Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/controller/PhabricatorAuthController.php
Show First 20 Lines • Show All 188 Lines • ▼ Show 20 Lines | if (!$registration_key) { | ||||
return array($account, $provider, $response); | return array($account, $provider, $response); | ||||
} | } | ||||
// We store the digest of the key rather than the key itself to prevent a | // We store the digest of the key rather than the key itself to prevent a | ||||
// theoretical attacker with read-only access to the database from | // theoretical attacker with read-only access to the database from | ||||
// hijacking registration sessions. | // hijacking registration sessions. | ||||
$actual = $account->getProperty('registrationKey'); | $actual = $account->getProperty('registrationKey'); | ||||
$expect = PhabricatorHash::digest($registration_key); | $expect = PhabricatorHash::weakDigest($registration_key); | ||||
if (!phutil_hashes_are_identical($actual, $expect)) { | if (!phutil_hashes_are_identical($actual, $expect)) { | ||||
$response = $this->renderError( | $response = $this->renderError( | ||||
pht( | pht( | ||||
'Your browser submitted a different registration key than the one '. | 'Your browser submitted a different registration key than the one '. | ||||
'associated with this account. You may need to clear your cookies.')); | 'associated with this account. You may need to clear your cookies.')); | ||||
return array($account, $provider, $response); | return array($account, $provider, $response); | ||||
} | } | ||||
▲ Show 20 Lines • Show All 90 Lines • Show Last 20 Lines |