diff options
Diffstat (limited to 'lib/private/Security')
4 files changed, 10 insertions, 13 deletions
diff --git a/lib/private/Security/Hasher.php b/lib/private/Security/Hasher.php index ba661f5a356..722fdab902f 100644 --- a/lib/private/Security/Hasher.php +++ b/lib/private/Security/Hasher.php @@ -106,8 +106,8 @@ class Hasher implements IHasher { // Verify whether it matches a legacy PHPass or SHA1 string $hashLength = \strlen($hash); - if (($hashLength === 60 && password_verify($message . $this->legacySalt, $hash)) || - ($hashLength === 40 && hash_equals($hash, sha1($message)))) { + if (($hashLength === 60 && password_verify($message . $this->legacySalt, $hash)) + || ($hashLength === 40 && hash_equals($hash, sha1($message)))) { $newHash = $this->hash($message); return true; } @@ -115,8 +115,8 @@ class Hasher implements IHasher { // Verify whether it matches a legacy PHPass or SHA1 string // Retry with empty passwordsalt for cases where it was not set $hashLength = \strlen($hash); - if (($hashLength === 60 && password_verify($message, $hash)) || - ($hashLength === 40 && hash_equals($hash, sha1($message)))) { + if (($hashLength === 60 && password_verify($message, $hash)) + || ($hashLength === 40 && hash_equals($hash, sha1($message)))) { $newHash = $this->hash($message); return true; } diff --git a/lib/private/Security/Ip/BruteforceAllowList.php b/lib/private/Security/Ip/BruteforceAllowList.php index cc4f0ceebe5..fb837690a7b 100644 --- a/lib/private/Security/Ip/BruteforceAllowList.php +++ b/lib/private/Security/Ip/BruteforceAllowList.php @@ -36,10 +36,7 @@ class BruteforceAllowList { return false; } - $keys = $this->appConfig->getKeys('bruteForce'); - $keys = array_filter($keys, static fn ($key): bool => str_starts_with($key, 'whitelist_')); - - foreach ($keys as $key) { + foreach ($this->appConfig->searchKeys('bruteForce', 'whitelist_') as $key) { $rangeString = $this->appConfig->getValueString('bruteForce', $key); try { $range = $this->factory->rangeFromString($rangeString); diff --git a/lib/private/Security/Signature/Model/SignedRequest.php b/lib/private/Security/Signature/Model/SignedRequest.php index f30935e83b1..12a43f32bcc 100644 --- a/lib/private/Security/Signature/Model/SignedRequest.php +++ b/lib/private/Security/Signature/Model/SignedRequest.php @@ -74,8 +74,8 @@ class SignedRequest implements ISignedRequest, JsonSerializable { */ public function getDigest(): string { if ($this->digest === '') { - $this->digest = $this->digestAlgorithm->value . '=' . - base64_encode(hash($this->digestAlgorithm->getHashingAlgorithm(), $this->body, true)); + $this->digest = $this->digestAlgorithm->value . '=' + . base64_encode(hash($this->digestAlgorithm->getHashingAlgorithm(), $this->body, true)); } return $this->digest; } diff --git a/lib/private/Security/VerificationToken/VerificationToken.php b/lib/private/Security/VerificationToken/VerificationToken.php index 1995b482597..89f45180359 100644 --- a/lib/private/Security/VerificationToken/VerificationToken.php +++ b/lib/private/Security/VerificationToken/VerificationToken.php @@ -85,9 +85,9 @@ class VerificationToken implements IVerificationToken { ): string { $token = $this->secureRandom->generate( 21, - ISecureRandom::CHAR_DIGITS . - ISecureRandom::CHAR_LOWER . - ISecureRandom::CHAR_UPPER + ISecureRandom::CHAR_DIGITS + . ISecureRandom::CHAR_LOWER + . ISecureRandom::CHAR_UPPER ); $tokenValue = $this->timeFactory->getTime() . ':' . $token; $encryptedValue = $this->crypto->encrypt($tokenValue, $passwordPrefix . $this->config->getSystemValueString('secret')); |