From 4540362f42da32d29df59cb3498cd2b6aa7c75bd Mon Sep 17 00:00:00 2001 From: Damodar Lohani Date: Thu, 18 Sep 2025 01:37:19 +0000 Subject: [PATCH] Fix: token hash magic url session --- app/controllers/api/account.php | 6 +++++- app/controllers/api/users.php | 1 + 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php index e354a19b9a..18e2aed277 100644 --- a/app/controllers/api/account.php +++ b/app/controllers/api/account.php @@ -2490,7 +2490,11 @@ App::put('/v1/account/sessions/magic-url') ->inject('queueForEvents') ->inject('queueForMails') ->inject('store') - ->action(fn ($userId, $secret, $request, $response, $user, $dbForProject, $project, $locale, $geodb, $queueForEvents, $queueForMails, $store) => $createSession($userId, $secret, $request, $response, $user, $dbForProject, $project, $locale, $geodb, $queueForEvents, $queueForMails, $store, new ProofsToken(TOKEN_LENGTH_MAGIC_URL))); + ->action(function ($userId, $secret, $request, $response, $user, $dbForProject, $project, $locale, $geodb, $queueForEvents, $queueForMails, $store) use ($createSession) { + $proofForToken = new ProofsToken(TOKEN_LENGTH_MAGIC_URL); + $proofForToken->setHash(new Sha()); + $createSession($userId, $secret, $request, $response, $user, $dbForProject, $project, $locale, $geodb, $queueForEvents, $queueForMails, $store, $proofForToken); + }); App::put('/v1/account/sessions/phone') ->desc('Update phone session') diff --git a/app/controllers/api/users.php b/app/controllers/api/users.php index 8b4967144d..536adcf128 100644 --- a/app/controllers/api/users.php +++ b/app/controllers/api/users.php @@ -2315,6 +2315,7 @@ App::post('/v1/users/:userId/tokens') } $proofForToken = new Token($length); + $proofForToken->setHash(new Sha()); $secret = $proofForToken->generate(); $expire = DateTime::formatTz(DateTime::addSeconds(new \DateTime(), $expire));