mirror of
https://github.com/elyby/accounts.git
synced 2024-12-26 23:20:18 +05:30
Fixes ACCOUNTS-2. Catch decryption exception for OAuth2 flow
This commit is contained in:
parent
503880615a
commit
2a4f29801d
@ -3,6 +3,9 @@ declare(strict_types=1);
|
||||
|
||||
namespace api\components\OAuth2;
|
||||
|
||||
use LogicException;
|
||||
use RangeException;
|
||||
use SodiumException;
|
||||
use Yii;
|
||||
|
||||
/**
|
||||
@ -20,7 +23,11 @@ trait CryptTrait {
|
||||
}
|
||||
|
||||
protected function decrypt($encryptedData): string {
|
||||
return Yii::$app->tokens->decryptValue($encryptedData);
|
||||
try {
|
||||
return Yii::$app->tokens->decryptValue($encryptedData);
|
||||
} catch (SodiumException | RangeException $e) {
|
||||
throw new LogicException($e->getMessage(), 0, $e);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -107,6 +107,13 @@ class Component extends BaseComponent {
|
||||
return $cipher;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $encryptedValue
|
||||
*
|
||||
* @return string
|
||||
* @throws \SodiumException
|
||||
* @throws \RangeException
|
||||
*/
|
||||
public function decryptValue(string $encryptedValue): string {
|
||||
$decoded = Base64UrlSafe::decode($encryptedValue);
|
||||
Assert::true(mb_strlen($decoded, '8bit') >= (SODIUM_CRYPTO_SECRETBOX_NONCEBYTES + SODIUM_CRYPTO_SECRETBOX_MACBYTES));
|
||||
|
@ -6,12 +6,9 @@ namespace api\components\Tokens;
|
||||
use Lcobucci\JWT\Token;
|
||||
use Yii;
|
||||
|
||||
class TokenReader {
|
||||
final class TokenReader {
|
||||
|
||||
/**
|
||||
* @var Token
|
||||
*/
|
||||
private $token;
|
||||
private Token $token;
|
||||
|
||||
public function __construct(Token $token) {
|
||||
$this->token = $token;
|
||||
@ -55,6 +52,10 @@ class TokenReader {
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* It really might throw an exception but we have not seen any case of such exception yet
|
||||
* @noinspection PhpUnhandledExceptionInspection
|
||||
*/
|
||||
return Yii::$app->tokens->decryptValue($encodedClientToken);
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user