diff options
53 files changed, 1698 insertions, 245 deletions
diff --git a/phpBB/config/auth_providers.yml b/phpBB/config/auth_providers.yml index dac8b9d252..d2f22ec477 100644 --- a/phpBB/config/auth_providers.yml +++ b/phpBB/config/auth_providers.yml @@ -1,8 +1,9 @@ services: auth.provider_collection: - class: phpbb\di\service_collection + class: phpbb\auth\provider_collection arguments: - @service_container + - @config tags: - { name: service_collection, tag: auth.provider } auth.provider.db: diff --git a/phpBB/config/console.yml b/phpBB/config/console.yml index 9b0f0aa9a4..00b8f9cec0 100644 --- a/phpBB/config/console.yml +++ b/phpBB/config/console.yml @@ -75,6 +75,13 @@ services: tags: - { name: console.command } + console.command.dev.migration_tips: + class: phpbb\console\command\dev\migration_tips + arguments: + - @ext.manager + tags: + - { name: console.command } + console.command.extension.disable: class: phpbb\console\command\extension\disable arguments: diff --git a/phpBB/config/passwords.yml b/phpBB/config/passwords.yml index 9e249a2c12..3dc217286f 100644 --- a/phpBB/config/passwords.yml +++ b/phpBB/config/passwords.yml @@ -22,6 +22,14 @@ services: tags: - { name: passwords.driver } + passwords.driver.bcrypt_wcf2: + class: phpbb\passwords\driver\bcrypt_wcf2 + arguments: + - @passwords.driver.bcrypt + - @passwords.driver_helper + tags: + - { name: passwords.driver } + passwords.driver.salted_md5: class: phpbb\passwords\driver\salted_md5 arguments: @@ -38,6 +46,64 @@ services: tags: - { name: passwords.driver } + passwords.driver.convert_password: + class: phpbb\passwords\driver\convert_password + arguments: + - @config + - @passwords.driver_helper + tags: + - { name: passwords.driver } + + passwords.driver.sha1_smf: + class: phpbb\passwords\driver\sha1_smf + arguments: + - @config + - @passwords.driver_helper + tags: + - { name: passwords.driver } + + passwords.driver.sha1_wcf1: + class: phpbb\passwords\driver\sha1_wcf1 + arguments: + - @config + - @passwords.driver_helper + tags: + - { name: passwords.driver } + + passwords.driver.sha1: + class: phpbb\passwords\driver\sha1 + arguments: + - @config + - @passwords.driver_helper + tags: + - { name: passwords.driver } + + passwords.driver.md5_phpbb2: + class: phpbb\passwords\driver\md5_phpbb2 + arguments: + - @request + - @passwords.driver.salted_md5 + - %core.root_path% + - %core.php_ext% + tags: + - { name: passwords.driver } + + passwords.driver.md5_mybb: + class: phpbb\passwords\driver\md5_mybb + arguments: + - @config + - @passwords.driver_helper + tags: + - { name: passwords.driver } + + passwords.driver.md5_vb: + class: phpbb\passwords\driver\md5_vb + arguments: + - @config + - @passwords.driver_helper + tags: + - { name: passwords.driver } + passwords.driver_collection: class: phpbb\di\service_collection arguments: diff --git a/phpBB/develop/create_schema_files.php b/phpBB/develop/create_schema_files.php index 5490e45afa..05085d39ab 100644 --- a/phpBB/develop/create_schema_files.php +++ b/phpBB/develop/create_schema_files.php @@ -44,17 +44,9 @@ require($phpbb_root_path . 'phpbb/class_loader.' . $phpEx); $phpbb_class_loader = new \phpbb\class_loader('phpbb\\', "{$phpbb_root_path}phpbb/", $phpEx); $phpbb_class_loader->register(); -class phpbb_extension_empty_manager extends \phpbb\extension\manager -{ - public function __construct() - { - $this->extensions = array(); - } -} - -$finder = new \phpbb\extension\finder(new \phpbb_extension_empty_manager(), new \phpbb\filesystem(), $phpbb_root_path); +$finder = new \phpbb\finder(new \phpbb\filesystem(), $phpbb_root_path); $classes = $finder->core_path('phpbb/') - ->directory('db/migration/data') + ->directory('/db/migration/data') ->get_classes(); $db = new \phpbb\db\driver\sqlite(); diff --git a/phpBB/develop/migration_tips.php b/phpBB/develop/migration_tips.php deleted file mode 100644 index fdb1e4544d..0000000000 --- a/phpBB/develop/migration_tips.php +++ /dev/null @@ -1,46 +0,0 @@ -<?php -/** -* -* This file is part of the phpBB Forum Software package. -* -* @copyright (c) phpBB Limited <https://www.phpbb.com> -* @license GNU General Public License, version 2 (GPL-2.0) -* -* For full copyright and license information, please see -* the docs/CREDITS.txt file. -* -*/ - -// This is to help with creating migration files for new versions -// Use this to find what migrations are not depended on by any other migration -// (the current migration tree tips) - -define('IN_PHPBB', true); -$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './../'; -$phpEx = substr(strrchr(__FILE__, '.'), 1); -include($phpbb_root_path . 'common.' . $phpEx); - -$phpbb_extension_manager = $phpbb_container->get('ext.manager'); -$finder = $phpbb_extension_manager->get_finder(); - -$migrations = $finder - ->core_path('phpbb/db/migration/data/') - ->get_classes(); -$tips = $migrations; - -foreach ($migrations as $migration_class) -{ - foreach ($migration_class::depends_on() as $dependency) - { - if (($tips_key = array_search($dependency, $tips)) !== false) - { - unset($tips[$tips_key]); - } - } -} - -foreach ($tips as $migration) -{ - echo "\t\t\t'{$migration}',\n"; -} - diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php index 973e0e65c5..f10f0b1015 100644 --- a/phpBB/includes/acp/acp_groups.php +++ b/phpBB/includes/acp/acp_groups.php @@ -513,7 +513,7 @@ class acp_groups 'test_variables', ); extract($phpbb_dispatcher->trigger_event('core.acp_manage_group_initialise_data', compact($vars))); - + foreach ($test_variables as $test => $type) { if (isset($submit_ary[$test]) && ($action == 'add' || $group_row['group_' . $test] != $submit_ary[$test] || isset($group_attributes['group_avatar']) && strpos($test, 'avatar') === 0 || in_array($test, $set_attributes))) diff --git a/phpBB/includes/acp/acp_modules.php b/phpBB/includes/acp/acp_modules.php index 61bae18557..5932f4cddd 100644 --- a/phpBB/includes/acp/acp_modules.php +++ b/phpBB/includes/acp/acp_modules.php @@ -561,14 +561,14 @@ class acp_modules $directory = $phpbb_root_path . 'includes/' . $module_class . '/info/'; $fileinfo = array(); - $finder = $phpbb_extension_manager->get_finder(); + $finder = $phpbb_extension_manager->get_finder($use_all_available); $modules = $finder ->extension_suffix('_module') ->extension_directory("/$module_class") ->core_path("includes/$module_class/info/") ->core_prefix($module_class . '_') - ->get_classes(true, $use_all_available); + ->get_classes(true); foreach ($modules as $cur_module) { diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 83ab88d48c..d07120a65f 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -922,7 +922,6 @@ class acp_users $sql_ary += array( 'user_password' => $passwords_manager->hash($data['new_password']), 'user_passchg' => time(), - 'user_pass_convert' => 0, ); $user->reset_login_keys($user_id); diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index dafbb54af5..9d94ef2be4 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2854,7 +2854,8 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa $s_hidden_fields['credential'] = $credential; } - $auth_provider = $phpbb_container->get('auth.provider.' . $config['auth_method']); + $provider_collection = $phpbb_container->get('auth.provider_collection'); + $auth_provider = $provider_collection->get_provider(); $auth_provider_data = $auth_provider->get_login_data(); if ($auth_provider_data) diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index 22b8a8825e..4606a9f7ca 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -1371,7 +1371,7 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id, */ function get_user_rank($user_rank, $user_posts, &$rank_title, &$rank_img, &$rank_img_src) { - global $ranks, $config, $phpbb_root_path; + global $ranks, $config, $phpbb_root_path, $phpbb_path_helper; if (empty($ranks)) { @@ -1382,8 +1382,8 @@ function get_user_rank($user_rank, $user_posts, &$rank_title, &$rank_img, &$rank if (!empty($user_rank)) { $rank_title = (isset($ranks['special'][$user_rank]['rank_title'])) ? $ranks['special'][$user_rank]['rank_title'] : ''; - $rank_img = (!empty($ranks['special'][$user_rank]['rank_image'])) ? '<img src="' . $phpbb_root_path . $config['ranks_path'] . '/' . $ranks['special'][$user_rank]['rank_image'] . '" alt="' . $ranks['special'][$user_rank]['rank_title'] . '" title="' . $ranks['special'][$user_rank]['rank_title'] . '" />' : ''; - $rank_img_src = (!empty($ranks['special'][$user_rank]['rank_image'])) ? $phpbb_root_path . $config['ranks_path'] . '/' . $ranks['special'][$user_rank]['rank_image'] : ''; + $rank_img_src = (!empty($ranks['special'][$user_rank]['rank_image'])) ? $phpbb_path_helper->update_web_root_path($phpbb_root_path . $config['ranks_path'] . '/' . $ranks['special'][$user_rank]['rank_image']) : ''; + $rank_img = (!empty($ranks['special'][$user_rank]['rank_image'])) ? '<img src="' . $rank_img_src . '" alt="' . $ranks['special'][$user_rank]['rank_title'] . '" title="' . $ranks['special'][$user_rank]['rank_title'] . '" />' : ''; } else if ($user_posts !== false) { @@ -1394,8 +1394,8 @@ function get_user_rank($user_rank, $user_posts, &$rank_title, &$rank_img, &$rank if ($user_posts >= $rank['rank_min']) { $rank_title = $rank['rank_title']; - $rank_img = (!empty($rank['rank_image'])) ? '<img src="' . $phpbb_root_path . $config['ranks_path'] . '/' . $rank['rank_image'] . '" alt="' . $rank['rank_title'] . '" title="' . $rank['rank_title'] . '" />' : ''; - $rank_img_src = (!empty($rank['rank_image'])) ? $phpbb_root_path . $config['ranks_path'] . '/' . $rank['rank_image'] : ''; + $rank_img_src = (!empty($rank['rank_image'])) ? $phpbb_path_helper->update_web_root_path($phpbb_root_path . $config['ranks_path'] . '/' . $rank['rank_image']) : ''; + $rank_img = (!empty($rank['rank_image'])) ? '<img src="' . $rank_img_src . '" alt="' . $rank['rank_title'] . '" title="' . $rank['rank_title'] . '" />' : ''; break; } } diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index fafe29f957..d728ed7d78 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -184,7 +184,6 @@ function user_add($user_row, $cp_data = false) 'username' => $user_row['username'], 'username_clean' => $username_clean, 'user_password' => (isset($user_row['user_password'])) ? $user_row['user_password'] : '', - 'user_pass_convert' => 0, 'user_email' => strtolower($user_row['user_email']), 'user_email_hash' => phpbb_email_hash($user_row['user_email']), 'group_id' => $user_row['group_id'], diff --git a/phpBB/includes/ucp/ucp_activate.php b/phpBB/includes/ucp/ucp_activate.php index 06326e57e6..53dec89aad 100644 --- a/phpBB/includes/ucp/ucp_activate.php +++ b/phpBB/includes/ucp/ucp_activate.php @@ -78,7 +78,6 @@ class ucp_activate 'user_actkey' => '', 'user_password' => $user_row['user_newpasswd'], 'user_newpasswd' => '', - 'user_pass_convert' => 0, 'user_login_attempts' => 0, ); diff --git a/phpBB/install/schemas/schema.json b/phpBB/install/schemas/schema.json index f684fddc25..79f06693a6 100644 --- a/phpBB/install/schemas/schema.json +++ b/phpBB/install/schemas/schema.json @@ -3023,10 +3023,6 @@ "TIMESTAMP", 0 ], - "user_pass_convert": [ - "BOOL", - 0 - ], "user_email": [ "VCHAR_UNI:100", "" diff --git a/phpBB/phpbb/auth/provider/db.php b/phpBB/phpbb/auth/provider/db.php index 3be1d3873f..142a47247f 100644 --- a/phpBB/phpbb/auth/provider/db.php +++ b/phpBB/phpbb/auth/provider/db.php @@ -78,7 +78,7 @@ class db extends \phpbb\auth\provider\base $username_clean = utf8_clean_string($username); - $sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts + $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type, user_login_attempts FROM ' . USERS_TABLE . " WHERE username_clean = '" . $this->db->sql_escape($username_clean) . "'"; $result = $this->db->sql_query($sql); @@ -170,72 +170,8 @@ class db extends \phpbb\auth\provider\base } - // If the password convert flag is set we need to convert it - if ($row['user_pass_convert']) - { - // enable super globals to get literal value - // this is needed to prevent unicode normalization - $super_globals_disabled = $this->request->super_globals_disabled(); - if ($super_globals_disabled) - { - $this->request->enable_super_globals(); - } - - // in phpBB2 passwords were used exactly as they were sent, with addslashes applied - $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : ''; - $password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format; - $password_new_format = $this->request->variable('password', '', true); - - if ($super_globals_disabled) - { - $this->request->disable_super_globals(); - } - - if ($password == $password_new_format) - { - if (!function_exists('utf8_to_cp1252')) - { - include($this->phpbb_root_path . 'includes/utf/data/recode_basic.' . $this->php_ext); - } - - // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding - // plain md5 support left in for conversions from other systems. - if ((strlen($row['user_password']) == 34 && ($this->passwords_manager->check(md5($password_old_format), $row['user_password']) || $this->passwords_manager->check(md5(utf8_to_cp1252($password_old_format)), $row['user_password']))) - || (strlen($row['user_password']) == 32 && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password']))) - { - $hash = $this->passwords_manager->hash($password_new_format); - - // Update the password in the users table to the new format and remove user_pass_convert flag - $sql = 'UPDATE ' . USERS_TABLE . ' - SET user_password = \'' . $this->db->sql_escape($hash) . '\', - user_pass_convert = 0 - WHERE user_id = ' . $row['user_id']; - $this->db->sql_query($sql); - - $row['user_pass_convert'] = 0; - $row['user_password'] = $hash; - } - else - { - // Although we weren't able to convert this password we have to - // increase login attempt count to make sure this cannot be exploited - $sql = 'UPDATE ' . USERS_TABLE . ' - SET user_login_attempts = user_login_attempts + 1 - WHERE user_id = ' . (int) $row['user_id'] . ' - AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX; - $this->db->sql_query($sql); - - return array( - 'status' => LOGIN_ERROR_PASSWORD_CONVERT, - 'error_msg' => 'LOGIN_ERROR_PASSWORD_CONVERT', - 'user_row' => $row, - ); - } - } - } - // Check password ... - if (!$row['user_pass_convert'] && $this->passwords_manager->check($password, $row['user_password'])) + if ($this->passwords_manager->check($password, $row['user_password'])) { // Check for old password hash... if ($this->passwords_manager->convert_flag || strlen($row['user_password']) == 32) @@ -244,8 +180,7 @@ class db extends \phpbb\auth\provider\base // Update the password in the users table to the new format $sql = 'UPDATE ' . USERS_TABLE . " - SET user_password = '" . $this->db->sql_escape($hash) . "', - user_pass_convert = 0 + SET user_password = '" . $this->db->sql_escape($hash) . "' WHERE user_id = {$row['user_id']}"; $this->db->sql_query($sql); diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php index 2230ce15d1..07430bb42a 100644 --- a/phpBB/phpbb/auth/provider/oauth/oauth.php +++ b/phpBB/phpbb/auth/provider/oauth/oauth.php @@ -215,7 +215,7 @@ class oauth extends \phpbb\auth\provider\base } // Retrieve the user's account - $sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts + $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type, user_login_attempts FROM ' . $this->users_table . ' WHERE user_id = ' . (int) $row['user_id']; $result = $this->db->sql_query($sql); diff --git a/phpBB/phpbb/auth/provider_collection.php b/phpBB/phpbb/auth/provider_collection.php new file mode 100644 index 0000000000..27a3f24564 --- /dev/null +++ b/phpBB/phpbb/auth/provider_collection.php @@ -0,0 +1,65 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\auth; + +use Symfony\Component\DependencyInjection\ContainerInterface; + +/** +* Collection of auth providers to be configured at container compile time. +*/ +class provider_collection extends \phpbb\di\service_collection +{ + /** @var \phpbb\config\config phpBB Config */ + protected $config; + + /** + * Constructor + * + * @param ContainerInterface $container Container object + * @param \phpbb\config\config $config phpBB config + */ + public function __construct($container, \phpbb\config\config $config) + { + $this->container = $container; + $this->config = $config; + } + + /** + * Get an auth provider. + * + * @return object Default auth provider selected in config if it + * does exist. Otherwise the standard db auth + * provider. + * @throws \RuntimeException If neither the auth provider that + * is specified by the phpBB config nor the db + * auth provider exist. The db auth provider + * should always exist in a phpBB installation. + */ + public function get_provider() + { + if ($this->offsetExists('auth.provider.' . basename(trim($this->config['auth_method'])))) + { + return $this->offsetGet('auth.provider.' . basename(trim($this->config['auth_method']))); + } + // Revert to db auth provider if selected method does not exist + elseif ($this->offsetExists('auth.provider.db')) + { + return $this->offsetGet('auth.provider.db'); + } + else + { + throw new \RuntimeException(sprintf('The authentication provider for the authentication method "%1$s" does not exist. It was not possible to recover from this by reverting to the database authentication provider.', $this->config['auth_method'])); + } + } +} diff --git a/phpBB/phpbb/console/command/dev/migration_tips.php b/phpBB/phpbb/console/command/dev/migration_tips.php new file mode 100644 index 0000000000..c2f61568ea --- /dev/null +++ b/phpBB/phpbb/console/command/dev/migration_tips.php @@ -0,0 +1,64 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ +namespace phpbb\console\command\dev; + +use Symfony\Component\Console\Input\InputInterface; +use Symfony\Component\Console\Output\OutputInterface; + +class migration_tips extends \phpbb\console\command\command +{ + /** @var \phpbb\extension\manager */ + protected $extension_manager; + + function __construct(\phpbb\extension\manager $extension_manager) + { + $this->extension_manager = $extension_manager; + parent::__construct(); + } + + protected function configure() + { + $this + ->setName('dev:migration-tips') + ->setDescription('Finds migrations that are not depended on.') + ; + } + + protected function execute(InputInterface $input, OutputInterface $output) + { + $migrations = $this->extension_manager->get_finder() + ->set_extensions(array()) + ->core_path('phpbb/db/migration/data/') + ->get_classes(); + $tips = $migrations; + + foreach ($migrations as $migration_class) + { + foreach ($migration_class::depends_on() as $dependency) + { + $tips_key = array_search($dependency, $tips); + if ($tips_key !== false) + { + unset($tips[$tips_key]); + } + } + } + + $output->writeln("\t\tarray("); + foreach ($tips as $migration) + { + $output->writeln("\t\t\t'{$migration}',"); + } + $output->writeln("\t\t);"); + } +} diff --git a/phpBB/phpbb/controller/provider.php b/phpBB/phpbb/controller/provider.php index 91f3a07fb1..bd85385a41 100644 --- a/phpBB/phpbb/controller/provider.php +++ b/phpBB/phpbb/controller/provider.php @@ -46,10 +46,10 @@ class provider } /** - * @param \phpbb\extension\finder $finder + * @param \phpbb\finder $finder * @return null */ - public function find_routing_files(\phpbb\extension\finder $finder) + public function find_routing_files(\phpbb\finder $finder) { // We hardcode the path to the core config directory // because the finder cannot find it diff --git a/phpBB/phpbb/db/migration/data/v310/passwords_convert_p1.php b/phpBB/phpbb/db/migration/data/v310/passwords_convert_p1.php new file mode 100644 index 0000000000..004d94d8bd --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v310/passwords_convert_p1.php @@ -0,0 +1,85 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v310; + +class passwords_convert_p1 extends \phpbb\db\migration\migration +{ + static public function depends_on() + { + return array('\phpbb\db\migration\data\v310\passwords_p2'); + } + + public function update_data() + { + return array( + array('custom', array(array($this, 'update_passwords'))), + ); + } + + public function update_passwords($start) + { + // Nothing to do if user_pass_convert column doesn't exist + if (!$this->db_tools->sql_column_exists($this->table_prefix . 'users', 'user_pass_convert')) + { + return; + } + + $start = (int) $start; + $limit = 1000; + $converted_users = 0; + + $sql = 'SELECT user_password, user_id + FROM ' . $this->table_prefix . 'users + WHERE user_pass_convert = 1 + GROUP BY user_id + ORDER BY user_id'; + $result = $this->db->sql_query_limit($sql, $limit, $start); + + $update_users = array(); + while ($row = $this->db->sql_fetchrow($result)) + { + $converted_users++; + + $user_id = (int) $row['user_id']; + // Only prefix passwords without proper prefix + if (!isset($update_users[$user_id]) && !preg_match('#^\$([a-zA-Z0-9\\\]*?)\$#', $row['user_password'])) + { + // Use $CP$ prefix for passwords that need to + // be converted and set pass convert to false. + $update_users[$user_id] = array( + 'user_password' => '$CP$' . $row['user_password'], + 'user_pass_convert' => 0, + ); + } + } + $this->db->sql_freeresult($result); + + foreach ($update_users as $user_id => $user_data) + { + $sql = 'UPDATE ' . $this->table_prefix . 'users + SET ' . $this->db->sql_build_array('UPDATE', $user_data) . ' + WHERE user_id = ' . $user_id; + $this->sql_query($sql); + } + + if ($converted_users < $limit) + { + // There are no more users to be converted + return; + } + + // There are still more users to query, return the next start value + return $start + $limit; + } +} diff --git a/phpBB/phpbb/db/migration/data/v310/passwords_convert_p2.php b/phpBB/phpbb/db/migration/data/v310/passwords_convert_p2.php new file mode 100644 index 0000000000..26a99184a6 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v310/passwords_convert_p2.php @@ -0,0 +1,49 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v310; + +class passwords_convert_p2 extends \phpbb\db\migration\migration +{ + public function effectively_installed() + { + return !$this->db_tools->sql_column_exists($this->table_prefix . 'users', 'user_pass_convert'); + } + + static public function depends_on() + { + return array('\phpbb\db\migration\data\v310\passwords_convert_p1'); + } + + public function update_schema() + { + return array( + 'drop_columns' => array( + $this->table_prefix . 'users' => array( + 'user_pass_convert', + ), + ), + ); + } + + public function revert_schema() + { + return array( + 'add_columns' => array( + $this->table_prefix . 'users' => array( + 'user_pass_convert' => array('BOOL', 0, 'after' => 'user_passchg'), + ), + ), + ); + } +} diff --git a/phpBB/phpbb/db/migrator.php b/phpBB/phpbb/db/migrator.php index 9b9532a7ad..5255c73c1c 100644 --- a/phpBB/phpbb/db/migrator.php +++ b/phpBB/phpbb/db/migrator.php @@ -714,7 +714,7 @@ class migrator /** * Load migration data files from a directory * - * @param \phpbb\extension\finder $finder + * @param \phpbb\finder $finder * @param string $path Path to migration data files * @param bool $check_fulfillable If TRUE (default), we will check * if all of the migrations are fulfillable after loading them. @@ -723,7 +723,7 @@ class migrator * with the last call to prevent throwing errors unnecessarily). * @return array Array of migration names */ - public function load_migrations(\phpbb\extension\finder $finder, $path, $check_fulfillable = true) + public function load_migrations(\phpbb\finder $finder, $path, $check_fulfillable = true) { if (!is_dir($path)) { diff --git a/phpBB/phpbb/extension/base.php b/phpBB/phpbb/extension/base.php index eb306aeb72..cbbd7bc622 100644 --- a/phpBB/phpbb/extension/base.php +++ b/phpBB/phpbb/extension/base.php @@ -23,7 +23,7 @@ class base implements \phpbb\extension\extension_interface /** @var ContainerInterface */ protected $container; - /** @var \phpbb\extension\finder */ + /** @var \phpbb\finder */ protected $finder; /** @var \phpbb\db\migrator */ @@ -39,11 +39,11 @@ class base implements \phpbb\extension\extension_interface * Constructor * * @param ContainerInterface $container Container object - * @param \phpbb\extension\finder $extension_finder + * @param \phpbb\finder $extension_finder * @param string $extension_name Name of this extension (from ext.manager) * @param string $extension_path Relative path to this extension */ - public function __construct(ContainerInterface $container, \phpbb\extension\finder $extension_finder, \phpbb\db\migrator $migrator, $extension_name, $extension_path) + public function __construct(ContainerInterface $container, \phpbb\finder $extension_finder, \phpbb\db\migrator $migrator, $extension_name, $extension_path) { $this->container = $container; $this->extension_finder = $extension_finder; diff --git a/phpBB/phpbb/extension/manager.php b/phpBB/phpbb/extension/manager.php index cd7289e085..b83bb1b189 100644 --- a/phpBB/phpbb/extension/manager.php +++ b/phpBB/phpbb/extension/manager.php @@ -532,12 +532,22 @@ class manager } /** - * Instantiates a \phpbb\extension\finder. + * Instantiates a \phpbb\finder. * - * @return \phpbb\extension\finder An extension finder instance + * @param bool $use_all_available Should we load all extensions, or just enabled ones + * @return \phpbb\finder An extension finder instance */ - public function get_finder() + public function get_finder($use_all_available = false) { - return new \phpbb\extension\finder($this, $this->filesystem, $this->phpbb_root_path, $this->cache, $this->php_ext, $this->cache_name . '_finder'); + $finder = new \phpbb\finder($this->filesystem, $this->phpbb_root_path, $this->cache, $this->php_ext, $this->cache_name . '_finder'); + if ($use_all_available) + { + $finder->set_extensions(array_keys($this->all_available())); + } + else + { + $finder->set_extensions(array_keys($this->all_enabled())); + } + return $finder; } } diff --git a/phpBB/phpbb/extension/finder.php b/phpBB/phpbb/finder.php index 6f2408094e..28f28825ba 100644 --- a/phpBB/phpbb/extension/finder.php +++ b/phpBB/phpbb/finder.php @@ -11,14 +11,14 @@ * */ -namespace phpbb\extension; +namespace phpbb; /** -* The extension finder provides a simple way to locate files in active extensions +* The finder provides a simple way to locate files in the core and a set of extensions */ class finder { - protected $extension_manager; + protected $extensions; protected $filesystem; protected $phpbb_root_path; protected $cache; @@ -48,9 +48,6 @@ class finder /** * Creates a new finder instance with its dependencies * - * @param \phpbb\extension\manager $extension_manager An extension manager - * instance that provides the finder with a list of active - * extensions and their locations * @param \phpbb\filesystem $filesystem Filesystem instance * @param string $phpbb_root_path Path to the phpbb root directory * @param \phpbb\cache\driver\driver_interface $cache A cache instance or null @@ -58,9 +55,8 @@ class finder * @param string $cache_name The name of the cache variable, defaults to * _ext_finder */ - public function __construct(\phpbb\extension\manager $extension_manager, \phpbb\filesystem $filesystem, $phpbb_root_path = '', \phpbb\cache\driver\driver_interface $cache = null, $php_ext = 'php', $cache_name = '_ext_finder') + public function __construct(\phpbb\filesystem $filesystem, $phpbb_root_path = '', \phpbb\cache\driver\driver_interface $cache = null, $php_ext = 'php', $cache_name = '_ext_finder') { - $this->extension_manager = $extension_manager; $this->filesystem = $filesystem; $this->phpbb_root_path = $phpbb_root_path; $this->cache = $cache; @@ -76,15 +72,37 @@ class finder 'extension_prefix' => false, 'extension_directory' => false, ); + $this->extensions = array(); $this->cached_queries = ($this->cache) ? $this->cache->get($this->cache_name) : false; } /** + * Set the array of extensions + * + * @param array $extensions A list of extensions that should be searched aswell + * @param bool $replace_list Should the list be emptied before adding the extensions + * @return \phpbb\finder This object for chaining calls + */ + public function set_extensions(array $extensions, $replace_list = true) + { + if ($replace_list) + { + $this->extensions = array(); + } + + foreach ($extensions as $ext_name) + { + $this->extensions[$ext_name] = $this->phpbb_root_path . 'ext/' . $ext_name . '/'; + } + return $this; + } + + /** * Sets a core path to be searched in addition to extensions * * @param string $core_path The path relative to phpbb_root_path - * @return \phpbb\extension\finder This object for chaining calls + * @return \phpbb\finder This object for chaining calls */ public function core_path($core_path) { @@ -100,7 +118,7 @@ class finder * file extension is automatically added to suffixes. * * @param string $suffix A filename suffix - * @return \phpbb\extension\finder This object for chaining calls + * @return \phpbb\finder This object for chaining calls */ public function suffix($suffix) { @@ -117,7 +135,7 @@ class finder * file extension is automatically added to suffixes. * * @param string $extension_suffix A filename suffix - * @return \phpbb\extension\finder This object for chaining calls + * @return \phpbb\finder This object for chaining calls */ public function extension_suffix($extension_suffix) { @@ -133,7 +151,7 @@ class finder * file extension is automatically added to suffixes. * * @param string $core_suffix A filename suffix - * @return \phpbb\extension\finder This object for chaining calls + * @return \phpbb\finder This object for chaining calls */ public function core_suffix($core_suffix) { @@ -145,7 +163,7 @@ class finder * Sets the prefix all files found in extensions and core must match * * @param string $prefix A filename prefix - * @return \phpbb\extension\finder This object for chaining calls + * @return \phpbb\finder This object for chaining calls */ public function prefix($prefix) { @@ -158,7 +176,7 @@ class finder * Sets a prefix all files found in extensions must match * * @param string $extension_prefix A filename prefix - * @return \phpbb\extension\finder This object for chaining calls + * @return \phpbb\finder This object for chaining calls */ public function extension_prefix($extension_prefix) { @@ -170,7 +188,7 @@ class finder * Sets a prefix all files found in the core path must match * * @param string $core_prefix A filename prefix - * @return \phpbb\extension\finder This object for chaining calls + * @return \phpbb\finder This object for chaining calls */ public function core_prefix($core_prefix) { @@ -185,7 +203,7 @@ class finder * the current directory. * * @param string $directory - * @return \phpbb\extension\finder This object for chaining calls + * @return \phpbb\finder This object for chaining calls */ public function directory($directory) { @@ -198,7 +216,7 @@ class finder * Sets a directory all files found in extensions must be contained in * * @param string $extension_directory - * @return \phpbb\extension\finder This object for chaining calls + * @return \phpbb\finder This object for chaining calls */ public function extension_directory($extension_directory) { @@ -210,7 +228,7 @@ class finder * Sets a directory all files found in the core path must be contained in * * @param string $core_directory - * @return \phpbb\extension\finder This object for chaining calls + * @return \phpbb\finder This object for chaining calls */ public function core_directory($core_directory) { @@ -246,16 +264,14 @@ class finder * phpBB naming rules an incorrect class name will be returned. * * @param bool $cache Whether the result should be cached - * @param bool $use_all_available Use all available instead of just all - * enabled extensions * @return array An array of found class names */ - public function get_classes($cache = true, $use_all_available = false) + public function get_classes($cache = true) { $this->query['extension_suffix'] .= '.' . $this->php_ext; $this->query['core_suffix'] .= '.' . $this->php_ext; - $files = $this->find($cache, false, $use_all_available); + $files = $this->find($cache, false); return $this->get_classes_from_files($files); } @@ -290,27 +306,23 @@ class finder * Finds all directories matching the configured options * * @param bool $cache Whether the result should be cached - * @param bool $use_all_available Use all available instead of just all - * enabled extensions * @param bool $extension_keys Whether the result should have extension name as array key * @return array An array of paths to found directories */ - public function get_directories($cache = true, $use_all_available = false, $extension_keys = false) + public function get_directories($cache = true, $extension_keys = false) { - return $this->find_with_root_path($cache, true, $use_all_available, $extension_keys); + return $this->find_with_root_path($cache, true, $extension_keys); } /** * Finds all files matching the configured options. * * @param bool $cache Whether the result should be cached - * @param bool $use_all_available Use all available instead of just all - * enabled extensions * @return array An array of paths to found files */ - public function get_files($cache = true, $use_all_available = false) + public function get_files($cache = true) { - return $this->find_with_root_path($cache, false, $use_all_available); + return $this->find_with_root_path($cache, false); } /** @@ -318,16 +330,14 @@ class finder * * @param bool $cache Whether the result should be cached * @param bool $is_dir Directories will be returned when true, only files - * otherwise - * @param bool $use_all_available Use all available instead of just all - * enabled extensions + * otherwise * @param bool $extension_keys If true, result will be associative array * with extension name as key * @return array An array of paths to found items */ - protected function find_with_root_path($cache = true, $is_dir = false, $use_all_available = false, $extension_keys = false) + protected function find_with_root_path($cache = true, $is_dir = false, $extension_keys = false) { - $items = $this->find($cache, $is_dir, $use_all_available); + $items = $this->find($cache, $is_dir); $result = array(); foreach ($items as $item => $ext_name) @@ -351,21 +361,11 @@ class finder * @param bool $cache Whether the result should be cached * @param bool $is_dir Directories will be returned when true, only files * otherwise - * @param bool $use_all_available Use all available instead of just all - * enabled extensions * @return array An array of paths to found items */ - public function find($cache = true, $is_dir = false, $use_all_available = false) + public function find($cache = true, $is_dir = false) { - if ($use_all_available) - { - $extensions = $this->extension_manager->all_available(); - } - else - { - $extensions = $this->extension_manager->all_enabled(); - } - + $extensions = $this->extensions; if ($this->query['core_path']) { $extensions['/'] = $this->phpbb_root_path . $this->query['core_path']; diff --git a/phpBB/phpbb/passwords/driver/base.php b/phpBB/phpbb/passwords/driver/base.php index fffc9d1461..1d47180e55 100644 --- a/phpBB/phpbb/passwords/driver/base.php +++ b/phpBB/phpbb/passwords/driver/base.php @@ -43,4 +43,20 @@ abstract class base implements driver_interface { return true; } + + /** + * @inheritdoc + */ + public function is_legacy() + { + return false; + } + + /** + * @inheritdoc + */ + public function get_settings_only($hash, $full = false) + { + return false; + } } diff --git a/phpBB/phpbb/passwords/driver/bcrypt.php b/phpBB/phpbb/passwords/driver/bcrypt.php index 3edf7255c0..de5840c7cf 100644 --- a/phpBB/phpbb/passwords/driver/bcrypt.php +++ b/phpBB/phpbb/passwords/driver/bcrypt.php @@ -60,7 +60,7 @@ class bcrypt extends base /** * @inheritdoc */ - public function check($password, $hash) + public function check($password, $hash, $user_row = array()) { $salt = substr($hash, 0, 29); if (strlen($salt) != 29) diff --git a/phpBB/phpbb/passwords/driver/bcrypt_wcf2.php b/phpBB/phpbb/passwords/driver/bcrypt_wcf2.php new file mode 100644 index 0000000000..f706c7af69 --- /dev/null +++ b/phpBB/phpbb/passwords/driver/bcrypt_wcf2.php @@ -0,0 +1,84 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\passwords\driver; + +class bcrypt_wcf2 extends base +{ + const PREFIX = '$wcf2$'; + + /** @var \phpbb\passwords\driver\bcrypt */ + protected $bcrypt; + + /** @var phpbb\passwords\driver\helper */ + protected $helper; + + /** + * Constructor of passwords driver object + * + * @param \phpbb\passwords\driver\bcrypt $bcrypt Salted md5 driver + * @param \phpbb\passwords\driver\helper $helper Password driver helper + */ + public function __construct(\phpbb\passwords\driver\bcrypt $bcrypt, helper $helper) + { + $this->bcrypt = $bcrypt; + $this->helper = $helper; + } + + /** + * @inheritdoc + */ + public function get_prefix() + { + return self::PREFIX; + } + + /** + * @inheritdoc + */ + public function is_legacy() + { + return true; + } + + /** + * @inheritdoc + */ + public function hash($password, $user_row = '') + { + // Do not support hashing + return false; + } + + /** + * @inheritdoc + */ + public function check($password, $hash, $user_row = array()) + { + if (empty($hash) || strlen($hash) != 60) + { + return false; + } + else + { + $salt = substr($hash, 0, 29); + + if (strlen($salt) != 29) + { + return false; + } + // Works for standard WCF 2.x, i.e. WBB4 and similar + return $hash === $this->bcrypt->hash($this->bcrypt->hash($password, $salt), $salt); + } + } +} diff --git a/phpBB/phpbb/passwords/driver/convert_password.php b/phpBB/phpbb/passwords/driver/convert_password.php new file mode 100644 index 0000000000..45d84f45c0 --- /dev/null +++ b/phpBB/phpbb/passwords/driver/convert_password.php @@ -0,0 +1,43 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\passwords\driver; + +class convert_password extends base +{ + const PREFIX = '$CP$'; + + /** + * @inheritdoc + */ + public function get_prefix() + { + return self::PREFIX; + } + + /** + * @inheritdoc + */ + public function hash($password, $user_row = '') + { + return false; + } + + /** + * @inheritdoc + */ + public function check($password, $hash, $user_row = array()) + { + return false; + } +} diff --git a/phpBB/phpbb/passwords/driver/driver_interface.php b/phpBB/phpbb/passwords/driver/driver_interface.php index 54c9d6500e..a257e71f23 100644 --- a/phpBB/phpbb/passwords/driver/driver_interface.php +++ b/phpBB/phpbb/passwords/driver/driver_interface.php @@ -23,6 +23,13 @@ interface driver_interface public function is_supported(); /** + * Check if hash type is a legacy hash type + * + * @return bool True if it's a legacy hash type, false if not + */ + public function is_legacy(); + + /** * Returns the hash prefix * * @return string Hash prefix @@ -44,10 +51,11 @@ interface driver_interface * * @param string $password The password to check * @param string $hash The password hash to check against + * @param string $user_row User's row in users table * * @return bool True if password is correct, else false */ - public function check($password, $hash); + public function check($password, $hash, $user_row = array()); /** * Get only the settings of the specified hash diff --git a/phpBB/phpbb/passwords/driver/md5_mybb.php b/phpBB/phpbb/passwords/driver/md5_mybb.php new file mode 100644 index 0000000000..0745bceb5e --- /dev/null +++ b/phpBB/phpbb/passwords/driver/md5_mybb.php @@ -0,0 +1,60 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\passwords\driver; + +class md5_mybb extends base +{ + const PREFIX = '$md5_mybb$'; + + /** + * @inheritdoc + */ + public function get_prefix() + { + return self::PREFIX; + } + + /** + * @inheritdoc + */ + public function is_legacy() + { + return true; + } + + /** + * @inheritdoc + */ + public function hash($password, $user_row = '') + { + // Do not support hashing + return false; + } + + /** + * @inheritdoc + */ + public function check($password, $hash, $user_row = array()) + { + if (empty($hash) || strlen($hash) != 32 || !isset($user_row['user_passwd_salt'])) + { + return false; + } + else + { + // Works for myBB 1.1.x, 1.2.x, 1.4.x, 1.6.x + return $hash === md5(md5($user_row['user_passwd_salt']) . md5($password)); + } + } +} diff --git a/phpBB/phpbb/passwords/driver/md5_phpbb2.php b/phpBB/phpbb/passwords/driver/md5_phpbb2.php new file mode 100644 index 0000000000..de1993e8a1 --- /dev/null +++ b/phpBB/phpbb/passwords/driver/md5_phpbb2.php @@ -0,0 +1,118 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\passwords\driver; + +class md5_phpbb2 extends base +{ + const PREFIX = '$md5_phpbb2$'; + + /** @var \phpbb\request\request phpBB request object */ + protected $request; + + /** @var \phpbb\passwords\driver\salted_md5 */ + protected $salted_md5; + + /** @var phpBB root path */ + protected $phpbb_root_path; + + /** @var php file extension */ + protected $php_ext; + + /** + * Constructor of passwords driver object + * + * @param \phpbb\request\request $request phpBB request object + * @param \phpbb\passwords\driver\salted_md5 $salted_md5 Salted md5 driver + * @param string $phpbb_root_path phpBB root path + * @param string $php_ext PHP file extension + */ + public function __construct($request, \phpbb\passwords\driver\salted_md5 $salted_md5, $phpbb_root_path, $php_ext) + { + $this->request = $request; + $this->salted_md5 = $salted_md5; + $this->phpbb_root_path = $phpbb_root_path; + $this->php_ext = $php_ext; + } + + /** + * @inheritdoc + */ + public function get_prefix() + { + return self::PREFIX; + } + + /** + * @inheritdoc + */ + public function is_legacy() + { + return true; + } + + /** + * @inheritdoc + */ + public function hash($password, $user_row = '') + { + // Do not support hashing + return false; + } + + /** + * @inheritdoc + */ + public function check($password, $hash, $user_row = array()) + { + if (strlen($hash) != 32 && strlen($hash) != 34) + { + return false; + } + + // enable super globals to get literal value + // this is needed to prevent unicode normalization + $super_globals_disabled = $this->request->super_globals_disabled(); + if ($super_globals_disabled) + { + $this->request->enable_super_globals(); + } + + // in phpBB2 passwords were used exactly as they were sent, with addslashes applied + $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : ''; + $password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format; + $password_new_format = $this->request->variable('password', '', true); + + if ($super_globals_disabled) + { + $this->request->disable_super_globals(); + } + + if ($password == $password_new_format) + { + if (!function_exists('utf8_to_cp1252')) + { + include($this->phpbb_root_path . 'includes/utf/data/recode_basic.' . $this->php_ext); + } + + if (md5($password_old_format) === $hash || md5(\utf8_to_cp1252($password_old_format)) === $hash + || $this->salted_md5->check(md5($password_old_format), $hash) === true + || $this->salted_md5->check(md5(\utf8_to_cp1252($password_old_format)), $hash) === true) + { + return true; + } + } + + return false; + } +} diff --git a/phpBB/phpbb/passwords/driver/md5_vb.php b/phpBB/phpbb/passwords/driver/md5_vb.php new file mode 100644 index 0000000000..440b9e39e9 --- /dev/null +++ b/phpBB/phpbb/passwords/driver/md5_vb.php @@ -0,0 +1,60 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\passwords\driver; + +class md5_vb extends base +{ + const PREFIX = '$md5_vb$'; + + /** + * @inheritdoc + */ + public function get_prefix() + { + return self::PREFIX; + } + + /** + * @inheritdoc + */ + public function is_legacy() + { + return true; + } + + /** + * @inheritdoc + */ + public function hash($password, $user_row = '') + { + // Do not support hashing + return false; + } + + /** + * @inheritdoc + */ + public function check($password, $hash, $user_row = array()) + { + if (empty($hash) || strlen($hash) != 32 || !isset($user_row['user_passwd_salt'])) + { + return false; + } + else + { + // Works for vB 3.8.x, 4.x.x, 5.0.x + return $hash === md5(md5($password) . $user_row['user_passwd_salt']); + } + } +} diff --git a/phpBB/phpbb/passwords/driver/salted_md5.php b/phpBB/phpbb/passwords/driver/salted_md5.php index a9f6712751..b5f59754e1 100644 --- a/phpBB/phpbb/passwords/driver/salted_md5.php +++ b/phpBB/phpbb/passwords/driver/salted_md5.php @@ -56,6 +56,14 @@ class salted_md5 extends base /** * @inheritdoc */ + public function is_legacy() + { + return true; + } + + /** + * @inheritdoc + */ public function hash($password, $setting = '') { if ($setting) @@ -92,7 +100,7 @@ class salted_md5 extends base /** * @inheritdoc */ - public function check($password, $hash) + public function check($password, $hash, $user_row = array()) { if (strlen($hash) !== 34) { diff --git a/phpBB/phpbb/passwords/driver/sha1.php b/phpBB/phpbb/passwords/driver/sha1.php new file mode 100644 index 0000000000..5d6c93f6a8 --- /dev/null +++ b/phpBB/phpbb/passwords/driver/sha1.php @@ -0,0 +1,52 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\passwords\driver; + +class sha1 extends base +{ + const PREFIX = '$sha1$'; + + /** + * @inheritdoc + */ + public function get_prefix() + { + return self::PREFIX; + } + + /** + * @inheritdoc + */ + public function is_legacy() + { + return true; + } + + /** + * @inheritdoc + */ + public function hash($password, $user_row = '') + { + // Do not support hashing + return false; + } + + /** + * @inheritdoc + */ + public function check($password, $hash, $user_row = array()) + { + return (strlen($hash) == 40) ? $hash === sha1($password) : false; + } +} diff --git a/phpBB/phpbb/passwords/driver/sha1_smf.php b/phpBB/phpbb/passwords/driver/sha1_smf.php new file mode 100644 index 0000000000..3e3322d77f --- /dev/null +++ b/phpBB/phpbb/passwords/driver/sha1_smf.php @@ -0,0 +1,51 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\passwords\driver; + +class sha1_smf extends base +{ + const PREFIX = '$smf$'; + + /** + * @inheritdoc + */ + public function get_prefix() + { + return self::PREFIX; + } + + /** + * @inheritdoc + */ + public function is_legacy() + { + return true; + } + + /** + * @inheritdoc + */ + public function hash($password, $user_row = '') + { + return (isset($user_row['login_name'])) ? sha1(strtolower($user_row['login_name']) . $password) : false; + } + + /** + * @inheritdoc + */ + public function check($password, $hash, $user_row = array()) + { + return (strlen($hash) == 40) ? $hash === $this->hash($password, $user_row) : false; + } +} diff --git a/phpBB/phpbb/passwords/driver/sha1_wcf1.php b/phpBB/phpbb/passwords/driver/sha1_wcf1.php new file mode 100644 index 0000000000..04a69705e9 --- /dev/null +++ b/phpBB/phpbb/passwords/driver/sha1_wcf1.php @@ -0,0 +1,60 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\passwords\driver; + +class sha1_wcf1 extends base +{ + const PREFIX = '$wcf1$'; + + /** + * @inheritdoc + */ + public function get_prefix() + { + return self::PREFIX; + } + + /** + * @inheritdoc + */ + public function is_legacy() + { + return true; + } + + /** + * @inheritdoc + */ + public function hash($password, $user_row = '') + { + // Do not support hashing + return false; + } + + /** + * @inheritdoc + */ + public function check($password, $hash, $user_row = array()) + { + if (empty($hash) || strlen($hash) != 40 || !isset($user_row['user_passwd_salt'])) + { + return false; + } + else + { + // Works for standard WCF 1.x, i.e. WBB3 and similar + return $hash === sha1($user_row['user_passwd_salt'] . sha1($user_row['user_passwd_salt'] . sha1($password))); + } + } +} diff --git a/phpBB/phpbb/passwords/driver/sha_xf1.php b/phpBB/phpbb/passwords/driver/sha_xf1.php new file mode 100644 index 0000000000..7ae0b90f51 --- /dev/null +++ b/phpBB/phpbb/passwords/driver/sha_xf1.php @@ -0,0 +1,68 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\passwords\driver; + +class sha_xf1 extends base +{ + const PREFIX = '$xf1$'; + + /** + * @inheritdoc + */ + public function get_prefix() + { + return self::PREFIX; + } + + /** + * @inheritdoc + */ + public function is_legacy() + { + return true; + } + + /** + * @inheritdoc + */ + public function hash($password, $user_row = '') + { + // Do not support hashing + return false; + } + + /** + * @inheritdoc + */ + public function check($password, $hash, $user_row = array()) + { + if (empty($hash) || (strlen($hash) != 40 && strlen($hash) != 64) || !isset($user_row['user_passwd_salt'])) + { + return false; + } + else + { + // Works for xenforo 1.0, 1.1 + if ($hash === sha1(sha1($password) . $user_row['user_passwd_salt']) + || $hash === hash('sha256', hash('sha256', $password) . $user_row['user_passwd_salt'])) + { + return true; + } + else + { + return false; + } + } + } +} diff --git a/phpBB/phpbb/passwords/manager.php b/phpBB/phpbb/passwords/manager.php index 8b16cf55dd..0a349c4a14 100644 --- a/phpBB/phpbb/passwords/manager.php +++ b/phpBB/phpbb/passwords/manager.php @@ -141,7 +141,7 @@ class manager */ if (!preg_match('#^\$([a-zA-Z0-9\\\]*?)\$#', $hash, $match)) { - return $this->get_algorithm('$H$'); + return false; } // Be on the lookout for multiple hashing algorithms @@ -224,9 +224,10 @@ class manager * * @param string $password Password that should be checked * @param string $hash Stored hash + * @param array $user_row User's row in users table * @return string|bool True if password is correct, false if not */ - public function check($password, $hash) + public function check($password, $hash, $user_row = array()) { if (strlen($password) > 4096) { @@ -235,11 +236,19 @@ class manager return false; } + // Empty hashes can't be checked + if (empty($hash)) + { + return false; + } + // First find out what kind of hash we're dealing with $stored_hash_type = $this->detect_algorithm($hash); if ($stored_hash_type == false) { - return false; + // Still check MD5 hashes as that is what the installer + // will default to for the admin user + return $this->get_algorithm('$H$')->check($password, $hash); } // Multiple hash passes needed @@ -259,6 +268,21 @@ class manager $this->convert_flag = false; } + // Check all legacy hash types if prefix is $CP$ + if ($stored_hash_type->get_prefix() === '$CP$') + { + // Remove $CP$ prefix for proper checking + $hash = substr($hash, 4); + + foreach ($this->type_map as $algorithm) + { + if ($algorithm->is_legacy() && $algorithm->check($password, $hash, $user_row) === true) + { + return true; + } + } + } + return $stored_hash_type->check($password, $hash); } diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index c2669ea6cc..59b7ec2029 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -408,9 +408,8 @@ class session $session_expired = false; // Check whether the session is still valid if we have one - $method = basename(trim($config['auth_method'])); - - $provider = $phpbb_container->get('auth.provider.' . $method); + $provider_collection = $phpbb_container->get('auth.provider_collection'); + $provider = $provider_collection->get_provider(); if (!($provider instanceof \phpbb\auth\provider\provider_interface)) { @@ -577,9 +576,8 @@ class session } } - $method = basename(trim($config['auth_method'])); - - $provider = $phpbb_container->get('auth.provider.' . $method); + $provider_collection = $phpbb_container->get('auth.provider_collection'); + $provider = $provider_collection->get_provider(); $this->data = $provider->autologin(); if (sizeof($this->data)) @@ -898,9 +896,8 @@ class session $db->sql_query($sql); // Allow connecting logout with external auth method logout - $method = basename(trim($config['auth_method'])); - - $provider = $phpbb_container->get('auth.provider.' . $method); + $provider_collection = $phpbb_container->get('auth.provider_collection'); + $provider = $provider_collection->get_provider(); $provider->logout($this->data, $new_session); if ($this->data['user_id'] != ANONYMOUS) diff --git a/tests/auth/fixtures/user.xml b/tests/auth/fixtures/user.xml index 77f707bab3..1e0eb6ee49 100644 --- a/tests/auth/fixtures/user.xml +++ b/tests/auth/fixtures/user.xml @@ -6,7 +6,6 @@ <column>username_clean</column> <column>user_password</column> <column>user_passchg</column> - <column>user_pass_convert</column> <column>user_email</column> <column>user_type</column> <column>user_login_attempts</column> @@ -18,7 +17,6 @@ <value>foobar</value> <value>$2y$10$4RmpyVu2y8Yf/lP3.yQBquKvE54TCUuEDEBJYY6FDDFN3LcbCGz9i</value> <value>0</value> - <value>0</value> <value>example@example.com</value> <value>0</value> <value>0</value> @@ -31,7 +29,6 @@ <value>foobar2</value> <value>$H$9E45lK6J8nLTSm9oJE5aNCSTFK9wqa/</value> <value>0</value> - <value>0</value> <value>example@example.com</value> <value>0</value> <value>0</value> diff --git a/tests/auth/fixtures/user_533.xml b/tests/auth/fixtures/user_533.xml index b64f376e5b..9731e4db4a 100644 --- a/tests/auth/fixtures/user_533.xml +++ b/tests/auth/fixtures/user_533.xml @@ -6,7 +6,6 @@ <column>username_clean</column> <column>user_password</column> <column>user_passchg</column> - <column>user_pass_convert</column> <column>user_email</column> <column>user_type</column> <column>user_login_attempts</column> @@ -18,7 +17,6 @@ <value>foobar</value> <value>$2a$10$e01Syh9PbJjUkio66eFuUu4FhCE2nRgG7QPc1JACalsPXcIuG2bbi</value> <value>0</value> - <value>0</value> <value>example@example.com</value> <value>0</value> <value>0</value> @@ -31,7 +29,6 @@ <value>foobar2</value> <value>$H$9E45lK6J8nLTSm9oJE5aNCSTFK9wqa/</value> <value>0</value> - <value>0</value> <value>example@example.com</value> <value>0</value> <value>0</value> diff --git a/tests/auth/provider_apache_test.php b/tests/auth/provider_apache_test.php index e17040902f..2decf0f18c 100644 --- a/tests/auth/provider_apache_test.php +++ b/tests/auth/provider_apache_test.php @@ -148,7 +148,6 @@ class phpbb_auth_provider_apache_test extends phpbb_database_test_case 'username_clean' => 'foobar', 'user_password' => $this->password_hash, 'user_passchg' => '0', - 'user_pass_convert' => '0', 'user_email' => 'example@example.com', 'user_email_hash' => '0', 'user_birthday' => '', diff --git a/tests/auth/provider_db_test.php b/tests/auth/provider_db_test.php index f071709a4b..23324f87f2 100644 --- a/tests/auth/provider_db_test.php +++ b/tests/auth/provider_db_test.php @@ -70,7 +70,6 @@ class phpbb_auth_provider_db_test extends phpbb_database_test_case 'username' => 'foobar', 'user_password' => $password_hash, 'user_passchg' => '0', - 'user_pass_convert' => '0', 'user_email' => 'example@example.com', 'user_type' => '0', 'user_login_attempts' => '0', diff --git a/tests/controller/helper_route_test.php b/tests/controller/helper_route_test.php index df0794a047..621efaa830 100644 --- a/tests/controller/helper_route_test.php +++ b/tests/controller/helper_route_test.php @@ -42,12 +42,12 @@ class phpbb_controller_helper_route_test extends phpbb_test_case ) ); - $finder = new \phpbb\extension\finder( - $this->extension_manager, + $finder = new \phpbb\finder( new \phpbb\filesystem(), dirname(__FILE__) . '/', new phpbb_mock_cache() ); + $finder->set_extensions(array_keys($this->extension_manager->all_enabled())); $this->provider = new \phpbb\controller\provider(); $this->provider->find_routing_files($finder); $this->provider->find(dirname(__FILE__) . '/'); diff --git a/tests/extension/finder_test.php b/tests/extension/finder_test.php index 8cc5146b33..2116cc057b 100644 --- a/tests/extension/finder_test.php +++ b/tests/extension/finder_test.php @@ -14,7 +14,9 @@ require_once dirname(__FILE__) . '/../../phpBB/includes/functions.php'; class phpbb_extension_finder_test extends phpbb_test_case { + /** @var \phpbb\extension\manager */ protected $extension_manager; + /** @var \phpbb\finder */ protected $finder; public function setUp() @@ -56,6 +58,47 @@ class phpbb_extension_finder_test extends phpbb_test_case ); } + public function set_extensions_data() + { + return array( + array( + array(), + array('\phpbb\default\implementation'), + ), + array( + array('vendor3/bar'), + array( + '\phpbb\default\implementation', + '\vendor3\bar\my\hidden_class', + ), + ), + array( + array('vendor2/foo', 'vendor3/bar'), + array( + '\phpbb\default\implementation', + '\vendor2\foo\a_class', + '\vendor2\foo\b_class', + '\vendor3\bar\my\hidden_class', + ), + ), + ); + } + + /** + * @dataProvider set_extensions_data + */ + public function test_set_extensions($extensions, $expected) + { + $classes = $this->finder + ->set_extensions($extensions) + ->core_path('phpbb/default/') + ->extension_suffix('_class') + ->get_classes(); + + sort($classes); + $this->assertEquals($expected, $classes); + } + public function test_get_directories() { $dirs = $this->finder @@ -201,7 +244,8 @@ class phpbb_extension_finder_test extends phpbb_test_case public function test_get_classes_create_cache() { $cache = new phpbb_mock_cache; - $finder = new \phpbb\extension\finder($this->extension_manager, new \phpbb\filesystem(), dirname(__FILE__) . '/', $cache, 'php', '_custom_cache_name'); + $finder = new \phpbb\finder(new \phpbb\filesystem(), dirname(__FILE__) . '/', $cache, 'php', '_custom_cache_name'); + $finder->set_extensions(array_keys($this->extension_manager->all_enabled())); $files = $finder->suffix('_class.php')->get_files(); $expected_files = array( @@ -239,8 +283,7 @@ class phpbb_extension_finder_test extends phpbb_test_case 'is_dir' => false, ); - $finder = new \phpbb\extension\finder( - $this->extension_manager, + $finder = new \phpbb\finder( new \phpbb\filesystem(), dirname(__FILE__) . '/', new phpbb_mock_cache(array( @@ -249,6 +292,7 @@ class phpbb_extension_finder_test extends phpbb_test_case ), )) ); + $finder->set_extensions(array_keys($this->extension_manager->all_enabled())); $classes = $finder ->core_path($query['core_path']) diff --git a/tests/mock/request.php b/tests/mock/request.php index 89d5321a25..304fcf0eaf 100644 --- a/tests/mock/request.php +++ b/tests/mock/request.php @@ -15,6 +15,8 @@ class phpbb_mock_request implements \phpbb\request\request_interface { protected $data; + protected $super_globals_disabled = false; + public function __construct($get = array(), $post = array(), $cookie = array(), $server = array(), $request = false, $files = array()) { $this->data[\phpbb\request\request_interface::GET] = $get; @@ -23,6 +25,8 @@ class phpbb_mock_request implements \phpbb\request\request_interface $this->data[\phpbb\request\request_interface::REQUEST] = ($request === false) ? $post + $get : $request; $this->data[\phpbb\request\request_interface::SERVER] = $server; $this->data[\phpbb\request\request_interface::FILES] = $files; + + $this->disable_super_globals(); } public function overwrite($var_name, $value, $super_global = \phpbb\request\request_interface::REQUEST) @@ -83,6 +87,21 @@ class phpbb_mock_request implements \phpbb\request\request_interface return $this->data[$super_global]; } + public function super_globals_disabled() + { + return $this->super_globals_disabled; + } + + public function disable_super_globals() + { + $this->super_globals_disabled = true; + } + + public function enable_super_globals() + { + $this->super_globals_disabled = false; + } + /* custom methods */ public function set_header($header_name, $value) diff --git a/tests/pagination/pagination_test.php b/tests/pagination/pagination_test.php index e233264cc6..f253118253 100644 --- a/tests/pagination/pagination_test.php +++ b/tests/pagination/pagination_test.php @@ -35,16 +35,16 @@ class phpbb_pagination_pagination_test extends phpbb_template_template_test_case ->will($this->returnCallback(array($this, 'return_callback_implode'))); $manager = new phpbb_mock_extension_manager(dirname(__FILE__) . '/', array()); - $this->finder = new \phpbb\extension\finder( - $manager, + $finder = new \phpbb\finder( new \phpbb\filesystem(), dirname(__FILE__) . '/', new phpbb_mock_cache() ); + $finder->set_extensions(array_keys($manager->all_enabled())); $this->config = new \phpbb\config\config(array('enable_mod_rewrite' => '1')); $provider = new \phpbb\controller\provider(); - $provider->find_routing_files($this->finder); + $provider->find_routing_files($finder); $provider->find(dirname(__FILE__) . '/'); $this->helper = new phpbb_mock_controller_helper($this->template, $this->user, $this->config, $provider, $manager, '', 'php', dirname(__FILE__) . '/'); $this->pagination = new \phpbb\pagination($this->template, $this->user, $this->helper); diff --git a/tests/passwords/drivers_test.php b/tests/passwords/drivers_test.php index c2104b0858..ccfb05c40f 100644 --- a/tests/passwords/drivers_test.php +++ b/tests/passwords/drivers_test.php @@ -17,14 +17,26 @@ class phpbb_passwords_helper_test extends \phpbb_test_case { // Prepare dependencies for drivers $config = new \phpbb\config\config(array()); + $request = new phpbb_mock_request(array(), array(), array(), array(), array('password' => 'fööbar')); $this->driver_helper = new \phpbb\passwords\driver\helper($config); + $phpbb_root_path = dirname(__FILE__) . '/../../phpBB/'; + $php_ext = 'php'; $this->passwords_drivers = array( 'passwords.driver.bcrypt_2y' => new \phpbb\passwords\driver\bcrypt_2y($config, $this->driver_helper), - 'passwords.driver.bcrypt' => new \phpbb\passwords\driver\bcrypt($config, $this->driver_helper), + 'passwords.driver.bcrypt' => new \phpbb\passwords\driver\bcrypt($config, $this->driver_helper), 'passwords.driver.salted_md5' => new \phpbb\passwords\driver\salted_md5($config, $this->driver_helper), - 'passwords.driver.phpass' => new \phpbb\passwords\driver\phpass($config, $this->driver_helper), + 'passwords.driver.phpass' => new \phpbb\passwords\driver\phpass($config, $this->driver_helper), + 'passwords.driver.sha1_smf' => new \phpbb\passwords\driver\sha1_smf($config, $this->driver_helper), + 'passwords.driver.sha1_wcf1' => new \phpbb\passwords\driver\sha1_wcf1($config, $this->driver_helper), + 'passwords.driver.convert_password'=> new \phpbb\passwords\driver\convert_password($config, $this->driver_helper), + 'passwords.driver.sha1' => new \phpbb\passwords\driver\sha1($config, $this->driver_helper), + 'passwords.driver.md5_mybb' => new \phpbb\passwords\driver\md5_mybb($config, $this->driver_helper), + 'passwords.driver.md5_vb' => new \phpbb\passwords\driver\md5_vb($config, $this->driver_helper), + 'passwords.driver.sha_xf1' => new \phpbb\passwords\driver\sha_xf1($config, $this->driver_helper), ); + $this->passwords_drivers['passwords.driver.md5_phpbb2'] = new \phpbb\passwords\driver\md5_phpbb2($request, $this->passwords_drivers['passwords.driver.salted_md5'], $phpbb_root_path, $php_ext); + $this->passwords_drivers['passwords.driver.bcrypt_wcf2'] = new \phpbb\passwords\driver\bcrypt_wcf2($this->passwords_drivers['passwords.driver.bcrypt'], $this->driver_helper); } public function data_helper_encode64() @@ -82,4 +94,323 @@ class phpbb_passwords_helper_test extends \phpbb_test_case ); $this->assertEquals(false, $this->passwords_drivers['passwords.driver.salted_md5']->get_hash_settings(false)); } + + public function data_hash_sha1_smf() + { + return array( + array(false, 'test', array()), + array(false, 'test', ''), + array('6f9e2a1899e1f15708fd2e554103480eb53e8b57', 'foobar', array('login_name' => 'test')), + ); + } + + /** + * @dataProvider data_hash_sha1_smf + */ + public function test_hash_sha1_smf($expected, $password, $user_row) + { + $this->assertSame($expected, $this->passwords_drivers['passwords.driver.sha1_smf']->hash($password, $user_row)); + } + + public function data_get_settings() + { + return array( + array(false, '6f9e2a1899e1f15708fd2e554103480eb53e8b57', 'passwords.driver.sha1_smf'), + ); + } + + /** + * @dataProvider data_get_settings + */ + public function test_get_settings_only($expected, $hash, $driver) + { + $this->assertSame($expected, $this->passwords_drivers[$driver]->get_settings_only($hash)); + } + + public function data_md5_phpbb2_check() + { + return array( + array(false, 'foobar', 'ae2fc75e20ee25d4520766788fbc96ae'), + array(false, 'foobar', 'ae2fc75e20ee25d4520766788fbc96aeddsf'), + array(false, 'fööbar', 'ae2fc75e20ee25d4520766788fbc96ae'), + array(true, 'fööbar', 'ae2fc75e20ee25d4520766788fbc96ae', utf8_decode('fööbar')), + array(true, 'fööbar', '$H$966CepJh9RC3hFIm7aKywR6jEn0kpA0', utf8_decode('fööbar')), + array(true, 'fööbar', '$H$9rNjgwETtmc8befO8JL1xFMrrMw8MC.', $this->utf8_to_cp1252(utf8_decode('fööbar'))), + array(true, 'fööbar', '$H$9rNjgwETtmc8befO8JL1xFMrrMw8MC.', $this->utf8_to_cp1252('fööbar')), + ); + } + + /** + * @dataProvider data_md5_phpbb2_check + */ + public function test_md5_phpbb2_check($expected, $password, $hash, $request_password = false) + { + if (!$request_password) + { + unset($_REQUEST['password']); + } + else + { + $_REQUEST['password'] = $request_password; + } + $this->assertSame($expected, $this->passwords_drivers['passwords.driver.md5_phpbb2']->check($password, $hash)); + } + + public function test_md5_phpbb2_hash() + { + $this->assertSame(false, $this->passwords_drivers['passwords.driver.md5_phpbb2']->hash('foobar')); + } + + public function test_convert_password_driver() + { + $this->assertSame(false, $this->passwords_drivers['passwords.driver.convert_password']->hash('foobar')); + } + + public function test_sha1_driver() + { + $this->assertSame(false, $this->passwords_drivers['passwords.driver.sha1']->hash('foobar')); + } + + public function data_md5_mybb_check() + { + return array( + array(false, 'foobar', '083d11daea8675b1b4b502c7e55f8dbd'), + array(false, 'foobar', '083d11daea8675b1b4b502c7e55f8dbd', array('user_passwd_salt' => 'ae2fc75e')), + array(true, 'foobar', 'b86ee7e24008bfd2890dcfab1ed31333', array('user_passwd_salt' => 'yeOtfFO6')), + ); + } + + /** + * @dataProvider data_md5_mybb_check + */ + public function test_md5_mybb_check($expected, $password, $hash, $user_row = array()) + { + $this->assertSame($expected, $this->passwords_drivers['passwords.driver.md5_mybb']->check($password, $hash, $user_row)); + } + + public function test_md5_mybb_driver() + { + $this->assertSame(false, $this->passwords_drivers['passwords.driver.md5_mybb']->hash('foobar')); + } + + public function data_md5_vb_check() + { + return array( + array(false, 'foobar', '083d11daea8675b1b4b502c7e55f8dbd'), + array(false, 'foobar', 'b86ee7e24008bfd2890dcfab1ed31333', array('user_passwd_salt' => 'yeOtfFO6')), + array(true, 'foobar', 'b452c54c44c588fc095d2d000935c470', array('user_passwd_salt' => '9^F')), + array(true, 'foobar', 'f23a8241bd115d270c703213e3ef7f52', array('user_passwd_salt' => 'iaU*U%`CBl;/e~>D%do2m@Xf/,KZB0')), + array(false, 'nope', 'f23a8241bd115d270c703213e3ef7f52', array('user_passwd_salt' => 'iaU*U%`CBl;/e~>D%do2m@Xf/,KZB0')), + ); + } + + /** + * @dataProvider data_md5_vb_check + */ + public function test_md5_vb_check($expected, $password, $hash, $user_row = array()) + { + $this->assertSame($expected, $this->passwords_drivers['passwords.driver.md5_vb']->check($password, $hash, $user_row)); + } + + public function test_md5_vb_driver() + { + $this->assertSame(false, $this->passwords_drivers['passwords.driver.md5_vb']->hash('foobar')); + } + + public function data_sha1_wcf1_check() + { + return array( + array(false, 'foobar', 'fc46b9d9386167ce365ea3b891bf5dc31ddcd3ff'), + array(false, 'foobar', 'fc46b9d9386167ce365ea3b891bf5dc31ddcd3ff', array('user_passwd_salt' => 'yeOtfFO6')), + array(true, 'foobar', 'fc46b9d9386167ce365ea3b891bf5dc31ddcd3ff', array('user_passwd_salt' => '1a783e478d63f6422783a868db667aed3a857840')), + ); + } + + /** + * @dataProvider data_sha1_wcf1_check + */ + public function test_sha1_wcf1_check($expected, $password, $hash, $user_row = array()) + { + $this->assertSame($expected, $this->passwords_drivers['passwords.driver.sha1_wcf1']->check($password, $hash, $user_row)); + } + + public function test_sha1_wcf1_driver() + { + $this->assertSame(false, $this->passwords_drivers['passwords.driver.sha1_wcf1']->hash('foobar')); + } + + public function data_bcrypt_wcf2_check() + { + return array( + array(false, 'foobar', 'fc46b9d9386167ce365ea3b891bf5dc31ddcd3ff'), + array(true, 'foobar', '$2a$08$p8h14U0jsEiVb1Luy.s8oOTXSQ0hVWUXpcNGBoCezeYNXrQyCKHfi'), + array(false, 'foobar', ''), + ); + } + + /** + * @dataProvider data_bcrypt_wcf2_check + */ + public function test_bcrypt_wcf2_check($expected, $password, $hash) + { + $this->assertSame($expected, $this->passwords_drivers['passwords.driver.bcrypt_wcf2']->check($password, $hash)); + } + + public function test_bcrypt_wcf2_driver() + { + $this->assertSame(false, $this->passwords_drivers['passwords.driver.bcrypt_wcf2']->hash('foobar')); + } + + public function data_sha_xf1_check() + { + return array( + array(false, 'foobar', 'fc46b9d9386167ce365ea3b891bf5dc31ddcd3ff'), + array(false, 'foobar', 'fc46b9d9386167ce365ea3b891bf5dc31ddcd3ff', array('user_passwd_salt' => 'yeOtfFO6')), + array(true, 'foobar', '7f65d2fa8a826d232f8134772252f8b1aaef8594b1edcabd9ab65e5b0f236ff0', array('user_passwd_salt' => '15b6c02cedbd727f563dcca607a89b085287b448966f19c0cc78cae263b1e38c')), + array(true, 'foobar', '69962ae2079420573a3948cc4dedbabd35680051', array('user_passwd_salt' => '15b6c02cedbd727f563dcca607a89b085287b448966f19c0cc78cae263b1e38c')), + ); + } + + /** + * @dataProvider data_sha_xf1_check + */ + public function test_sha_xf1_check($expected, $password, $hash, $user_row = array()) + { + $this->assertSame($expected, $this->passwords_drivers['passwords.driver.sha_xf1']->check($password, $hash, $user_row)); + } + + public function test_sha_xf1_driver() + { + $this->assertSame(false, $this->passwords_drivers['passwords.driver.sha_xf1']->hash('foobar')); + } + + protected function utf8_to_cp1252($string) + { + static $transform = array( + "\xE2\x82\xAC" => "\x80", + "\xE2\x80\x9A" => "\x82", + "\xC6\x92" => "\x83", + "\xE2\x80\x9E" => "\x84", + "\xE2\x80\xA6" => "\x85", + "\xE2\x80\xA0" => "\x86", + "\xE2\x80\xA1" => "\x87", + "\xCB\x86" => "\x88", + "\xE2\x80\xB0" => "\x89", + "\xC5\xA0" => "\x8A", + "\xE2\x80\xB9" => "\x8B", + "\xC5\x92" => "\x8C", + "\xC5\xBD" => "\x8E", + "\xE2\x80\x98" => "\x91", + "\xE2\x80\x99" => "\x92", + "\xE2\x80\x9C" => "\x93", + "\xE2\x80\x9D" => "\x94", + "\xE2\x80\xA2" => "\x95", + "\xE2\x80\x93" => "\x96", + "\xE2\x80\x94" => "\x97", + "\xCB\x9C" => "\x98", + "\xE2\x84\xA2" => "\x99", + "\xC5\xA1" => "\x9A", + "\xE2\x80\xBA" => "\x9B", + "\xC5\x93" => "\x9C", + "\xC5\xBE" => "\x9E", + "\xC5\xB8" => "\x9F", + "\xC2\xA0" => "\xA0", + "\xC2\xA1" => "\xA1", + "\xC2\xA2" => "\xA2", + "\xC2\xA3" => "\xA3", + "\xC2\xA4" => "\xA4", + "\xC2\xA5" => "\xA5", + "\xC2\xA6" => "\xA6", + "\xC2\xA7" => "\xA7", + "\xC2\xA8" => "\xA8", + "\xC2\xA9" => "\xA9", + "\xC2\xAA" => "\xAA", + "\xC2\xAB" => "\xAB", + "\xC2\xAC" => "\xAC", + "\xC2\xAD" => "\xAD", + "\xC2\xAE" => "\xAE", + "\xC2\xAF" => "\xAF", + "\xC2\xB0" => "\xB0", + "\xC2\xB1" => "\xB1", + "\xC2\xB2" => "\xB2", + "\xC2\xB3" => "\xB3", + "\xC2\xB4" => "\xB4", + "\xC2\xB5" => "\xB5", + "\xC2\xB6" => "\xB6", + "\xC2\xB7" => "\xB7", + "\xC2\xB8" => "\xB8", + "\xC2\xB9" => "\xB9", + "\xC2\xBA" => "\xBA", + "\xC2\xBB" => "\xBB", + "\xC2\xBC" => "\xBC", + "\xC2\xBD" => "\xBD", + "\xC2\xBE" => "\xBE", + "\xC2\xBF" => "\xBF", + "\xC3\x80" => "\xC0", + "\xC3\x81" => "\xC1", + "\xC3\x82" => "\xC2", + "\xC3\x83" => "\xC3", + "\xC3\x84" => "\xC4", + "\xC3\x85" => "\xC5", + "\xC3\x86" => "\xC6", + "\xC3\x87" => "\xC7", + "\xC3\x88" => "\xC8", + "\xC3\x89" => "\xC9", + "\xC3\x8A" => "\xCA", + "\xC3\x8B" => "\xCB", + "\xC3\x8C" => "\xCC", + "\xC3\x8D" => "\xCD", + "\xC3\x8E" => "\xCE", + "\xC3\x8F" => "\xCF", + "\xC3\x90" => "\xD0", + "\xC3\x91" => "\xD1", + "\xC3\x92" => "\xD2", + "\xC3\x93" => "\xD3", + "\xC3\x94" => "\xD4", + "\xC3\x95" => "\xD5", + "\xC3\x96" => "\xD6", + "\xC3\x97" => "\xD7", + "\xC3\x98" => "\xD8", + "\xC3\x99" => "\xD9", + "\xC3\x9A" => "\xDA", + "\xC3\x9B" => "\xDB", + "\xC3\x9C" => "\xDC", + "\xC3\x9D" => "\xDD", + "\xC3\x9E" => "\xDE", + "\xC3\x9F" => "\xDF", + "\xC3\xA0" => "\xE0", + "\xC3\xA1" => "\xE1", + "\xC3\xA2" => "\xE2", + "\xC3\xA3" => "\xE3", + "\xC3\xA4" => "\xE4", + "\xC3\xA5" => "\xE5", + "\xC3\xA6" => "\xE6", + "\xC3\xA7" => "\xE7", + "\xC3\xA8" => "\xE8", + "\xC3\xA9" => "\xE9", + "\xC3\xAA" => "\xEA", + "\xC3\xAB" => "\xEB", + "\xC3\xAC" => "\xEC", + "\xC3\xAD" => "\xED", + "\xC3\xAE" => "\xEE", + "\xC3\xAF" => "\xEF", + "\xC3\xB0" => "\xF0", + "\xC3\xB1" => "\xF1", + "\xC3\xB2" => "\xF2", + "\xC3\xB3" => "\xF3", + "\xC3\xB4" => "\xF4", + "\xC3\xB5" => "\xF5", + "\xC3\xB6" => "\xF6", + "\xC3\xB7" => "\xF7", + "\xC3\xB8" => "\xF8", + "\xC3\xB9" => "\xF9", + "\xC3\xBA" => "\xFA", + "\xC3\xBB" => "\xFB", + "\xC3\xBC" => "\xFC", + "\xC3\xBD" => "\xFD", + "\xC3\xBE" => "\xFE", + "\xC3\xBF" => "\xFF" + ); + return strtr($string, $transform); + } } diff --git a/tests/passwords/manager_test.php b/tests/passwords/manager_test.php index f9244d59f2..e46cf820f2 100644 --- a/tests/passwords/manager_test.php +++ b/tests/passwords/manager_test.php @@ -24,13 +24,25 @@ class phpbb_passwords_manager_test extends \phpbb_test_case // Prepare dependencies for manager and driver $config = new \phpbb\config\config(array()); $this->driver_helper = new \phpbb\passwords\driver\helper($config); + $request = new phpbb_mock_request(array(), array(), array(), array(), array('password' => 'töst')); + $phpbb_root_path = dirname(__FILE__) . '/../../phpBB/'; + $php_ext = 'php'; $this->passwords_drivers = array( - 'passwords.driver.bcrypt_2y' => new \phpbb\passwords\driver\bcrypt_2y($config, $this->driver_helper), + 'passwords.driver.bcrypt_2y' => new \phpbb\passwords\driver\bcrypt_2y($config, $this->driver_helper), 'passwords.driver.bcrypt' => new \phpbb\passwords\driver\bcrypt($config, $this->driver_helper), - 'passwords.driver.salted_md5' => new \phpbb\passwords\driver\salted_md5($config, $this->driver_helper), + 'passwords.driver.salted_md5' => new \phpbb\passwords\driver\salted_md5($config, $this->driver_helper), 'passwords.driver.phpass' => new \phpbb\passwords\driver\phpass($config, $this->driver_helper), + 'passwords.driver.convert_password' => new \phpbb\passwords\driver\convert_password($config, $this->driver_helper), + 'passwords.driver.sha1_smf' => new \phpbb\passwords\driver\sha1_smf($config, $this->driver_helper), + 'passwords.driver.sha1' => new \phpbb\passwords\driver\sha1($config, $this->driver_helper), + 'passwords.driver.sha1_wcf1' => new \phpbb\passwords\driver\sha1_wcf1($config, $this->driver_helper), + 'passwords.driver.md5_mybb' => new \phpbb\passwords\driver\md5_mybb($config, $this->driver_helper), + 'passwords.driver.md5_vb' => new \phpbb\passwords\driver\md5_vb($config, $this->driver_helper), + 'passwords.driver.sha_xf1' => new \phpbb\passwords\driver\sha_xf1($config, $this->driver_helper), ); + $this->passwords_drivers['passwords.driver.md5_phpbb2'] = new \phpbb\passwords\driver\md5_phpbb2($request, $this->passwords_drivers['passwords.driver.salted_md5'], $phpbb_root_path, $php_ext); + $this->passwords_drivers['passwords.driver.bcrypt_wcf2'] = new \phpbb\passwords\driver\bcrypt_wcf2($this->passwords_drivers['passwords.driver.bcrypt'], $this->driver_helper); $this->helper = new \phpbb\passwords\helper; // Set up passwords manager @@ -132,21 +144,39 @@ class phpbb_passwords_manager_test extends \phpbb_test_case public function check_hash_exceptions_data() { return array( - array('foobar', '3858f62230ac3c915f300c664312c63f', true), - array('foobar', '$S$b57a939fa4f2c04413a4eea9734a0903647b7adb93181295', false), - array('foobar', '$2a\S$kkkkaakdkdiej39023903204j2k3490234jk234j02349', false), - array('foobar', '$H$kklk938d023k//k3023', false), - array('foobar', '$H$3PtYMgXb39lrIWkgoxYLWtRkZtY3AY/', false), - array('foobar', '$2a$kwiweorurlaeirw', false), + array('3858f62230ac3c915f300c664312c63f', true), + array('$CP$3858f62230ac3c915f300c664312c63f', true), // md5_phpbb2 + array('$CP$3858f62230ac3c915f300c', false), + array('$S$b57a939fa4f2c04413a4eea9734a0903647b7adb93181295', false), + array('$2a\S$kkkkaakdkdiej39023903204j2k3490234jk234j02349', false), + array('$H$kklk938d023k//k3023', false), + array('$H$3PtYMgXb39lrIWkgoxYLWtRkZtY3AY/', false), + array('$2a$kwiweorurlaeirw', false), + array('6f9e2a1899e1f15708fd2e554103480eb53e8b57', false), + array('6f9e2a1899e1f15708fd2e554103480eb53e8b57', false, 'foobar', array('login_name' => 'test')), + array('$CP$6f9e2a1899e1f15708fd2e554103480eb53e8b57', true, 'foobar', array('login_name' => 'test')), // sha1_smf + array('6f9e2a1899', false, 'foobar', array('login_name' => 'test')), + array('ae2fc75e20ee25d4520766788fbc96ae', false, 'fööbar'), + array('$CP$ae2fc75e20ee25d4520766788fbc96ae', false, 'fööbar'), + array('$CP$ae2fc75e20ee25d4520766788fbc96ae', true, utf8_decode('fööbar')), // md5_phpbb2 + array('b86ee7e24008bfd2890dcfab1ed31333', false, 'foobar', array('user_passwd_salt' => 'yeOtfFO6')), + array('$CP$b86ee7e24008bfd2890dcfab1ed31333', true, 'foobar', array('user_passwd_salt' => 'yeOtfFO6')), // md5_mybb + array('$CP$b452c54c44c588fc095d2d000935c470', true, 'foobar', array('user_passwd_salt' => '9^F')), // md5_vb + array('$CP$f23a8241bd115d270c703213e3ef7f52', true, 'foobar', array('user_passwd_salt' => 'iaU*U%`CBl;/e~>D%do2m@Xf/,KZB0')), // md5_vb + array('$CP$fc46b9d9386167ce365ea3b891bf5dc31ddcd3ff', true, 'foobar', array('user_passwd_salt' => '1a783e478d63f6422783a868db667aed3a857840')), // sha_wcf1 + array('$2a$08$p8h14U0jsEiVb1Luy.s8oOTXSQ0hVWUXpcNGBoCezeYNXrQyCKHfi', false), + array('$CP$$2a$08$p8h14U0jsEiVb1Luy.s8oOTXSQ0hVWUXpcNGBoCezeYNXrQyCKHfi', true), // bcrypt_wcf2 + array('$CP$7f65d2fa8a826d232f8134772252f8b1aaef8594b1edcabd9ab65e5b0f236ff0', true, 'foobar', array('user_passwd_salt' => '15b6c02cedbd727f563dcca607a89b085287b448966f19c0cc78cae263b1e38c')), // sha_xf1 + array('$CP$69962ae2079420573a3948cc4dedbabd35680051', true, 'foobar', array('user_passwd_salt' => '15b6c02cedbd727f563dcca607a89b085287b448966f19c0cc78cae263b1e38c')), // sha_xf1 ); } /** * @dataProvider check_hash_exceptions_data */ - public function test_check_hash_exceptions($password, $hash, $expected) + public function test_check_hash_exceptions($hash, $expected, $password = 'foobar', $user_row = array()) { - $this->assertEquals($expected, $this->manager->check($password, $hash)); + $this->assertEquals($expected, $this->manager->check($password, $hash, $user_row)); } public function data_hash_password_length() diff --git a/tests/session/testable_factory.php b/tests/session/testable_factory.php index 81724cf661..3e25286480 100644 --- a/tests/session/testable_factory.php +++ b/tests/session/testable_factory.php @@ -96,6 +96,12 @@ class phpbb_session_testable_factory 'auth.provider.db', new phpbb_mock_auth_provider() ); + $provider_collection = new \phpbb\auth\provider_collection($phpbb_container, $config); + $provider_collection->add('auth.provider.db'); + $phpbb_container->set( + 'auth.provider_collection', + $provider_collection + ); $session = new phpbb_mock_session_testable; return $session; diff --git a/tests/test_framework/phpbb_database_test_case.php b/tests/test_framework/phpbb_database_test_case.php index 60ac68e7b8..1f3a564205 100644 --- a/tests/test_framework/phpbb_database_test_case.php +++ b/tests/test_framework/phpbb_database_test_case.php @@ -21,6 +21,12 @@ abstract class phpbb_database_test_case extends PHPUnit_Extensions_Database_Test protected $fixture_xml_data; + static protected $schema_file; + + static protected $phpbb_schema_copy; + + static protected $install_schema_file; + public function __construct($name = NULL, array $data = array(), $dataName = '') { parent::__construct($name, $data, $dataName); @@ -38,6 +44,62 @@ abstract class phpbb_database_test_case extends PHPUnit_Extensions_Database_Test $this->db_connections = array(); } + /** + * @return array List of extensions that should be set up + */ + static protected function setup_extensions() + { + return array(); + } + + static public function setUpBeforeClass() + { + $setup_extensions = static::setup_extensions(); + self::$schema_file = ''; + if (!empty($setup_extensions)) + { + $schema_md5 = md5(serialize($setup_extensions)); + + self::$schema_file = __DIR__ . '/../tmp/' . $schema_md5 . '.json'; + self::$phpbb_schema_copy = __DIR__ . '/../tmp/schema_phpbb_copy.json'; + self::$install_schema_file = __DIR__ . '/../../phpBB/install/schemas/schema.json'; + + if (!file_exists(self::$schema_file)) + { + global $phpbb_root_path, $phpEx, $table_prefix; + + $finder = new \phpbb\finder(new \phpbb\filesystem(), $phpbb_root_path, null, $phpEx); + $classes = $finder->core_path('phpbb/') + ->core_directory('/db/migration/data') + ->set_extensions($setup_extensions) + ->extension_directory('migrations') + ->get_classes(); + + $db = new \phpbb\db\driver\sqlite(); + $schema_generator = new \phpbb\db\migration\schema_generator($classes, new \phpbb\config\config(array()), $db, new \phpbb\db\tools($db, true), $phpbb_root_path, $phpEx, $table_prefix); + $schema_data = $schema_generator->get_schema(); + + file_put_contents(self::$schema_file, json_encode($schema_data)); + } + + copy(self::$install_schema_file, self::$phpbb_schema_copy); + copy(self::$schema_file, self::$install_schema_file); + } + + parent::setUpBeforeClass(); + } + + static public function tearDownAfterClass() + { + if (self::$schema_file !== '') + { + copy(self::$phpbb_schema_copy, self::$install_schema_file); + unlink(self::$schema_file); + } + + parent::tearDownAfterClass(); + } + protected function tearDown() { parent::tearDown(); @@ -151,8 +213,6 @@ abstract class phpbb_database_test_case extends PHPUnit_Extensions_Database_Test public function new_dbal() { - global $phpbb_root_path, $phpEx; - $config = $this->get_database_config(); $db = new $config['dbms'](); diff --git a/tests/test_framework/phpbb_functional_test_case.php b/tests/test_framework/phpbb_functional_test_case.php index 182ffaaaf7..e4504a5f8d 100644 --- a/tests/test_framework/phpbb_functional_test_case.php +++ b/tests/test_framework/phpbb_functional_test_case.php @@ -64,6 +64,14 @@ class phpbb_functional_test_case extends phpbb_test_case } } + /** + * @return array List of extensions that should be set up + */ + static protected function setup_extensions() + { + return array(); + } + public function setUp() { parent::setUp(); @@ -81,6 +89,34 @@ class phpbb_functional_test_case extends phpbb_test_case $this->lang = array(); $this->add_lang('common'); $this->purge_cache(); + + $db = $this->get_db(); + + foreach (static::setup_extensions() as $extension) + { + $sql = 'SELECT ext_active + FROM ' . EXT_TABLE . " + WHERE ext_name = '" . $db->sql_escape($extension). "'"; + $result = $db->sql_query($sql); + $status = (bool) $db->sql_fetchfield('ext_active'); + $db->sql_freeresult($result); + + if (!$status) + { + $this->install_ext($extension); + } + } + } + + protected function tearDown() + { + parent::tearDown(); + + if ($this->db instanceof \phpbb\db\driver\driver_interface) + { + // Close the database connections again this test + $this->db->sql_close(); + } } /** @@ -358,6 +394,24 @@ class phpbb_functional_test_case extends phpbb_test_case copy($config_file, $config_file_test); } + public function install_ext($extension) + { + $this->login(); + $this->admin_login(); + + $ext_path = str_replace('/', '%2F', $extension); + + $crawler = self::request('GET', 'adm/index.php?i=acp_extensions&mode=main&action=enable_pre&ext_name=' . $ext_path . '&sid=' . $this->sid); + $this->assertGreaterThan(0, $crawler->filter('.submit-buttons')->count()); + + $form = $crawler->selectButton('Enable')->form(); + $crawler = self::submit($form); + $this->add_lang('acp/extensions'); + $this->assertContainsLang('EXTENSION_ENABLE_SUCCESS', $crawler->filter('div.successbox')->text()); + + $this->logout(); + } + static private function recreate_database($config) { $db_conn_mgr = new phpbb_database_test_connection_manager($config); @@ -714,6 +768,30 @@ class phpbb_functional_test_case extends phpbb_test_case $this->lang = array_merge($this->lang, $lang); } + protected function add_lang_ext($ext_name, $lang_file) + { + if (is_array($lang_file)) + { + foreach ($lang_file as $file) + { + $this->add_lang_ext($ext_name, $file); + } + + return; + } + + $lang_path = __DIR__ . "/../../phpBB/ext/{$ext_name}/language/en/$lang_file.php"; + + $lang = array(); + + if (file_exists($lang_path)) + { + include($lang_path); + } + + $this->lang = array_merge($this->lang, $lang); + } + protected function lang() { $args = func_get_args(); diff --git a/travis/prepare-extension.sh b/travis/prepare-extension.sh new file mode 100755 index 0000000000..4518f935f8 --- /dev/null +++ b/travis/prepare-extension.sh @@ -0,0 +1,22 @@ +#!/bin/bash +# +# This file is part of the phpBB Forum Software package. +# +# @copyright (c) phpBB Limited <https://www.phpbb.com> +# @license GNU General Public License, version 2 (GPL-2.0) +# +# For full copyright and license information, please see +# the docs/CREDITS.txt file. +# +set -e +set -x + +EXTNAME=$1 +BRANCH=$2 + +# Move the extension in place +mkdir --parents phpBB/ext/$EXTNAME +cp -R ../tmp/* phpBB/ext/$EXTNAME + +# Move the extensions travis/phpunit-*-travis.xml files in place +cp -R travis/* phpBB/ext/$EXTNAME/travis |