encode token to prevent bad url

Fix tokenistA DEPRECATED + fix webhook success
2025-04-22 01:16:26 +02:00 · 2025-04-15 15:18:43 +02:00 · 2025-04-15 14:53:04 +02:00
4 changed files with 32 additions and 3 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-v3.9.2
+v3.9.4
--- a/controllers/internals/Tool.php
+++ b/controllers/internals/Tool.php
@ -463,4 +463,28 @@ use BenMorel\GsmCharsetConverter\Converter;
            $converter = new Converter();
            return $converter->cleanUpUtf8String($text, true, '?');
        }
        /**
         * Encode some data into the URL version of Base64 encoding
         * 
         * @param string $data Input data
         * @return string A Base64 (URL-safe) encoded string
         */
        public static function url_base64_encode(string $data): string
        {
            return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
        }
        /**
         * Decode a URL-safe Base64 encoded string
         * 
         * @param string $data Encoded data
         * @return string Decoded original data
         */
        public static function url_base64_decode(string $data): string
        {
            $replaced = strtr($data, '-_', '+/');
            $padded = str_pad($replaced, mb_strlen($replaced) % 4 === 0 ? mb_strlen($replaced) : mb_strlen($replaced) + 4 - mb_strlen($replaced) % 4, '=', STR_PAD_RIGHT);
            return base64_decode($padded);
        }
    }
--- a/controllers/internals/Webhook.php
+++ b/controllers/internals/Webhook.php
@ -115,6 +115,7 @@ class Webhook extends StandardController
            return false;
        }
        $success = false;
        $webhooks = $this->gets_for_type_and_user($id_user, $type);
        foreach ($webhooks as $webhook)
        {
--- a/controllers/publics/Connect.php
+++ b/controllers/publics/Connect.php
@ -11,6 +11,8 @@
 namespace controllers\publics;
 use controllers\internals\Tool;
    /**
     * Page de connexion.
     */
@ -117,8 +119,9 @@ namespace controllers\publics;
            $Tokenista = new \Ingenerator\Tokenista(APP_SECRET);
            $token = $Tokenista->generate(3600, ['id_user' => $user['id']]);
            $encoded_token = Tool::url_base64_encode($token);
-            $reset_link = \descartes\Router::url('Connect', 'reset_password', ['id_user' => $user['id'], 'token' => $token]);
+            $reset_link = \descartes\Router::url('Connect', 'reset_password', ['id_user' => $user['id'], 'token' => $encoded_token]);
            $mailer = new \controllers\internals\Mailer();
            $email_send = $mailer->enqueue($email, EMAIL_RESET_PASSWORD, ['reset_link' => $reset_link]);
@ -139,7 +142,8 @@ namespace controllers\publics;
            $Tokenista = new \Ingenerator\Tokenista(APP_SECRET);
-            if (!$Tokenista->isValid($token, ['id_user' => $id_user]))
+            $decoded_token = Tool::url_base64_decode($token);
            if (!$Tokenista->validate($decoded_token, ['id_user' => $id_user]))
            {
                return $this->render('connect/reset-password-invalid');
            }
Author	SHA1	Message	Date
osaajani	aaa0fe5701	encode token to prevent bad url	2025-04-15 15:18:43 +02:00
osaajani	01f836108d	Fix tokenistA DEPRECATED + fix webhook success	2025-04-15 14:53:04 +02:00