diff options
| -rw-r--r-- | phpBB/config/auth_providers.yml | 3 | ||||
| -rw-r--r-- | phpBB/phpbb/auth/provider/apache.php | 13 | ||||
| -rw-r--r-- | phpBB/phpbb/auth/provider/db.php | 30 | ||||
| -rw-r--r-- | phpBB/phpbb/auth/provider/ldap.php | 19 | ||||
| -rw-r--r-- | tests/auth/provider_apache_test.php | 18 | ||||
| -rw-r--r-- | tests/auth/provider_db_test.php | 19 |
6 files changed, 82 insertions, 20 deletions
diff --git a/phpBB/config/auth_providers.yml b/phpBB/config/auth_providers.yml index e1c289334e..43648b4ad3 100644 --- a/phpBB/config/auth_providers.yml +++ b/phpBB/config/auth_providers.yml @@ -10,6 +10,7 @@ services: arguments: - @dbal.conn - @config + - @passwords.manager - @request - @user - %core.root_path% @@ -21,6 +22,7 @@ services: arguments: - @dbal.conn - @config + - @passwords.manager - @request - @user - %core.root_path% @@ -32,6 +34,7 @@ services: arguments: - @dbal.conn - @config + - @passwords.manager - @user tags: - { name: auth.provider } diff --git a/phpBB/phpbb/auth/provider/apache.php b/phpBB/phpbb/auth/provider/apache.php index 5cbb63c4fc..f111672a23 100644 --- a/phpBB/phpbb/auth/provider/apache.php +++ b/phpBB/phpbb/auth/provider/apache.php @@ -25,19 +25,28 @@ if (!defined('IN_PHPBB')) class apache extends \phpbb\auth\provider\base { /** + * phpBB passwords manager + * + * @var \phpbb\passwords\manager + */ + protected $passwords_manager; + + /** * Apache Authentication Constructor * * @param \phpbb\db\driver\driver $db * @param \phpbb\config\config $config + * @param \phpbb\passwords\manager $passwords_manager * @param \phpbb\request\request $request * @param \phpbb\user $user * @param string $phpbb_root_path * @param string $php_ext */ - public function __construct(\phpbb\db\driver\driver $db, \phpbb\config\config $config, \phpbb\request\request $request, \phpbb\user $user, $phpbb_root_path, $php_ext) + public function __construct(\phpbb\db\driver\driver $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\request\request $request, \phpbb\user $user, $phpbb_root_path, $php_ext) { $this->db = $db; $this->config = $config; + $this->passwords_manager = $passwords_manager; $this->request = $request; $this->user = $user; $this->phpbb_root_path = $phpbb_root_path; @@ -228,7 +237,7 @@ class apache extends \phpbb\auth\provider\base // generate user account data return array( 'username' => $username, - 'user_password' => phpbb_hash($password), + 'user_password' => $this->passwords_manager->hash($password), 'user_email' => '', 'group_id' => (int) $row['group_id'], 'user_type' => USER_NORMAL, diff --git a/phpBB/phpbb/auth/provider/db.php b/phpBB/phpbb/auth/provider/db.php index 4654e49fb5..de07a84cf5 100644 --- a/phpBB/phpbb/auth/provider/db.php +++ b/phpBB/phpbb/auth/provider/db.php @@ -26,21 +26,29 @@ if (!defined('IN_PHPBB')) */ class db extends \phpbb\auth\provider\base { + /** + * phpBB passwords manager + * + * @var \phpbb\passwords\manager + */ + protected $passwords_manager; /** * Database Authentication Constructor * - * @param \phpbb\db\driver\driver $db - * @param \phpbb\config\config $config - * @param \phpbb\request\request $request - * @param \phpbb\user $user - * @param string $phpbb_root_path - * @param string $php_ext + * @param \phpbb\db\driver\driver $db + * @param \phpbb\config\config $config + * @param \phpbb\passwords\manager $passwords_manager + * @param \phpbb\request\request $request + * @param \phpbb\user $user + * @param string $phpbb_root_path + * @param string $php_ext */ - public function __construct(\phpbb\db\driver\driver $db, \phpbb\config\config $config, \phpbb\request\request $request, \phpbb\user $user, $phpbb_root_path, $php_ext) + public function __construct(\phpbb\db\driver\driver $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\request\request $request, \phpbb\user $user, $phpbb_root_path, $php_ext) { $this->db = $db; $this->config = $config; + $this->passwords_manager = $passwords_manager; $this->request = $request; $this->user = $user; $this->phpbb_root_path = $phpbb_root_path; @@ -199,10 +207,10 @@ class db extends \phpbb\auth\provider\base // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding // plain md5 support left in for conversions from other systems. - if ((strlen($row['user_password']) == 34 && (phpbb_check_hash(md5($password_old_format), $row['user_password']) || phpbb_check_hash(md5(utf8_to_cp1252($password_old_format)), $row['user_password']))) + if ((strlen($row['user_password']) == 34 && ($this->passwords_manager->check(md5($password_old_format), $row['user_password']) || $this->passwords_manager->check(md5(utf8_to_cp1252($password_old_format)), $row['user_password']))) || (strlen($row['user_password']) == 32 && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password']))) { - $hash = phpbb_hash($password_new_format); + $hash = $this->passwords_manager->hash($password_new_format); // Update the password in the users table to the new format and remove user_pass_convert flag $sql = 'UPDATE ' . USERS_TABLE . ' @@ -234,12 +242,12 @@ class db extends \phpbb\auth\provider\base } // Check password ... - if (!$row['user_pass_convert'] && phpbb_check_hash($password, $row['user_password'])) + if (!$row['user_pass_convert'] && $this->passwords_manager->check($password, $row['user_password'])) { // Check for old password hash... if (strlen($row['user_password']) == 32) { - $hash = phpbb_hash($password); + $hash = $this->passwords_manager->hash($password); // Update the password in the users table to the new format $sql = 'UPDATE ' . USERS_TABLE . " diff --git a/phpBB/phpbb/auth/provider/ldap.php b/phpBB/phpbb/auth/provider/ldap.php index 9d29789567..1e4dffde5b 100644 --- a/phpBB/phpbb/auth/provider/ldap.php +++ b/phpBB/phpbb/auth/provider/ldap.php @@ -27,16 +27,25 @@ if (!defined('IN_PHPBB')) class ldap extends \phpbb\auth\provider\base { /** + * phpBB passwords manager + * + * @var \phpbb\passwords\manager + */ + protected $passwords_manager; + + /** * LDAP Authentication Constructor * - * @param \phpbb\db\driver\driver $db - * @param \phpbb\config\config $config - * @param \phpbb\user $user + * @param \phpbb\db\driver\driver $db + * @param \phpbb\config\config $config + * @param \phpbb\passwords\manager $passwords_manager + * @param \phpbb\user $user */ - public function __construct(\phpbb\db\driver\driver $db, \phpbb\config\config $config, \phpbb\user $user) + public function __construct(\phpbb\db\driver\driver $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\user $user) { $this->db = $db; $this->config = $config; + $this->passwords_manager = $passwords_manager; $this->user = $user; } @@ -244,7 +253,7 @@ class ldap extends \phpbb\auth\provider\base // generate user account data $ldap_user_row = array( 'username' => $username, - 'user_password' => phpbb_hash($password), + 'user_password' => $this->passwords_manager->hash($password), 'user_email' => (!empty($this->config['ldap_email'])) ? utf8_htmlspecialchars($ldap_result[0][htmlspecialchars_decode($this->config['ldap_email'])][0]) : '', 'group_id' => (int) $row['group_id'], 'user_type' => USER_NORMAL, diff --git a/tests/auth/provider_apache_test.php b/tests/auth/provider_apache_test.php index e135a1f002..5388ae0b0d 100644 --- a/tests/auth/provider_apache_test.php +++ b/tests/auth/provider_apache_test.php @@ -25,8 +25,24 @@ class phpbb_auth_provider_apache_test extends phpbb_database_test_case $config = new \phpbb\config\config(array()); $this->request = $this->getMock('\phpbb\request\request'); $this->user = $this->getMock('\phpbb\user'); + $driver_helper = new phpbb\passwords\driver\helper($config); + $passwords_drivers = array( + 'passwords.driver.bcrypt' => new phpbb\passwords\driver\bcrypt($config, $driver_helper), + 'passwords.driver.bcrypt_2y' => new phpbb\passwords\driver\bcrypt_2y($config, $driver_helper), + 'passwords.driver.salted_md5' => new phpbb\passwords\driver\salted_md5($config, $driver_helper), + 'passwords.driver.phpass' => new phpbb\passwords\driver\phpass($config, $driver_helper), + ); + + foreach ($passwords_drivers as $key => $driver) + { + $driver->set_name($key); + } + + $passwords_helper = new phpbb\passwords\helper; + // Set up passwords manager + $passwords_manager = new phpbb\passwords\manager($config, $passwords_drivers, $passwords_helper, 'passwords.driver.bcrypt_2y'); - $this->provider = new \phpbb\auth\provider\apache($db, $config, $this->request, $this->user, $phpbb_root_path, $phpEx); + $this->provider = new \phpbb\auth\provider\apache($db, $config, $passwords_manager, $this->request, $this->user, $phpbb_root_path, $phpEx); } public function getDataSet() diff --git a/tests/auth/provider_db_test.php b/tests/auth/provider_db_test.php index 140a28cd3d..74615a01ed 100644 --- a/tests/auth/provider_db_test.php +++ b/tests/auth/provider_db_test.php @@ -28,7 +28,24 @@ class phpbb_auth_provider_db_test extends phpbb_database_test_case )); $request = $this->getMock('\phpbb\request\request'); $user = $this->getMock('\phpbb\user'); - $provider = new \phpbb\auth\provider\db($db, $config, $request, $user, $phpbb_root_path, $phpEx); + $driver_helper = new phpbb\passwords\driver\helper($config); + $passwords_drivers = array( + 'passwords.driver.bcrypt' => new phpbb\passwords\driver\bcrypt($config, $driver_helper), + 'passwords.driver.bcrypt_2y' => new phpbb\passwords\driver\bcrypt_2y($config, $driver_helper), + 'passwords.driver.salted_md5' => new phpbb\passwords\driver\salted_md5($config, $driver_helper), + 'passwords.driver.phpass' => new phpbb\passwords\driver\phpass($config, $driver_helper), + ); + + foreach ($passwords_drivers as $key => $driver) + { + $driver->set_name($key); + } + + $passwords_helper = new phpbb\passwords\helper; + // Set up passwords manager + $passwords_manager = new phpbb\passwords\manager($config, $passwords_drivers, $passwords_helper, 'passwords.driver.bcrypt_2y'); + + $provider = new \phpbb\auth\provider\db($db, $config, $passwords_manager, $request, $user, $phpbb_root_path, $phpEx); $expected = array( 'status' => LOGIN_SUCCESS, |