mirror of
https://github.com/the-djmaze/snappymail.git
synced 2024-09-20 07:35:55 +08:00
Improved InvalidToken debugging
This commit is contained in:
parent
34a8ff3ce3
commit
ed0223fbb8
|
@ -94,14 +94,15 @@ class ServiceActions
|
|||
throw new Exceptions\ClientException(Notifications::InvalidInputArgument, null, 'Action unknown');
|
||||
}
|
||||
|
||||
$xtoken = $token = Utils::GetCsrfToken();
|
||||
$token = Utils::GetCsrfToken();
|
||||
if (isset($_SERVER['HTTP_X_SM_TOKEN'])) {
|
||||
$xtoken = $_SERVER['HTTP_X_SM_TOKEN'];
|
||||
if ($_SERVER['HTTP_X_SM_TOKEN'] !== $token) {
|
||||
throw new Exceptions\ClientException(Notifications::InvalidToken, null, 'HTTP Token mismatch');
|
||||
}
|
||||
} else if ($this->oHttp->IsPost()) {
|
||||
$xtoken = $_POST['XToken'] ?? '';
|
||||
}
|
||||
if ($xtoken !== $token) {
|
||||
throw new Exceptions\ClientException(Notifications::InvalidToken, null, 'Token mismatch');
|
||||
if (empty($_POST['XToken']) || $_POST['XToken'] !== $token) {
|
||||
throw new Exceptions\ClientException(Notifications::InvalidToken, null, 'XToken Token mismatch');
|
||||
}
|
||||
}
|
||||
|
||||
if ($this->oActions instanceof ActionsAdmin && 0 === \stripos($sAction, 'Admin') && !\in_array($sAction, ['AdminLogin', 'AdminLogout'])) {
|
||||
|
@ -617,9 +618,7 @@ class ServiceActions
|
|||
\header('Content-Type: application/json; charset=utf-8');
|
||||
$this->oHttp->ServerNoCache();
|
||||
try {
|
||||
$sResult = Utils::jsonEncode($this->oActions->AppData($bAdmin));
|
||||
$this->oActions->logWrite($sResult, \LOG_INFO, 'APPDATA');
|
||||
return $sResult;
|
||||
return Utils::jsonEncode($this->oActions->AppData($bAdmin));
|
||||
} catch (\Throwable $oException) {
|
||||
$this->Logger()->WriteExceptionShort($oException);
|
||||
\MailSo\Base\Http::StatusHeader(500);
|
||||
|
|
|
@ -69,9 +69,13 @@ class Utils
|
|||
public static function GetConnectionToken() : string
|
||||
{
|
||||
$oActions = \RainLoop\Api::Actions();
|
||||
$oAccount = $oActions->getAccountFromToken(false) ?: $oActions->getMainAccountFromToken(false);
|
||||
$oAccount = $oActions->getAccountFromToken(false);
|
||||
if ($oAccount) {
|
||||
return $oAccount->Hash();
|
||||
return '2-' . \sha1(APP_SALT.$oAccount->Hash());
|
||||
}
|
||||
$oAccount = $oActions->getMainAccountFromToken(false);
|
||||
if ($oAccount) {
|
||||
return '1-' . \sha1(APP_SALT.$oAccount->Hash());
|
||||
}
|
||||
$sToken = \SnappyMail\Cookies::get(self::CONNECTION_TOKEN);
|
||||
if (!$sToken) {
|
||||
|
@ -83,7 +87,8 @@ class Utils
|
|||
|
||||
public static function GetCsrfToken() : string
|
||||
{
|
||||
return \sha1('Csrf'.APP_SALT.self::GetConnectionToken().'Token'.APP_SALT);
|
||||
return self::GetConnectionToken();
|
||||
// return \sha1('Csrf'.APP_SALT.self::GetConnectionToken().'Token'.APP_SALT);
|
||||
}
|
||||
|
||||
public static function UpdateConnectionToken() : void
|
||||
|
|
Loading…
Reference in a new issue