[MediaWiki-commits] [Gerrit] Validate RSA key input - change (mediawiki...OAuth)

Anomie (Code Review) Tue, 20 Aug 2013 13:10:43 -0700

Anomie has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/80129



Change subject: Validate RSA key input
......................................................................

Validate RSA key input

The value for the 'rsaKey' field is now validated to make sure it is an
actual RSA key.

Change-Id: I7718c657670bfc89c910ac5f0cce55566d7792a9
---
M control/MWOAuthConsumerSubmitControl.php
1 file changed, 17 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OAuth 
refs/changes/29/80129/1

diff --git a/control/MWOAuthConsumerSubmitControl.php 
b/control/MWOAuthConsumerSubmitControl.php
index d82de77..698a64b 100644
--- a/control/MWOAuthConsumerSubmitControl.php
+++ b/control/MWOAuthConsumerSubmitControl.php
@@ -39,6 +39,21 @@
        }
 
        protected function getRequiredFields() {
+               $validateRsaKey = function( $s ) {
+                       if ( trim( $s ) === '' ) {
+                               return true;
+                       }
+                       $key = openssl_pkey_get_public( $s );
+                       if ( $key === false ) {
+                               return false;
+                       }
+                       $info = openssl_pkey_get_details( $key );
+                       if ( $info['type'] !== OPENSSL_KEYTYPE_RSA ) {
+                               return false;
+                       }
+                       return true;
+               };
+
                return array(
                        // Proposer (application administrator) actions:
                        'propose'     => array(
@@ -59,7 +74,7 @@
                                        $res = FormatJSON::decode( $s, true );
                                        return is_array( $res ) && 
MWOAuthUtils::restrictionsAreValid( $res );
                                },
-                               'rsaKey'       => '/^.*$/' // @TODO: beef up
+                               'rsaKey'       => $validateRsaKey,
                        ),
                        'update'      => array(
                                'consumerKey'  => '/^[0-9a-f]{32}$/',
@@ -67,7 +82,7 @@
                                        $res = FormatJSON::decode( $s, true );
                                        return is_array( $res ) && 
MWOAuthUtils::restrictionsAreValid( $res );
                                },
-                               'rsaKey'       => '/^.*$/', // @TODO: beef up
+                               'rsaKey'       => $validateRsaKey,
                                'resetSecret'  => function( $s ) { return 
is_bool( $s ); },
                                'reason'       => '/^.{0,255}$/',
                                'changeToken'  => '/^[0-9a-f]{40}$/'

-- 
To view, visit https://gerrit.wikimedia.org/r/80129
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I7718c657670bfc89c910ac5f0cce55566d7792a9
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/OAuth
Gerrit-Branch: master
Gerrit-Owner: Anomie <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Validate RSA key input - change (mediawiki...OAuth)

Reply via email to