[feature/passwords] Integrate convert_flag with db auth provider

PHPBB3-11610

phpBB/phpbb/auth/provider/db.php

@@ -245,7 +245,7 @@ class db extends \phpbb\auth\provider\base
 		if (!$row['user_pass_convert'] && $this->passwords_manager->check($password, $row['user_password']))
 		{
 			// Check for old password hash...
-			if (strlen($row['user_password']) == 32)
+			if ($this->passwords_manager->convert_flag || strlen($row['user_password']) == 32)
 			{
 				$hash = $this->passwords_manager->hash($password);
 

phpBB/phpbb/passwords/manager.php

@@ -243,7 +243,9 @@ class manager
 		// Multiple hash passes needed
 		if (is_array($stored_hash_type))
 		{
-			return $this->helper->check_combined_hash($password, $stored_hash_type, $hash);
+			$correct = $this->helper->check_combined_hash($password, $stored_hash_type, $hash);
+			$this->convert_flag = ($correct === true) ? true : false;
+			return $correct;
 		}
 
 		if ($stored_hash_type->get_name() !== $this->type)

tests/auth/fixtures/user.xml

@@ -18,6 +18,21 @@
 			<value>1</value>
 			<value>foobar</value>
 			<value>foobar</value>
+			<value>$2y$10$4RmpyVu2y8Yf/lP3.yQBquKvE54TCUuEDEBJYY6FDDFN3LcbCGz9i</value>
+			<value>0</value>
+			<value>0</value>
+			<value>example@example.com</value>
+			<value>0</value>
+			<value>0</value>
+			<value></value>
+			<value></value>
+			<value></value>
+			<value></value>
+		</row>
+		<row>
+			<value>2</value>
+			<value>foobar2</value>
+			<value>foobar2</value>
 			<value>$H$9E45lK6J8nLTSm9oJE5aNCSTFK9wqa/</value>
 			<value>0</value>
 			<value>0</value>

tests/auth/provider_apache_test.php

@@ -94,7 +94,7 @@ class phpbb_auth_provider_apache_test extends phpbb_database_test_case
 			'user_row'		=> array(
 				'user_id' 				=> '1',
 				'username' 				=> 'foobar',
-				'user_password'			=> '$H$9E45lK6J8nLTSm9oJE5aNCSTFK9wqa/',
+				'user_password'			=> '$2y$10$4RmpyVu2y8Yf/lP3.yQBquKvE54TCUuEDEBJYY6FDDFN3LcbCGz9i',
 				'user_passchg' 			=> '0',
 				'user_email' 			=> 'example@example.com',
 				'user_type' 			=> '0',
@@ -130,7 +130,7 @@ class phpbb_auth_provider_apache_test extends phpbb_database_test_case
 			'user_regdate' => '0',
 			'username' => 'foobar',
 			'username_clean' => 'foobar',
-			'user_password' => '$H$9E45lK6J8nLTSm9oJE5aNCSTFK9wqa/',
+			'user_password' => '$2y$10$4RmpyVu2y8Yf/lP3.yQBquKvE54TCUuEDEBJYY6FDDFN3LcbCGz9i',
 			'user_passchg' => '0',
 			'user_pass_convert' => '0',
 			'user_email' => 'example@example.com',

tests/auth/provider_db_test.php

@@ -53,7 +53,7 @@ class phpbb_auth_provider_db_test extends phpbb_database_test_case
 			'user_row'		=> array(
 				'user_id' 				=> '1',
 				'username' 				=> 'foobar',
-				'user_password'			=> '$H$9E45lK6J8nLTSm9oJE5aNCSTFK9wqa/',
+				'user_password'			=> '$2y$10$4RmpyVu2y8Yf/lP3.yQBquKvE54TCUuEDEBJYY6FDDFN3LcbCGz9i',
 				'user_passchg' 			=> '0',
 				'user_pass_convert' 	=> '0',
 				'user_email' 			=> 'example@example.com',
@@ -63,5 +63,10 @@ class phpbb_auth_provider_db_test extends phpbb_database_test_case
 		);
 
 		$this->assertEquals($expected, $provider->login('foobar', 'example'));
+
+		// Check if convert works
+		$login_return = $provider->login('foobar2', 'example');
+		$password_start = (version_compare(PHP_VERSION, '5.3.7', '<')) ? '$2a$10$' : '$2y$10$';
+		$this->assertStringStartsWith($password_start, $login_return['user_row']['user_password']);
 	}
 }