From a13c66aeb1f90734a3336603f5332ed98521eec0 Mon Sep 17 00:00:00 2001
From: Torben Hansen <derhansen@gmail.com>
Date: Mon, 4 Mar 2024 21:36:48 +0100
Subject: [PATCH] [TASK] Throw LogicException in HashService when required
 parameter is empty

The `hmac` function in the `HashService` class should not throw a
custom `EmptyAdditionalSecretException` when the `$additionalSecret`
parameter is an empty string. Instead, a top level exception should
be used, as the issue is caused from incorrect parameter usage by
the  developer.

This change replaces the `EmptyAdditionalSecretException` with a
`LogicException` to better indicate the misuse of the method's
parameters.

Resolves: #103277
Releases: main
Change-Id: Ib6b049ee9c233868684af58ebd0e018bc97ef167
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/83206
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
---
 .../core/Classes/Crypto/HashService.php       |  3 +--
 .../Crypto/EmptyAdditionalSecretException.php | 25 -------------------
 .../Tests/Unit/Crypto/HashServiceTest.php     |  3 +--
 3 files changed, 2 insertions(+), 29 deletions(-)
 delete mode 100644 typo3/sysext/core/Classes/Exception/Crypto/EmptyAdditionalSecretException.php

diff --git a/typo3/sysext/core/Classes/Crypto/HashService.php b/typo3/sysext/core/Classes/Crypto/HashService.php
index c783c9d46bc0..d4716e89b4a0 100644
--- a/typo3/sysext/core/Classes/Crypto/HashService.php
+++ b/typo3/sysext/core/Classes/Crypto/HashService.php
@@ -17,7 +17,6 @@ declare(strict_types=1);
 
 namespace TYPO3\CMS\Core\Crypto;
 
-use TYPO3\CMS\Core\Exception\Crypto\EmptyAdditionalSecretException;
 use TYPO3\CMS\Core\Exception\Crypto\InvalidHashStringException;
 use TYPO3\CMS\Core\SingletonInterface;
 
@@ -35,7 +34,7 @@ final class HashService implements SingletonInterface
     public function hmac(string $input, string $additionalSecret): string
     {
         if ($additionalSecret === '') {
-            throw new EmptyAdditionalSecretException('The ' . __METHOD__ . ' function requires a non-empty additional secret.', 1704453167);
+            throw new \LogicException('The ' . __METHOD__ . ' function requires a non-empty additional secret.', 1704453167);
         }
 
         $secret = $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'] . $additionalSecret;
diff --git a/typo3/sysext/core/Classes/Exception/Crypto/EmptyAdditionalSecretException.php b/typo3/sysext/core/Classes/Exception/Crypto/EmptyAdditionalSecretException.php
deleted file mode 100644
index cd6675f9c406..000000000000
--- a/typo3/sysext/core/Classes/Exception/Crypto/EmptyAdditionalSecretException.php
+++ /dev/null
@@ -1,25 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-/*
- * This file is part of the TYPO3 CMS project.
- *
- * It is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License, either version 2
- * of the License, or any later version.
- *
- * For the full copyright and license information, please read the
- * LICENSE.txt file that was distributed with this source code.
- *
- * The TYPO3 project - inspiring people to share!
- */
-
-namespace TYPO3\CMS\Core\Exception\Crypto;
-
-use TYPO3\CMS\Core\Exception;
-
-/**
- * Exception thrown if Hash::hmac() function has an empty $additionalSecret parameter
- */
-final class EmptyAdditionalSecretException extends Exception {}
diff --git a/typo3/sysext/core/Tests/Unit/Crypto/HashServiceTest.php b/typo3/sysext/core/Tests/Unit/Crypto/HashServiceTest.php
index 073b78eaf868..85bc1172517c 100644
--- a/typo3/sysext/core/Tests/Unit/Crypto/HashServiceTest.php
+++ b/typo3/sysext/core/Tests/Unit/Crypto/HashServiceTest.php
@@ -19,7 +19,6 @@ namespace TYPO3\CMS\Core\Tests\Unit\Crypto;
 
 use PHPUnit\Framework\Attributes\Test;
 use TYPO3\CMS\Core\Crypto\HashService;
-use TYPO3\CMS\Core\Exception\Crypto\EmptyAdditionalSecretException;
 use TYPO3\CMS\Core\Exception\Crypto\InvalidHashStringException;
 use TYPO3\TestingFramework\Core\Unit\UnitTestCase;
 
@@ -37,7 +36,7 @@ final class HashServiceTest extends UnitTestCase
     #[Test]
     public function hmacThrowsExceptionIfEmptyAdditionalSecretProvided(): void
     {
-        $this->expectException(EmptyAdditionalSecretException::class);
+        $this->expectException(\LogicException::class);
 
         // @phpstan-ignore-next-line We are explicitly testing a contract violation here.
         $this->subject->hmac('message', '');
-- 
GitLab