[TASK] Harden \TYPO3\CMS\Extbase\Security\Cryptography\HashService 90/59590/3
authorAlexander Schnitzler <git@alexanderschnitzler.de>
Thu, 31 Jan 2019 17:18:14 +0000 (18:18 +0100)
committerMathias Brodala <mbrodala@pagemachine.de>
Fri, 1 Feb 2019 11:10:21 +0000 (12:10 +0100)
- Use strict type mode
- Use type hints whereever possible

Releases: master
Resolves: #87595
Change-Id: If59546093176c5a7725725aad8e619de70fd43cd
Reviewed-on: https://review.typo3.org/59590
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Felix Döring <Felix.Doering@3m5.de>
Reviewed-by: Mona Muzaffar <mona.muzaffar@gmx.de>
Tested-by: Mona Muzaffar <mona.muzaffar@gmx.de>
Tested-by: TYPO3com <noreply@typo3.com>
Reviewed-by: André Schließer <andy.schliesser@gmail.com>
Tested-by: André Schließer <andy.schliesser@gmail.com>
Reviewed-by: Mathias Brodala <mbrodala@pagemachine.de>
Tested-by: Mathias Brodala <mbrodala@pagemachine.de>
typo3/sysext/core/Documentation/Changelog/master/Important-87603-ClassesUseStrictModeAndScarlarTypeHints.rst
typo3/sysext/extbase/Classes/Security/Cryptography/HashService.php
typo3/sysext/extbase/Tests/Unit/Security/Cryptography/HashServiceTest.php

index 87179c9..16f1f98 100644 (file)
@@ -13,5 +13,6 @@ The following PHP classes now use strict mode
 and their methods will force parameter types with scalar type hints:
 
 - :php:`\TYPO3\CMS\Extbase\Core\Bootstrap`
+- :php:`\TYPO3\CMS\Extbase\Security\Cryptography\HashService`
 
-.. index:: Backend, PHP-API, ext:extbase
\ No newline at end of file
+.. index:: Backend, PHP-API, ext:extbase
index 985917e..7ec19a3 100644 (file)
@@ -1,4 +1,6 @@
 <?php
+declare(strict_types = 1);
+
 namespace TYPO3\CMS\Extbase\Security\Cryptography;
 
 /*
@@ -29,11 +31,8 @@ class HashService implements \TYPO3\CMS\Core\SingletonInterface
      * @return string The hash of the string
      * @throws \TYPO3\CMS\Extbase\Security\Exception\InvalidArgumentForHashGenerationException if something else than a string was given as parameter
      */
-    public function generateHmac($string)
+    public function generateHmac(string $string): string
     {
-        if (!is_string($string)) {
-            throw new \TYPO3\CMS\Extbase\Security\Exception\InvalidArgumentForHashGenerationException('A hash can only be generated for a string, but "' . gettype($string) . '" was given.', 1255069587);
-        }
         $encryptionKey = $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'];
         if (!$encryptionKey) {
             throw new \TYPO3\CMS\Extbase\Security\Exception\InvalidArgumentForHashGenerationException('Encryption Key was empty!', 1255069597);
@@ -49,7 +48,7 @@ class HashService implements \TYPO3\CMS\Core\SingletonInterface
      * @see generateHmac()
      * @todo Mark as API once it is more stable
      */
-    public function appendHmac($string)
+    public function appendHmac(string $string): string
     {
         $hmac = $this->generateHmac($string);
         return $string . $hmac;
@@ -62,7 +61,7 @@ class HashService implements \TYPO3\CMS\Core\SingletonInterface
      * @param string $hmac The hash of the string
      * @return bool TRUE if string and hash fit together, FALSE otherwise.
      */
-    public function validateHmac($string, $hmac)
+    public function validateHmac(string $string, string $hmac): bool
     {
         return hash_equals($this->generateHmac($string), $hmac);
     }
@@ -80,11 +79,8 @@ class HashService implements \TYPO3\CMS\Core\SingletonInterface
      * @throws \TYPO3\CMS\Extbase\Security\Exception\InvalidHashException if the hash did not fit to the data.
      * @todo Mark as API once it is more stable
      */
-    public function validateAndStripHmac($string)
+    public function validateAndStripHmac(string $string): string
     {
-        if (!is_string($string)) {
-            throw new \TYPO3\CMS\Extbase\Security\Exception\InvalidArgumentForHashGenerationException('A hash can only be validated for a string, but "' . gettype($string) . '" was given.', 1320829762);
-        }
         if (strlen($string) < 40) {
             throw new \TYPO3\CMS\Extbase\Security\Exception\InvalidArgumentForHashGenerationException('A hashed string must contain at least 40 characters, the given string was only ' . strlen($string) . ' characters long.', 1320830276);
         }
index 8ea3c6c..7afe0a7 100644 (file)
@@ -64,16 +64,6 @@ class HashServiceTest extends UnitTestCase
     /**
      * @test
      */
-    public function generateHmacThrowsExceptionIfNoStringGiven()
-    {
-        $this->expectException(InvalidArgumentForHashGenerationException::class);
-        $this->expectExceptionCode(1255069587);
-        $this->hashService->generateHmac(null);
-    }
-
-    /**
-     * @test
-     */
     public function generatedHmacCanBeValidatedAgain()
     {
         $string = 'asdf';
@@ -94,16 +84,6 @@ class HashServiceTest extends UnitTestCase
     /**
      * @test
      */
-    public function appendHmacThrowsExceptionIfNoStringGiven()
-    {
-        $this->expectException(InvalidArgumentForHashGenerationException::class);
-        $this->expectExceptionCode(1255069587);
-        $this->hashService->appendHmac(null);
-    }
-
-    /**
-     * @test
-     */
     public function appendHmacAppendsHmacToGivenString()
     {
         $string = 'This is some arbitrary string ';
@@ -114,16 +94,6 @@ class HashServiceTest extends UnitTestCase
     /**
      * @test
      */
-    public function validateAndStripHmacThrowsExceptionIfNoStringGiven()
-    {
-        $this->expectException(InvalidArgumentForHashGenerationException::class);
-        $this->expectExceptionCode(1320829762);
-        $this->hashService->validateAndStripHmac(null);
-    }
-
-    /**
-     * @test
-     */
     public function validateAndStripHmacThrowsExceptionIfGivenStringIsTooShort()
     {
         $this->expectException(InvalidArgumentForHashGenerationException::class);