Filter POST data in Bridge - Accounts Landing

paragonie · Jun 29, 2016 · 75961d9 · 75961d9
1 parent 73520bf
commit 75961d9
Show file tree

Hide file tree

Showing 2 changed files with 162 additions and 12 deletions.
diff --git a/src/Cabin/Bridge/Landing/Account.php b/src/Cabin/Bridge/Landing/Account.php
@@ -8,11 +8,16 @@
     AutoPilot,
     Bolt\Security,
     Gears,
-    Security\AirBrake,
-    Security\HiddenString,
-    Security\Util,
     State
 };
+use \Airship\Engine\Security\{
+    AirBrake,
+    Filter\BoolFilter,
+    Filter\GeneralFilterContainer,
+    Filter\StringFilter,
+    HiddenString,
+    Util
+};
 use \ParagonIE\ConstantTime\Base64UrlSafe;
 use \ParagonIE\GPGMailer\GPGMailer;
 use \ParagonIE\Halite\{
@@ -72,7 +77,7 @@ public function board()
             \Airship\redirect($this->airship_cabin_prefix);
         }
 
-        $post = $this->post();
+        $post = $this->post($this->getBoardFilterContainer());
         if (!empty($post)) {
             // Optional: CAPTCHA enforcement
             if ($this->config('board.captcha')) {
@@ -117,7 +122,7 @@ public function login()
             // You're already logged in!
             \Airship\redirect($this->airship_cabin_prefix);
         }
-        $post = $this->post();
+        $post = $this->post($this->getLoginFilterContainer());
         if (!empty($post)) {
             $this->processLogin($post);
             return;
@@ -161,7 +166,7 @@ public function my()
         if (!empty($account['gpg_public_key'])) {
             $gpg_public_key = $this->getGPGPublicKey($account['gpg_public_key']);
         }
-        $post = $this->post();
+        $post = $this->post($this->getMyAccountFilterContainer());
         if (!empty($post)) {
             $this->processAccountUpdate($post, $account, $gpg_public_key);
             return;
@@ -209,7 +214,11 @@ public function preferences()
 
         }
 
-        $post = $this->post();
+        $filters = $this->getPreferencesFilterContainer(
+            $cabins,
+            $motifs
+        );
+        $post = $this->post($filters);
         if (!empty($post)) {
             if ($this->savePreferences($post['prefs'], $cabins, $motifs)) {
                 $prefs = $post['prefs'];
@@ -262,7 +271,7 @@ public function recoverAccount(string $token = '')
         if (empty($enabled)) {
             \Airship\redirect($this->airship_cabin_prefix);
         }
-        $post = $this->post();
+        $post = $this->post($this->getAccountRecoveryFilterContainer());
         if ($post) {
             if ($this->processRecoverAccount($post)) {
                 \Airship\redirect($this->airship_cabin_prefix . '/login');
@@ -312,7 +321,7 @@ public function twoFactorSetup()
         }
         $this->twoFactorPreamble();
         $userID = $this->getActiveUserId();
-        $post = $this->post();
+        $post = $this->post($this->getTwoFactorFilterContainer());
         if ($post) {
             $this->acct->toggleTwoFactor($userID, $post);
         }
@@ -351,6 +360,51 @@ protected function findMotif(
         return false;
     }
 
+    /**
+     * @return GeneralFilterContainer
+     */
+    protected function getAccountRecoveryFilterContainer(): GeneralFilterContainer
+    {
+        return (new GeneralFilterContainer())
+            ->addFilter(
+                'forgot_passphrase_for',
+                (new StringFilter())
+                    ->addCallback(function ($string) {
+                        if (Util::stringLength($string) < 1) {
+                            throw new \TypeError();
+                        }
+                    })
+            );
+    }
+
+    /**
+     * Get the input filter container for registering
+     *
+     * @return GeneralFilterContainer
+     */
+    protected function getBoardFilterContainer(): GeneralFilterContainer
+    {
+        return (new GeneralFilterContainer())
+            ->addFilter(
+                'username',
+                (new StringFilter())
+                    ->addCallback(function ($string) {
+                        if (Util::stringLength($string) < 1) {
+                            throw new \TypeError();
+                        }
+                    })
+            )
+            ->addFilter(
+                'passphrase',
+                (new StringFilter())
+                    ->addCallback(function ($string) {
+                        if (Util::stringLength($string) < 1) {
+                            throw new \TypeError();
+                        }
+                    })
+            );
+    }
+
     /**
      * Return the public key corresponding to a fingerprint
      *
@@ -369,6 +423,101 @@ protected function getGPGPublicKey(string $fingerprint): string
         }
     }
 
+
+    /**
+     * @return GeneralFilterContainer
+     */
+    protected function getLoginFilterContainer(): GeneralFilterContainer
+    {
+        return (new GeneralFilterContainer())
+            ->addFilter(
+                'username',
+                (new StringFilter())
+                    ->addCallback(function ($string) {
+                        if (Util::stringLength($string) < 1) {
+                            throw new \TypeError();
+                        }
+                    })
+            )
+            ->addFilter(
+                'passphrase',
+                (new StringFilter())
+                    ->addCallback(function ($string) {
+                        if (Util::stringLength($string) < 1) {
+                            throw new \TypeError();
+                        }
+                    })
+            )
+            ->addFilter(
+                'two_factor',
+                (new StringFilter())
+                    ->addCallback(function ($string) {
+                        if (Util::stringLength($string) < 6) {
+                            throw new \TypeError();
+                        } elseif (Util::stringLength($string) > 8) {
+                            throw new \TypeError();
+                        }
+                    })
+            );
+    }
+
+    /**
+     * @return GeneralFilterContainer
+     */
+    protected function getMyAccountFilterContainer(): GeneralFilterContainer
+    {
+        return (new GeneralFilterContainer())
+            ->addFilter('allow_reset', new BoolFilter())
+            ->addFilter('display_name', new StringFilter())
+            ->addFilter('email', new StringFilter())
+            ->addFilter('gpg_public_key', new StringFilter())
+            ->addFilter('passphrase', new StringFilter())
+            ->addFilter('publicprofile', new BoolFilter())
+            ->addFilter('real_name', new StringFilter());
+    }
+
+    /**
+     * Get the filter container for the Preferences form
+     *
+     * @param string[] $cabinNamespaces
+     * @param array $motifs
+     * @return GeneralFilterContainer
+     */
+    protected function getPreferencesFilterContainer(
+        array $cabinNamespaces = [],
+        array $motifs = []
+    ): GeneralFilterContainer {
+        $filterContainer = new GeneralFilterContainer();
+        foreach ($cabinNamespaces as $cabin) {
+            $activeCabin = $motifs[$cabin];
+            $filterContainer->addFilter(
+                'prefs.motif.' . $cabin,
+                (new StringFilter())->addCallback(
+                    function ($selected) use ($cabin, $activeCabin): string {
+                        foreach ($activeCabin as $cabinConfig) {
+                            if ($selected === $cabinConfig['path']) {
+                                return $selected;
+                            }
+                        }
+                        return '';
+                    }
+                )
+            );
+        }
+        return $filterContainer;
+    }
+
+    /**
+     * @return GeneralFilterContainer
+     */
+    protected function getTwoFactorFilterContainer(): GeneralFilterContainer
+    {
+        return (new GeneralFilterContainer())
+            ->addFilter('enable_2factor', new BoolFilter())
+            ->addFilter('reset_secret', new BoolFilter())
+        ;
+    }
+
     /**
      * Process a user account update
      *

diff --git a/src/Engine/Landing.php b/src/Engine/Landing.php
@@ -13,9 +13,10 @@
     Security as SecurityBolt
 };
 use \Airship\Engine\Contract\DBInterface;
-use \Airship\Engine\Security\CSRF;
-use Airship\Engine\Security\Filter\GeneralFilterContainer;
-use Airship\Engine\Security\Filter\InputFilterContainer;
+use \Airship\Engine\Security\{
+    CSRF,
+    Filter\InputFilterContainer
+};
 use \ParagonIE\CSPBuilder\CSPBuilder;
 use \ParagonIE\Halite\{
     Alerts\InvalidType,