ReCodEx
diff --git a/‎app/V1Module/security/AccessManager.php‎
Lines changed: 4 additions & 0 deletions b/‎app/V1Module/security/AccessManager.php‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎app/config/config.local.neon.example‎
Lines changed: 1 addition & 1 deletion b/‎app/config/config.local.neon.example‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/config/config.neon‎
Lines changed: 0 additions & 1 deletion b/‎app/config/config.neon‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎composer.json‎
Lines changed: 6 additions & 6 deletions b/‎composer.json‎
Lines changed: 6 additions & 6 deletions
@@ -15,6 +15,7 @@
 use Firebase\JWT\Key;
 use DomainException;
 use UnexpectedValueException;
+use InvalidArgumentException;
 
 class AccessManager
 {
@@ -46,6 +47,9 @@ public function __construct(array $parameters, Users $users)
     {
         $this->users = $users;
         $this->verificationKey = Arrays::get($parameters, "verificationKey");
+        if (!$this->verificationKey || strlen($this->verificationKey) < 32) {
+            throw new InvalidArgumentException("AccessManager verification key is not configured or too short");
+        }
         $this->expiration = Arrays::get($parameters, "expiration", 24 * 60 * 60); // one day in seconds
         $this->invitationExpiration = Arrays::get($parameters, "invitationExpiration", 24 * 60 * 60); // one day in sec
         $this->issuer = Arrays::get($parameters, "issuer", "https://recodex.mff.cuni.cz");
 
@@ -27,7 +27,7 @@ parameters:
     audience: "%webapp.address%"
     expiration: 604800  # 7 days in seconds
     invitationExpiration: 604800  # of an invitation token (7 days in seconds)
-    verificationKey: "recodex-123"	# this should be a really secret string
+    verificationKey: "recodex-123"	# this should be a really secret string and sufficiently long (for HS256, at least 32 characters is required)
     tokenCookieName: 'recodex_accessToken'  # web-app config value 'PERSISTENT_TOKENS_KEY_PREFIX' + '_accessToken', null if only Authorization header is used
 
   broker:
 
@@ -56,7 +56,6 @@ parameters:
     expiration: 86400  # of regular auth tokens (seconds)
     invitationExpiration: 86400  # of an invitation token (seconds)
     usedAlgorithm: HS256
-    verificationKey: "recodex-123"
     tokenCookieName: 'recodex_accessToken'  # web-app config value 'PERSISTENT_TOKENS_KEY_PREFIX' + '_accessToken', null if only Authorization header is used
 
   broker:  # connection to broker
 
@@ -29,17 +29,17 @@
         "php": ">=8.2",
         "bjeavons/zxcvbn-php": "^1.4",
         "contributte/console": "^0.10.0",
-        "firebase/php-jwt": "^6.11",
+        "firebase/php-jwt": "^7.0",
         "forxer/gravatar": "^5.0",
         "guzzlehttp/guzzle": "^7.10",
         "eluceo/ical": "^2.7",
         "ext-yaml": ">=2.0",
         "ext-json": ">=1.7",
         "ext-zip": ">=1.15",
-        "latte/latte": "^3.0",
-        "league/commonmark": "^2.7",
+        "latte/latte": "^3.1",
+        "league/commonmark": "^2.8",
         "limenet/git-version": "v0.1.6",
-        "nelmio/alice": "^3.14",
+        "nelmio/alice": "^3.17",
         "nette/application": "^3.2",
         "nette/bootstrap": "^3.2",
         "nette/caching": "^3.4",
@@ -59,14 +59,14 @@
         "nettrine/migrations": "^0.10",
         "nettrine/orm": "^0.9",
         "ramsey/uuid-doctrine": "^2.0",
-        "symfony/process": "^7.3",
+        "symfony/process": "^7.4",
         "tracy/tracy": "^2.11",
         "zircote/swagger-php": "^5.5"
     },
     "require-dev": {
         "mockery/mockery": "@stable",
         "mikey179/vfsstream": "@stable",
-        "nette/tester": "^2.4",
+        "nette/tester": "^2.6",
         "phpstan/phpstan": "^2.1",
         "phpstan/phpstan-nette": "^2.0",
         "vrana/adminer": "^5.4"