mirror/php-auth
1
0
Fork 0
mirror of https://github.com/delight-im/PHP-Auth.git synced 2025-08-07 08:36:28 +02:00
Code Issues Releases Wiki Activity

Always cast integers from database to 'int' before strict comparisons

Browse Source
This commit is contained in:
Marco
2024-08-16 06:55:59 +02:00
parent 2a37898560
commit e5ccc81988
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/Auth.php
View File

@@ -670,7 +670,7 @@ final class Auth extends UserManager {
// if the user is currently signed in
if ($this->isLoggedIn()) {
// if the user has just confirmed an email address for their own account
if ($this->getUserId() === $confirmationData['user_id']) {
if ($this->getUserId() === ((int) $confirmationData['user_id'])) {
// immediately update the email address in the current session as well
$_SESSION[self::SESSION_FIELD_EMAIL] = $confirmationData['new_email'];
}
@@ -843,7 +843,7 @@ final class Auth extends UserManager {
if (!empty($otpRecord)) {
if (\password_verify($otpValue, $otpRecord['token'])) {
// if the mechanism for this one-time password was time-based (TOTP)
if (!empty($otpRecord['mechanism']) && $otpRecord['mechanism'] === self::TWO_FACTOR_MECHANISM_TOTP) {
if (!empty($otpRecord['mechanism']) && ((int) $otpRecord['mechanism']) === self::TWO_FACTOR_MECHANISM_TOTP) {
// if the one-time password had an expiry time and that time has passed recently
if (isset($otpRecord['expires_at']) && $otpRecord['expires_at'] > (\time() - 60 * 15) && $otpRecord['expires_at'] < \time()) {
// the one-time password was in fact a TOTP value on our denylist to prevent replay attacks
@@ -1312,7 +1312,7 @@ final class Auth extends UserManager {
foreach ($twoFactorMethods as $twoFactorMethod) {
if (!empty($twoFactorMethod) && !empty($twoFactorMethod['mechanism'])) {
// if the specific mechanism requires that we generate a one-time password randomly now
if ($twoFactorMethod['mechanism'] === self::TWO_FACTOR_MECHANISM_SMS || $twoFactorMethod['mechanism'] === self::TWO_FACTOR_MECHANISM_EMAIL) {
if (((int) $twoFactorMethod['mechanism']) === self::TWO_FACTOR_MECHANISM_SMS || ((int) $twoFactorMethod['mechanism']) === self::TWO_FACTOR_MECHANISM_EMAIL) {
if (!$throttled) {
$this->throttle([ 'generateOtp', $userId ], 1, 60 * 5, 2);
$throttled = true;
@@ -1320,10 +1320,10 @@ final class Auth extends UserManager {
$otpValue = $this->generateAndStoreRandomOneTimePassword($userId, $twoFactorMethod['mechanism']);
if ($twoFactorMethod['mechanism'] === self::TWO_FACTOR_MECHANISM_SMS) {
if (((int) $twoFactorMethod['mechanism']) === self::TWO_FACTOR_MECHANISM_SMS) {
$secondFactorRequiredException->addSmsOption($twoFactorMethod['seed'], $otpValue);
}
elseif ($twoFactorMethod['mechanism'] === self::TWO_FACTOR_MECHANISM_EMAIL) {
elseif (((int) $twoFactorMethod['mechanism']) === self::TWO_FACTOR_MECHANISM_EMAIL) {
$secondFactorRequiredException->addEmailOption($twoFactorMethod['seed'], $otpValue);
}
else {
@@ -1331,7 +1331,7 @@ final class Auth extends UserManager {
}
}
// if the specific mechanism mandates that the one-time password is generated on the client side
elseif ($twoFactorMethod['mechanism'] === self::TWO_FACTOR_MECHANISM_TOTP) {
elseif (((int) $twoFactorMethod['mechanism']) === self::TWO_FACTOR_MECHANISM_TOTP) {
$secondFactorRequiredException->addTotpOption();
}
else {