_NEW_HASH", "ERROR_NEW_HASH_NOT_FOUND");
define("MISSING_MD5_HASH", "ERROR_MD5_HASH_NOT_FOUND");
define("MISSING_SHA256_HASH", "ERROR_SHA256_HASH_NOT_FOUND");
define("EMAIL_UNCHANGED", "ERROR_EMAIL_NEW_SAME_AS_OLD");
/* Parameter not available because already in use */
......
......@@ -42,6 +42,10 @@ function xmlrpc_update_password($method, $args)
if (!check_parameter($username)) {
return MISSING_USERNAME_PARAM;
} elseif (!check_parameter($hashed_old_password, "old password")) {
return MISSING_OLD_HASH;
} elseif (!check_parameter($hashed_new_password, "md5 password")) {
return MISSING_NEW_HASH;
} elseif ($algo == null) {
return ALGO_NOT_SUPPORTED;
}
......@@ -83,6 +87,16 @@ function xmlrpc_update_passwords($method, $args)
$sha256_hashed_password = $args[3];
$domain = get_domain($args[4]);
if (!check_parameter($username)) {
return MISSING_USERNAME_PARAM;
} elseif (!check_parameter($hashed_password, "old password")) {
return MISSING_OLD_HASH;
} elseif (!check_parameter($md5_hashed_password, "md5 password")) {
return MISSING_MD5_HASH;
} elseif (!check_parameter($sha256_hashed_password, "sha256 password")) {
return MISSING_SHA256_HASH;
}
Logger::getInstance()->message("[XMLRPC] xmlrpc_update_passwords(" . $username . ", " . $domain . ")");
$database = new Database();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment