[MediaWiki-commits] [Gerrit] Validate RSA key input - change (mediawiki...OAuth)

[Aaron Schulz (Code Review)]

Aaron Schulz has submitted this change and it was merged.

Change subject: Validate RSA key input
......................................................................


Validate RSA key input

The value for the 'rsaKey' field is now validated to make sure it is an
actual RSA key.

Change-Id: I7718c657670bfc89c910ac5f0cce55566d7792a9
---
M control/MWOAuthConsumerSubmitControl.php
1 file changed, 17 insertions(+), 2 deletions(-)

Approvals:
  Aaron Schulz: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/control/MWOAuthConsumerSubmitControl.php 
b/control/MWOAuthConsumerSubmitControl.php
index d82de77..698a64b 100644
--- a/control/MWOAuthConsumerSubmitControl.php
+++ b/control/MWOAuthConsumerSubmitControl.php
@@ -39,6 +39,21 @@
        }
 
        protected function getRequiredFields() {
+               $validateRsaKey = function( $s ) {
+                       if ( trim( $s ) === '' ) {
+                               return true;
+                       }
+                       $key = openssl_pkey_get_public( $s );
+                       if ( $key === false ) {
+                               return false;
+                       }
+                       $info = openssl_pkey_get_details( $key );
+                       if ( $info['type'] !== OPENSSL_KEYTYPE_RSA ) {
+                               return false;
+                       }
+                       return true;
+               };
+
                return array(
                        // Proposer (application administrator) actions:
                        'propose'     => array(
@@ -59,7 +74,7 @@
                                        $res = FormatJSON::decode( $s, true );
                                        return is_array( $res ) && 
MWOAuthUtils::restrictionsAreValid( $res );
                                },
-                               'rsaKey'       => '/^.*$/' // @TODO: beef up
+                               'rsaKey'       => $validateRsaKey,
                        ),
                        'update'      => array(
                                'consumerKey'  => '/^[0-9a-f]{32}$/',
@@ -67,7 +82,7 @@
                                        $res = FormatJSON::decode( $s, true );
                                        return is_array( $res ) && 
MWOAuthUtils::restrictionsAreValid( $res );
                                },
-                               'rsaKey'       => '/^.*$/', // @TODO: beef up
+                               'rsaKey'       => $validateRsaKey,
                                'resetSecret'  => function( $s ) { return 
is_bool( $s ); },
                                'reason'       => '/^.{0,255}$/',
                                'changeToken'  => '/^[0-9a-f]{40}$/'

-- 
To view, visit https://gerrit.wikimedia.org/r/80129
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I7718c657670bfc89c910ac5f0cce55566d7792a9
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/OAuth
Gerrit-Branch: master
Gerrit-Owner: Anomie <bjor...@wikimedia.org>
Gerrit-Reviewer: Aaron Schulz <asch...@wikimedia.org>
Gerrit-Reviewer: CSteipp <cste...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits