makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[feature/passwords] Inject passwords manager into auth providers

Browse source 
The passwords manager will replace the old method of using the functions
phpbb_hash() and phpbb_check_hash().

PHPBB3-11610
This commit is contained in:
Marc Alexander 2013-10-02 13:28:38 +02:00
parent 61e4c0f251
commit 356f3eef07
6 changed files with 82 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
phpBB/config/auth_providers.yml
View file

@ -10,6 +10,7 @@ services:
arguments: arguments:
- @dbal.conn - @dbal.conn
- @config - @config
- @passwords.manager
- @request - @request
- @user - @user
- %core.root_path% - %core.root_path%
@ -21,6 +22,7 @@ services:
arguments: arguments:
- @dbal.conn - @dbal.conn
- @config - @config
- @passwords.manager
- @request - @request
- @user - @user
- %core.root_path% - %core.root_path%
@ -32,6 +34,7 @@ services:
arguments: arguments:
- @dbal.conn - @dbal.conn
- @config - @config
- @passwords.manager
- @user - @user
tags: tags:
- { name: auth.provider } - { name: auth.provider }

13
phpBB/phpbb/auth/provider/apache.php
View file

@ -24,20 +24,29 @@ if (!defined('IN_PHPBB'))
*/ */
class apache extends \phpbb\auth\provider\base class apache extends \phpbb\auth\provider\base
{ {
/**
* phpBB passwords manager
*
* @var \phpbb\passwords\manager
*/
protected $passwords_manager;
/** /**
* Apache Authentication Constructor * Apache Authentication Constructor
* *
* @param \phpbb\db\driver\driver $db * @param \phpbb\db\driver\driver $db
* @param \phpbb\config\config $config * @param \phpbb\config\config $config
* @param \phpbb\passwords\manager $passwords_manager
* @param \phpbb\request\request $request * @param \phpbb\request\request $request
* @param \phpbb\user $user * @param \phpbb\user $user
* @param string $phpbb_root_path * @param string $phpbb_root_path
* @param string $php_ext * @param string $php_ext
*/ */
public function __construct(\phpbb\db\driver\driver $db, \phpbb\config\config $config, \phpbb\request\request $request, \phpbb\user $user, $phpbb_root_path, $php_ext) public function __construct(\phpbb\db\driver\driver $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\request\request $request, \phpbb\user $user, $phpbb_root_path, $php_ext)
{ {
$this->db = $db; $this->db = $db;
$this->config = $config; $this->config = $config;
$this->passwords_manager = $passwords_manager;
$this->request = $request; $this->request = $request;
$this->user = $user; $this->user = $user;
$this->phpbb_root_path = $phpbb_root_path; $this->phpbb_root_path = $phpbb_root_path;
@ -228,7 +237,7 @@ class apache extends \phpbb\auth\provider\base
// generate user account data // generate user account data
return array( return array(
'username' => $username, 'username' => $username,
'user_password' => phpbb_hash($password), 'user_password' => $this->passwords_manager->hash($password),
'user_email' => '', 'user_email' => '',
'group_id' => (int) $row['group_id'], 'group_id' => (int) $row['group_id'],
'user_type' => USER_NORMAL, 'user_type' => USER_NORMAL,

18
phpBB/phpbb/auth/provider/db.php
View file

@ -26,21 +26,29 @@ if (!defined('IN_PHPBB'))
*/ */
class db extends \phpbb\auth\provider\base class db extends \phpbb\auth\provider\base
{ {
/**
* phpBB passwords manager
*
* @var \phpbb\passwords\manager
*/
protected $passwords_manager;
/** /**
* Database Authentication Constructor * Database Authentication Constructor
* *
* @param \phpbb\db\driver\driver $db * @param \phpbb\db\driver\driver $db
* @param \phpbb\config\config $config * @param \phpbb\config\config $config
* @param \phpbb\passwords\manager $passwords_manager
* @param \phpbb\request\request $request * @param \phpbb\request\request $request
* @param \phpbb\user $user * @param \phpbb\user $user
* @param string $phpbb_root_path * @param string $phpbb_root_path
* @param string $php_ext * @param string $php_ext
*/ */
public function __construct(\phpbb\db\driver\driver $db, \phpbb\config\config $config, \phpbb\request\request $request, \phpbb\user $user, $phpbb_root_path, $php_ext) public function __construct(\phpbb\db\driver\driver $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\request\request $request, \phpbb\user $user, $phpbb_root_path, $php_ext)
{ {
$this->db = $db; $this->db = $db;
$this->config = $config; $this->config = $config;
$this->passwords_manager = $passwords_manager;
$this->request = $request; $this->request = $request;
$this->user = $user; $this->user = $user;
$this->phpbb_root_path = $phpbb_root_path; $this->phpbb_root_path = $phpbb_root_path;
@ -199,10 +207,10 @@ class db extends \phpbb\auth\provider\base
// cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding
// plain md5 support left in for conversions from other systems. // plain md5 support left in for conversions from other systems.
if ((strlen($row['user_password']) == 34 && (phpbb_check_hash(md5($password_old_format), $row['user_password']) || phpbb_check_hash(md5(utf8_to_cp1252($password_old_format)), $row['user_password']))) if ((strlen($row['user_password']) == 34 && ($this->passwords_manager->check(md5($password_old_format), $row['user_password']) || $this->passwords_manager->check(md5(utf8_to_cp1252($password_old_format)), $row['user_password'])))
|| (strlen($row['user_password']) == 32 && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password']))) || (strlen($row['user_password']) == 32 && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password'])))
{ {
$hash = phpbb_hash($password_new_format); $hash = $this->passwords_manager->hash($password_new_format);
// Update the password in the users table to the new format and remove user_pass_convert flag // Update the password in the users table to the new format and remove user_pass_convert flag
$sql = 'UPDATE ' . USERS_TABLE . ' $sql = 'UPDATE ' . USERS_TABLE . '
@ -234,12 +242,12 @@ class db extends \phpbb\auth\provider\base
} }
// Check password ... // Check password ...
if (!$row['user_pass_convert'] && phpbb_check_hash($password, $row['user_password'])) if (!$row['user_pass_convert'] && $this->passwords_manager->check($password, $row['user_password']))
{ {
// Check for old password hash... // Check for old password hash...
if (strlen($row['user_password']) == 32) if (strlen($row['user_password']) == 32)
{ {
$hash = phpbb_hash($password); $hash = $this->passwords_manager->hash($password);
// Update the password in the users table to the new format // Update the password in the users table to the new format
$sql = 'UPDATE ' . USERS_TABLE . " $sql = 'UPDATE ' . USERS_TABLE . "

13
phpBB/phpbb/auth/provider/ldap.php
View file

@ -26,17 +26,26 @@ if (!defined('IN_PHPBB'))
*/ */
class ldap extends \phpbb\auth\provider\base class ldap extends \phpbb\auth\provider\base
{ {
/**
* phpBB passwords manager
*
* @var \phpbb\passwords\manager
*/
protected $passwords_manager;
/** /**
* LDAP Authentication Constructor * LDAP Authentication Constructor
* *
* @param \phpbb\db\driver\driver $db * @param \phpbb\db\driver\driver $db
* @param \phpbb\config\config $config * @param \phpbb\config\config $config
* @param \phpbb\passwords\manager $passwords_manager
* @param \phpbb\user $user * @param \phpbb\user $user
*/ */
public function __construct(\phpbb\db\driver\driver $db, \phpbb\config\config $config, \phpbb\user $user) public function __construct(\phpbb\db\driver\driver $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\user $user)
{ {
$this->db = $db; $this->db = $db;
$this->config = $config; $this->config = $config;
$this->passwords_manager = $passwords_manager;
$this->user = $user; $this->user = $user;
} }
@ -244,7 +253,7 @@ class ldap extends \phpbb\auth\provider\base
// generate user account data // generate user account data
$ldap_user_row = array( $ldap_user_row = array(
'username' => $username, 'username' => $username,
'user_password' => phpbb_hash($password), 'user_password' => $this->passwords_manager->hash($password),
'user_email' => (!empty($this->config['ldap_email'])) ? utf8_htmlspecialchars($ldap_result[0][htmlspecialchars_decode($this->config['ldap_email'])][0]) : '', 'user_email' => (!empty($this->config['ldap_email'])) ? utf8_htmlspecialchars($ldap_result[0][htmlspecialchars_decode($this->config['ldap_email'])][0]) : '',
'group_id' => (int) $row['group_id'], 'group_id' => (int) $row['group_id'],
'user_type' => USER_NORMAL, 'user_type' => USER_NORMAL,

18
tests/auth/provider_apache_test.php
View file

@ -25,8 +25,24 @@ class phpbb_auth_provider_apache_test extends phpbb_database_test_case
$config = new \phpbb\config\config(array()); $config = new \phpbb\config\config(array());
$this->request = $this->getMock('\phpbb\request\request'); $this->request = $this->getMock('\phpbb\request\request');
$this->user = $this->getMock('\phpbb\user'); $this->user = $this->getMock('\phpbb\user');
$driver_helper = new phpbb\passwords\driver\helper($config);
$passwords_drivers = array(
'passwords.driver.bcrypt' => new phpbb\passwords\driver\bcrypt($config, $driver_helper),
'passwords.driver.bcrypt_2y' => new phpbb\passwords\driver\bcrypt_2y($config, $driver_helper),
'passwords.driver.salted_md5' => new phpbb\passwords\driver\salted_md5($config, $driver_helper),
'passwords.driver.phpass' => new phpbb\passwords\driver\phpass($config, $driver_helper),
);
$this->provider = new \phpbb\auth\provider\apache($db, $config, $this->request, $this->user, $phpbb_root_path, $phpEx); foreach ($passwords_drivers as $key => $driver)
{
$driver->set_name($key);
}
$passwords_helper = new phpbb\passwords\helper;
// Set up passwords manager
$passwords_manager = new phpbb\passwords\manager($config, $passwords_drivers, $passwords_helper, 'passwords.driver.bcrypt_2y');
$this->provider = new \phpbb\auth\provider\apache($db, $config, $passwords_manager, $this->request, $this->user, $phpbb_root_path, $phpEx);
} }
public function getDataSet() public function getDataSet()

19
tests/auth/provider_db_test.php
View file

@ -28,7 +28,24 @@ class phpbb_auth_provider_db_test extends phpbb_database_test_case
)); ));
$request = $this->getMock('\phpbb\request\request'); $request = $this->getMock('\phpbb\request\request');
$user = $this->getMock('\phpbb\user'); $user = $this->getMock('\phpbb\user');
$provider = new \phpbb\auth\provider\db($db, $config, $request, $user, $phpbb_root_path, $phpEx); $driver_helper = new phpbb\passwords\driver\helper($config);
$passwords_drivers = array(
'passwords.driver.bcrypt' => new phpbb\passwords\driver\bcrypt($config, $driver_helper),
'passwords.driver.bcrypt_2y' => new phpbb\passwords\driver\bcrypt_2y($config, $driver_helper),
'passwords.driver.salted_md5' => new phpbb\passwords\driver\salted_md5($config, $driver_helper),
'passwords.driver.phpass' => new phpbb\passwords\driver\phpass($config, $driver_helper),
);
foreach ($passwords_drivers as $key => $driver)
{
$driver->set_name($key);
}
$passwords_helper = new phpbb\passwords\helper;
// Set up passwords manager
$passwords_manager = new phpbb\passwords\manager($config, $passwords_drivers, $passwords_helper, 'passwords.driver.bcrypt_2y');
$provider = new \phpbb\auth\provider\db($db, $config, $passwords_manager, $request, $user, $phpbb_root_path, $phpEx);
$expected = array( $expected = array(
'status' => LOGIN_SUCCESS, 'status' => LOGIN_SUCCESS,