From 8b9370c6a956447be304b609eb63d029cb19f2dc Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Thu, 22 Aug 2013 19:21:42 -0500 Subject: [PATCH] [feature/passwords] Define default hashing algorithm in container file The default hashing algorithm type is defined as a parameter in the service definition file for the password hashing system. This will allow us to change this in the future but it will also prevent unexperienced admins from changing the hashing algorithm. PHPBB3-11610 --- phpBB/config/crypto.yml | 11 +++++++++++ phpBB/config/services.yml | 7 ------- phpBB/phpbb/crypto/manager.php | 4 ++-- tests/crypto/manager_test.php | 3 ++- 4 files changed, 15 insertions(+), 10 deletions(-) diff --git a/phpBB/config/crypto.yml b/phpBB/config/crypto.yml index 072995a8a8..2ef942df66 100644 --- a/phpBB/config/crypto.yml +++ b/phpBB/config/crypto.yml @@ -1,3 +1,6 @@ +parameters: + password_hashing.algorithm: crypto.driver.bcrypt_2y + services: crypto.driver.bcrypt: class: phpbb_crypto_driver_bcrypt @@ -41,3 +44,11 @@ services: - @service_container tags: - { name: service_collection, tag: crypto.driver } + + crypto.manager: + class: phpbb_crypto_manager + arguments: + - @config + - @service_container + - @crypto.driver_collection + - %password_hashing.algorithm% diff --git a/phpBB/config/services.yml b/phpBB/config/services.yml index e7c3232fa7..486df3f556 100644 --- a/phpBB/config/services.yml +++ b/phpBB/config/services.yml @@ -122,13 +122,6 @@ services: - @config - @dbal.conn - crypto.manager: - class: phpbb_crypto_manager - arguments: - - @config - - @service_container - - @crypto.driver_collection - dispatcher: class: phpbb_event_dispatcher arguments: diff --git a/phpBB/phpbb/crypto/manager.php b/phpBB/phpbb/crypto/manager.php index 753a86ae84..e314b08865 100644 --- a/phpBB/phpbb/crypto/manager.php +++ b/phpBB/phpbb/crypto/manager.php @@ -58,11 +58,11 @@ class phpbb_crypto_manager * * @param phpbb_config $config phpBB configuration */ - public function __construct($config, $container, $hashing_algorithms) + public function __construct($config, $container, $hashing_algorithms, $default) { $this->config = $config; $this->container = $container; - $this->type = 'crypto.driver.bcrypt_2y'; // might want to make this flexible + $this->type = $default; $this->fill_type_map($hashing_algorithms); $this->load_crypto_helper(); diff --git a/tests/crypto/manager_test.php b/tests/crypto/manager_test.php index ba13c9c8ad..ceeb45b5b8 100644 --- a/tests/crypto/manager_test.php +++ b/tests/crypto/manager_test.php @@ -41,11 +41,12 @@ class phpbb_crypto_manager_test extends PHPUnit_Framework_TestCase foreach ($this->crypto_drivers as $key => $driver) { + $driver->set_name($key); $this->phpbb_container->set($key, $driver); } // Set up avatar manager - $this->manager = new phpbb_crypto_manager($config, $this->phpbb_container, $this->crypto_drivers); + $this->manager = new phpbb_crypto_manager($config, $this->phpbb_container, $this->crypto_drivers, 'crypto.driver.bcrypt_2y'); } public function hash_password_data()