mirror of
https://github.com/phpbb/phpbb.git
synced 2025-06-28 14:18:52 +00:00
[feature/passwords] Move combined hashing methods to manager
This will get rid of the circular dependency between the passwords manager and the passwords helper. The combined_hash_password() method was also slightly changed to allow both the definitions of service names or prefixes for the hash types. PHPBB3-11610
This commit is contained in:
Marc Alexander
parent
08a8bd8e6f
commit
b094c79996
3 changed files with 93 additions and 109 deletions
|
|
@ -14,21 +14,6 @@ namespace phpbb\passwords;
|
||||||
*/
|
*/
|
||||||
class helper
|
class helper
|
||||||
{
|
{
|
||||||
/**
|
|
||||||
* @var phpbb\passwords\manager
|
|
||||||
*/
|
|
||||||
protected $manager;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Set the passwords manager instance
|
|
||||||
*
|
|
||||||
* @param phpbb\passwords\manager $manager Passwords manager object
|
|
||||||
*/
|
|
||||||
public function set_manager(manager $manager)
|
|
||||||
{
|
|
||||||
$this->manager = $manager;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get hash settings from combined hash
|
* Get hash settings from combined hash
|
||||||
*
|
*
|
||||||
|
|
@ -39,7 +24,7 @@ class helper
|
||||||
* password hash or an empty array if hash does not
|
* password hash or an empty array if hash does not
|
||||||
* properly fit the combined hash format
|
* properly fit the combined hash format
|
||||||
*/
|
*/
|
||||||
protected function get_combined_hash_settings($hash)
|
public function get_combined_hash_settings($hash)
|
||||||
{
|
{
|
||||||
$output = array();
|
$output = array();
|
||||||
|
|
||||||
|
|
@ -56,79 +41,6 @@ class helper
|
||||||
return $output;
|
return $output;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Create combined hash from already hashed password
|
|
||||||
*
|
|
||||||
* @param string $password_hash Complete current password hash
|
|
||||||
* @param string $type Type of the hashing algorithm the password hash
|
|
||||||
* should be combined with
|
|
||||||
* @return string|bool Combined password hash if combined hashing was
|
|
||||||
* successful, else false
|
|
||||||
*/
|
|
||||||
public function combined_hash_password($password_hash, $type)
|
|
||||||
{
|
|
||||||
$data = array(
|
|
||||||
'prefix' => '$',
|
|
||||||
'settings' => '$',
|
|
||||||
);
|
|
||||||
$hash_settings = $this->get_combined_hash_settings($password_hash);
|
|
||||||
$hash = $hash_settings[0];
|
|
||||||
|
|
||||||
// Put settings of current hash into data array
|
|
||||||
$stored_hash_type = $this->manager->detect_algorithm($password_hash);
|
|
||||||
$this->combine_hash_output($data, 'prefix', $stored_hash_type->get_prefix());
|
|
||||||
$this->combine_hash_output($data, 'settings', $stored_hash_type->get_settings_only($password_hash));
|
|
||||||
|
|
||||||
// Hash current hash with the defined types
|
|
||||||
foreach ($type as $cur_type)
|
|
||||||
{
|
|
||||||
if (isset($this->manager->algorithms[$cur_type]))
|
|
||||||
{
|
|
||||||
$new_hash_type = $this->manager->algorithms[$cur_type];
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
$new_hash = $new_hash_type->hash(str_replace($stored_hash_type->get_settings_only($password_hash), '', $hash));
|
|
||||||
$this->combine_hash_output($data, 'prefix', $new_hash_type->get_prefix());
|
|
||||||
$this->combine_hash_output($data, 'settings', substr(str_replace('$', '\\', $new_hash_type->get_settings_only($new_hash, true)), 0));
|
|
||||||
$hash = str_replace($new_hash_type->get_settings_only($new_hash), '', $this->obtain_hash_only($new_hash));
|
|
||||||
}
|
|
||||||
return $this->combine_hash_output($data, 'hash', $hash);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Check combined password hash against the supplied password
|
|
||||||
*
|
|
||||||
* @param string $password Password entered by user
|
|
||||||
* @param array $stored_hash_type An array containing the hash types
|
|
||||||
* as described by stored password hash
|
|
||||||
* @param string $hash Stored password hash
|
|
||||||
*
|
|
||||||
* @return bool True if password is correct, false if not
|
|
||||||
*/
|
|
||||||
public function check_combined_hash($password, $stored_hash_type, $hash)
|
|
||||||
{
|
|
||||||
$i = 0;
|
|
||||||
$data = array(
|
|
||||||
'prefix' => '$',
|
|
||||||
'settings' => '$',
|
|
||||||
);
|
|
||||||
$hash_settings = $this->get_combined_hash_settings($hash);
|
|
||||||
foreach ($stored_hash_type as $key => $hash_type)
|
|
||||||
{
|
|
||||||
$rebuilt_hash = $this->rebuild_hash($hash_type->get_prefix(), $hash_settings[$i]);
|
|
||||||
$this->combine_hash_output($data, 'prefix', $key);
|
|
||||||
$this->combine_hash_output($data, 'settings', $hash_settings[$i]);
|
|
||||||
$cur_hash = $hash_type->hash($password, $rebuilt_hash);
|
|
||||||
$password = str_replace($rebuilt_hash, '', $cur_hash);
|
|
||||||
$i++;
|
|
||||||
}
|
|
||||||
return ($hash === $this->combine_hash_output($data, 'hash', $password));
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Combine hash prefixes, settings, and actual hash
|
* Combine hash prefixes, settings, and actual hash
|
||||||
*
|
*
|
||||||
|
|
@ -140,7 +52,7 @@ class helper
|
||||||
* @return string|null Return complete combined hash if type is neither
|
* @return string|null Return complete combined hash if type is neither
|
||||||
* 'prefix' nor 'settings', nothing if it is
|
* 'prefix' nor 'settings', nothing if it is
|
||||||
*/
|
*/
|
||||||
protected function combine_hash_output(&$data, $type, $value)
|
public function combine_hash_output(&$data, $type, $value)
|
||||||
{
|
{
|
||||||
if ($type == 'prefix')
|
if ($type == 'prefix')
|
||||||
{
|
{
|
||||||
|
|
@ -167,7 +79,7 @@ class helper
|
||||||
*
|
*
|
||||||
* @return string Rebuilt hash for hashing functions
|
* @return string Rebuilt hash for hashing functions
|
||||||
*/
|
*/
|
||||||
protected function rebuild_hash($prefix, $settings)
|
public function rebuild_hash($prefix, $settings)
|
||||||
{
|
{
|
||||||
$rebuilt_hash = $prefix;
|
$rebuilt_hash = $prefix;
|
||||||
if (strpos($settings, '\\') !== false)
|
if (strpos($settings, '\\') !== false)
|
||||||
|
|
@ -184,7 +96,7 @@ class helper
|
||||||
* @param string $hash The full password hash
|
* @param string $hash The full password hash
|
||||||
* @return string Actual hash (incl. settings)
|
* @return string Actual hash (incl. settings)
|
||||||
*/
|
*/
|
||||||
protected function obtain_hash_only($hash)
|
public function obtain_hash_only($hash)
|
||||||
{
|
{
|
||||||
return substr($hash, strripos($hash, '$') + 1);
|
return substr($hash, strripos($hash, '$') + 1);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -60,9 +60,9 @@ class manager
|
||||||
public function __construct(\phpbb\config\config $config, $hashing_algorithms, helper $helper, $defaults)
|
public function __construct(\phpbb\config\config $config, $hashing_algorithms, helper $helper, $defaults)
|
||||||
{
|
{
|
||||||
$this->config = $config;
|
$this->config = $config;
|
||||||
|
$this->helper = $helper;
|
||||||
|
|
||||||
$this->fill_type_map($hashing_algorithms);
|
$this->fill_type_map($hashing_algorithms);
|
||||||
$this->load_passwords_helper($helper);
|
|
||||||
$this->register_default_type($defaults);
|
$this->register_default_type($defaults);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -102,20 +102,6 @@ class manager
|
||||||
$this->algorithms = $hashing_algorithms;
|
$this->algorithms = $hashing_algorithms;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Load passwords helper class
|
|
||||||
*
|
|
||||||
* @param phpbb\passwords\helper $helper Passwords helper object
|
|
||||||
*/
|
|
||||||
protected function load_passwords_helper(\phpbb\passwords\helper $helper)
|
|
||||||
{
|
|
||||||
if ($this->helper === null)
|
|
||||||
{
|
|
||||||
$this->helper = $helper;
|
|
||||||
$this->helper->set_manager($this);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the algorithm specified by a specific prefix
|
* Get the algorithm specified by a specific prefix
|
||||||
*
|
*
|
||||||
|
|
@ -216,7 +202,7 @@ class manager
|
||||||
|
|
||||||
if (is_array($type))
|
if (is_array($type))
|
||||||
{
|
{
|
||||||
return $this->helper->combined_hash_password($password, $type);
|
return $this->combined_hash_password($password, $type);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (isset($this->type_map[$type]))
|
if (isset($this->type_map[$type]))
|
||||||
|
|
@ -258,7 +244,7 @@ class manager
|
||||||
// Multiple hash passes needed
|
// Multiple hash passes needed
|
||||||
if (is_array($stored_hash_type))
|
if (is_array($stored_hash_type))
|
||||||
{
|
{
|
||||||
$correct = $this->helper->check_combined_hash($password, $stored_hash_type, $hash);
|
$correct = $this->check_combined_hash($password, $stored_hash_type, $hash);
|
||||||
$this->convert_flag = ($correct === true) ? true : false;
|
$this->convert_flag = ($correct === true) ? true : false;
|
||||||
return $correct;
|
return $correct;
|
||||||
}
|
}
|
||||||
|
|
@ -274,4 +260,82 @@ class manager
|
||||||
|
|
||||||
return $stored_hash_type->check($password, $hash);
|
return $stored_hash_type->check($password, $hash);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Create combined hash from already hashed password
|
||||||
|
*
|
||||||
|
* @param string $password_hash Complete current password hash
|
||||||
|
* @param string $type Type of the hashing algorithm the password hash
|
||||||
|
* should be combined with
|
||||||
|
* @return string|bool Combined password hash if combined hashing was
|
||||||
|
* successful, else false
|
||||||
|
*/
|
||||||
|
public function combined_hash_password($password_hash, $type)
|
||||||
|
{
|
||||||
|
$data = array(
|
||||||
|
'prefix' => '$',
|
||||||
|
'settings' => '$',
|
||||||
|
);
|
||||||
|
$hash_settings = $this->helper->get_combined_hash_settings($password_hash);
|
||||||
|
$hash = $hash_settings[0];
|
||||||
|
|
||||||
|
// Put settings of current hash into data array
|
||||||
|
$stored_hash_type = $this->detect_algorithm($password_hash);
|
||||||
|
$this->helper->combine_hash_output($data, 'prefix', $stored_hash_type->get_prefix());
|
||||||
|
$this->helper->combine_hash_output($data, 'settings', $stored_hash_type->get_settings_only($password_hash));
|
||||||
|
|
||||||
|
// Hash current hash with the defined types
|
||||||
|
foreach ($type as $cur_type)
|
||||||
|
{
|
||||||
|
if (isset($this->algorithms[$cur_type]))
|
||||||
|
{
|
||||||
|
$new_hash_type = $this->algorithms[$cur_type];
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$new_hash_type = $this->get_algorithm($cur_type);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!$new_hash_type)
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
$new_hash = $new_hash_type->hash(str_replace($stored_hash_type->get_settings_only($password_hash), '', $hash));
|
||||||
|
$this->helper->combine_hash_output($data, 'prefix', $new_hash_type->get_prefix());
|
||||||
|
$this->helper->combine_hash_output($data, 'settings', substr(str_replace('$', '\\', $new_hash_type->get_settings_only($new_hash, true)), 0));
|
||||||
|
$hash = str_replace($new_hash_type->get_settings_only($new_hash), '', $this->helper->obtain_hash_only($new_hash));
|
||||||
|
}
|
||||||
|
return $this->helper->combine_hash_output($data, 'hash', $hash);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check combined password hash against the supplied password
|
||||||
|
*
|
||||||
|
* @param string $password Password entered by user
|
||||||
|
* @param array $stored_hash_type An array containing the hash types
|
||||||
|
* as described by stored password hash
|
||||||
|
* @param string $hash Stored password hash
|
||||||
|
*
|
||||||
|
* @return bool True if password is correct, false if not
|
||||||
|
*/
|
||||||
|
public function check_combined_hash($password, $stored_hash_type, $hash)
|
||||||
|
{
|
||||||
|
$i = 0;
|
||||||
|
$data = array(
|
||||||
|
'prefix' => '$',
|
||||||
|
'settings' => '$',
|
||||||
|
);
|
||||||
|
$hash_settings = $this->helper->get_combined_hash_settings($hash);
|
||||||
|
foreach ($stored_hash_type as $key => $hash_type)
|
||||||
|
{
|
||||||
|
$rebuilt_hash = $this->helper->rebuild_hash($hash_type->get_prefix(), $hash_settings[$i]);
|
||||||
|
$this->helper->combine_hash_output($data, 'prefix', $key);
|
||||||
|
$this->helper->combine_hash_output($data, 'settings', $hash_settings[$i]);
|
||||||
|
$cur_hash = $hash_type->hash($password, $rebuilt_hash);
|
||||||
|
$password = str_replace($rebuilt_hash, '', $cur_hash);
|
||||||
|
$i++;
|
||||||
|
}
|
||||||
|
return ($hash === $this->helper->combine_hash_output($data, 'hash', $password));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -198,6 +198,10 @@ class phpbb_passwords_manager_test extends PHPUnit_Framework_TestCase
|
||||||
array('passwords.driver.salted_md5'),
|
array('passwords.driver.salted_md5'),
|
||||||
false,
|
false,
|
||||||
),
|
),
|
||||||
|
array(
|
||||||
|
'$H$',
|
||||||
|
array('$2a$'),
|
||||||
|
),
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
|
@ -229,6 +233,10 @@ class phpbb_passwords_manager_test extends PHPUnit_Framework_TestCase
|
||||||
array('passwords.driver.salted_md4'),
|
array('passwords.driver.salted_md4'),
|
||||||
false,
|
false,
|
||||||
),
|
),
|
||||||
|
array(
|
||||||
|
'$H$',
|
||||||
|
array('$2y$'),
|
||||||
|
),
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue