einundzwanzig/einundzwanzig-app
1
0
Fork 0
mirror of https://github.com/HolgerHatGarKeineNode/einundzwanzig-app.git synced 2026-01-24 12:03:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

🔒 Add manual hex validation for LNURL-Auth parameters k1 and key with improved test coverage

Browse Source
This commit is contained in:
HolgerHatGarKeineNode
2026-01-17 17:25:21 +01:00
parent da43bcf81f
commit 74263a4581
2 changed files with 38 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
tests/Feature/LnurlAuthTest.php
View File

@@ -18,10 +18,30 @@ test('lnurl auth callback validates required parameters', function () {
]);
});
test('lnurl auth callback validates hex format for k1 and key', function () {
// Invalid k1 (not hex)
$response = $this->get(route('auth.ln.callback').'?k1=ZZZZ'.str()->random(60).'&sig='.str()->random(128).'&key='.bin2hex(random_bytes(33)));
$response->assertStatus(400)
->assertJson([
'status' => 'ERROR',
'reason' => 'Invalid request parameters',
]);
// Invalid key (not hex)
$response = $this->get(route('auth.ln.callback').'?k1='.bin2hex(random_bytes(32)).'&sig='.str()->random(128).'&key=ZZZZ'.str()->random(60));
$response->assertStatus(400)
->assertJson([
'status' => 'ERROR',
'reason' => 'Invalid request parameters',
]);
});
test('lnurl auth callback handles signature verification failures', function () {
$k1 = str()->random(64);
$sig = str()->random(128);
$key = str()->random(64);
$k1 = bin2hex(random_bytes(32));
$sig = bin2hex(random_bytes(64));
$key = bin2hex(random_bytes(33));
$response = $this->get(route('auth.ln.callback').'?k1='.$k1.'&sig='.$sig.'&key='.$key);