Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LIMS-1612: Replace uniqid with openssl random pseudo bytes #903

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

LIMS-1612: Replace uniqid with openssl random pseudo bytes #903

wants to merge 7 commits into from
+60 −6

Conversation

RichB-DLS
Copy link
Collaborator

JIRA ticket: LIMS-1612

Summary:
Removal of all usage of php's uniqId as its is known to be cryptographically insecure. Replaced with openssl_pseudo_random_bytes instead.
All uses of uniqId were being passed into md5() so added a common utility fn for that purpose.

Changes:

  • Added a static utility fn in api/src/Utils.php with a corresponding basic test for params.
  • Replaced all uses of uniqId with the new fn

To test:

  • Go to a dataCollection and attempt to download the processing log. Check the the url query contains the token param.

@RichB-DLS RichB-DLS added improvement php Pull requests that update PHP code labels Feb 7, 2025
@RichB-DLS RichB-DLS requested a review from ndg63276 February 7, 2025 15:25
@RichB-DLS RichB-DLS self-assigned this Feb 7, 2025
@gfrn gfrn changed the title Fix/lims 1612/replace uniqid with openssl random pseudo bytes LIMS-1612: Replace uniqid with openssl random pseudo bytes Feb 7, 2025
@ndg63276
Copy link
Collaborator

Sorry to be a pain, but now that #852 has been merged into master, there is another place we should use the new utility function. Can you merge master into this and then check Shipping.php line 3156 (ish)?

@ndg63276 @RichB-DLS
Merge pre-release/2025-R1.2 into master (#904)
f83cec1 
* LIMS-1590: Dont allow name editing for lab contacts when login is set (#887)

* LIMS-1558: Add functionality for SMILES code for any sample (#880)

* LIMS-1490: Use callback URL for incoming dewars via shipping service (#852)

* LIMS-1570: Remove unused app file (#874)

* LIMS-1537: Add more options to reprocessing (#876)

* LIMS-1466: Disable dispatch form validation when using the shipping service (#891)
@RichB-DLS
Copy link
Collaborator Author

No problem. Will have a look now.

ndg63276
ndg63276 approved these changes Feb 12, 2025
View reviewed changes
Copy link
Collaborator

@ndg63276 ndg63276 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ndg63276 ndg63276 ndg63276 approved these changes

Assignees

@RichB-DLS RichB-DLS

Labels
improvement php Pull requests that update PHP code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@RichB-DLS @ndg63276