From 01f836108d643018025a14777c97d32a733a7434 Mon Sep 17 00:00:00 2001 From: osaajani <> Date: Tue, 15 Apr 2025 14:53:04 +0200 Subject: [PATCH 1/2] Fix tokenistA DEPRECATED + fix webhook success --- VERSION | 2 +- controllers/internals/Webhook.php | 1 + controllers/publics/Connect.php | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/VERSION b/VERSION index d446e59..6282b70 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -v3.9.2 +v3.9.3 diff --git a/controllers/internals/Webhook.php b/controllers/internals/Webhook.php index fc9cd24..9ea723f 100644 --- a/controllers/internals/Webhook.php +++ b/controllers/internals/Webhook.php @@ -115,6 +115,7 @@ class Webhook extends StandardController return false; } + $success = false; $webhooks = $this->gets_for_type_and_user($id_user, $type); foreach ($webhooks as $webhook) { diff --git a/controllers/publics/Connect.php b/controllers/publics/Connect.php index d254b97..c97d6f2 100644 --- a/controllers/publics/Connect.php +++ b/controllers/publics/Connect.php @@ -139,7 +139,7 @@ namespace controllers\publics; $Tokenista = new \Ingenerator\Tokenista(APP_SECRET); - if (!$Tokenista->isValid($token, ['id_user' => $id_user])) + if (!$Tokenista->validate($token, ['id_user' => $id_user])) { return $this->render('connect/reset-password-invalid'); } From aaa0fe57011a72788727d43ef9c7c2d9ed1e9df6 Mon Sep 17 00:00:00 2001 From: osaajani <> Date: Tue, 15 Apr 2025 15:18:43 +0200 Subject: [PATCH 2/2] encode token to prevent bad url --- VERSION | 2 +- controllers/internals/Tool.php | 24 ++++++++++++++++++++++++ controllers/publics/Connect.php | 8 ++++++-- 3 files changed, 31 insertions(+), 3 deletions(-) diff --git a/VERSION b/VERSION index 6282b70..022a812 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -v3.9.3 +v3.9.4 diff --git a/controllers/internals/Tool.php b/controllers/internals/Tool.php index 246507a..c0f6e73 100644 --- a/controllers/internals/Tool.php +++ b/controllers/internals/Tool.php @@ -463,4 +463,28 @@ use BenMorel\GsmCharsetConverter\Converter; $converter = new Converter(); return $converter->cleanUpUtf8String($text, true, '?'); } + + /** + * Encode some data into the URL version of Base64 encoding + * + * @param string $data Input data + * @return string A Base64 (URL-safe) encoded string + */ + public static function url_base64_encode(string $data): string + { + return rtrim(strtr(base64_encode($data), '+/', '-_'), '='); + } + + /** + * Decode a URL-safe Base64 encoded string + * + * @param string $data Encoded data + * @return string Decoded original data + */ + public static function url_base64_decode(string $data): string + { + $replaced = strtr($data, '-_', '+/'); + $padded = str_pad($replaced, mb_strlen($replaced) % 4 === 0 ? mb_strlen($replaced) : mb_strlen($replaced) + 4 - mb_strlen($replaced) % 4, '=', STR_PAD_RIGHT); + return base64_decode($padded); + } } diff --git a/controllers/publics/Connect.php b/controllers/publics/Connect.php index c97d6f2..3884259 100644 --- a/controllers/publics/Connect.php +++ b/controllers/publics/Connect.php @@ -11,6 +11,8 @@ namespace controllers\publics; +use controllers\internals\Tool; + /** * Page de connexion. */ @@ -117,8 +119,9 @@ namespace controllers\publics; $Tokenista = new \Ingenerator\Tokenista(APP_SECRET); $token = $Tokenista->generate(3600, ['id_user' => $user['id']]); + $encoded_token = Tool::url_base64_encode($token); - $reset_link = \descartes\Router::url('Connect', 'reset_password', ['id_user' => $user['id'], 'token' => $token]); + $reset_link = \descartes\Router::url('Connect', 'reset_password', ['id_user' => $user['id'], 'token' => $encoded_token]); $mailer = new \controllers\internals\Mailer(); $email_send = $mailer->enqueue($email, EMAIL_RESET_PASSWORD, ['reset_link' => $reset_link]); @@ -139,7 +142,8 @@ namespace controllers\publics; $Tokenista = new \Ingenerator\Tokenista(APP_SECRET); - if (!$Tokenista->validate($token, ['id_user' => $id_user])) + $decoded_token = Tool::url_base64_decode($token); + if (!$Tokenista->validate($decoded_token, ['id_user' => $id_user])) { return $this->render('connect/reset-password-invalid'); }