diff options
| author | Marcin Łojewski <marcin.lojewski@mlojewski.me> | 2018-12-16 19:59:03 +0300 |
|---|---|---|
| committer | Marcin Łojewski <marcin.lojewski@mlojewski.me> | 2018-12-16 19:59:03 +0300 |
| commit | 49f581504846d70a3cfedb973a23f7935519cfed (patch) | |
| tree | afad9b41fffecfbd9ec08da52bed8f96d5481bb5 | |
| parent | ac86cf84eb67621e4a6dde805766318c7f33d9fb (diff) | |
| parent | 3608e6fc0cf5de151e0934a0aa583a3a49f9a20d (diff) | |
Merge branch 'release/v4.2.0'v4.2.0
32 files changed, 437 insertions, 44 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 80f5f60..7f07ac7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,16 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). +## [4.2.0] - 2018-12-16 +### Added +- Support for Nextcloud 15 +- Redmine, SHA-256, SHA-512 hash algorithms +### Fixed +- Loading user list when display name is null +- Hide "password change form" when "Allow password change" not set +### Changed +- Append salt only when checked. Not by default + ## [4.1.0] - 2018-10-28 ### Added - Whirlpool hash algorithm @@ -98,6 +108,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ### Changed - Supported version of ownCloud, Nextcloud: ownCloud 10, Nextcloud 12 +[4.2.0]: https://github.com/nextcloud/user_sql/compare/v4.1.0...v4.2.0 [4.1.0]: https://github.com/nextcloud/user_sql/compare/v4.0.1...v4.1.0 [4.0.1]: https://github.com/nextcloud/user_sql/compare/v4.0.0...v4.0.1 [4.0.0]: https://github.com/nextcloud/user_sql/compare/v4.0.0-rc2...v4.0.0 @@ -73,7 +73,8 @@ Name | Description | Details **Active** | Flag indicating if user can log in. | Optional.<br/>Default: true. **Provide avatar** | Flag indicating if user can change its avatar. | Optional.<br/>Default: false. **Salt** | Salt which is appended to password when checking or changing the password. | Optional. -**Prepend salt** | Prepend a salt to the password instead of appending it. | Optional.<br/>Default: false. +**Append salt** | Append a salt to the password. | Optional.<br/>Default: false. +**Prepend salt** | Prepend a salt to the password. | Optional.<br/>Default: false. #### Group table @@ -119,7 +120,8 @@ CREATE TABLE sql_user home TEXT NULL, password TEXT NOT NULL, active TINYINT(1) NOT NULL DEFAULT '1', - provide_avatar BOOLEAN NOT NULL DEFAULT FALSE + provide_avatar BOOLEAN NOT NULL DEFAULT FALSE, + salt TEXT NULL ); CREATE TABLE sql_group @@ -195,8 +197,11 @@ Drupal 7 | See [phpass](http://www.openwall.com/phpass/). | $S$DC7eCpJQ3SUQtW4Bp Joomla MD5 Encryption | Generates 32 chars salt. | 14d21b49b0f13e2acba962b6b0039edd:haJK0yTvBXTNMh76xwEw5RYEVpJsN8us MD5 | No salt supported. | 5f4dcc3b5aa765d61d8327deb882cf99 Portable PHP password | See [phpass](http://www.openwall.com/phpass/). | $P$BxrwraqNTi4as0EI.IpiA/K.muk9ke/ -SHA1 | No salt supported. | 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 -SHA512 Whirlpool | No salt supported. | a96b16ebb691dbe968b0d66d0d924cff5cf5de5e0885181d00761d87f295b2bf3d3c66187c050fc01c196ff3acaa48d3561ffd170413346e934a32280d632f2e +Redmine | Requires salt. Salt value for hash in the next column is 'salt'. | 48b75edeffd8e413341d7734f0f3391e7a5da994 +SHA-1 | No salt supported. | 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 +SHA-256 | No salt supported. | 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8 +SHA-512 | No salt supported. | b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86 +SHA-512 Whirlpool | No salt supported. | a96b16ebb691dbe968b0d66d0d924cff5cf5de5e0885181d00761d87f295b2bf3d3c66187c050fc01c196ff3acaa48d3561ffd170413346e934a32280d632f2e SSHA256 | Generates 32 chars salt. | {SSHA256}+WxTB3JxprNteeovsuSYtgI+UkVPA9lfwGoYkz3Ff7hjd1FSdmlTMkNsSExyR21KM3NvNTZ5V0p4WXJMUjFzUg== SSHA512 | Generates 32 chars salt. | {SSHA512}It+v1kAEUBbhMJYJ2swAtz+RLE6ispv/FB6G/ALhK/YWwEmrloY+0jzrWIfmu+rWUXp8u0Tg4jLXypC5oXAW00IyYnRVdEZJbE9wak96bkNRVWFCYmlJNWxrdTA0QmhL WoltLab Community Framework 2.x | Double salted bcrypt. | $2a$08$XEQDKNU/Vbootwxv5Gp7gujxFX/RUFsZLvQPYM435Dd3/p17fto02 @@ -204,6 +209,10 @@ Whirlpool | | 74dfc2b27acfa364da55f93a5caee29ccad3557247eda238831b3e9bd931b01d77 ## Development +#### Testing environment + +There is a [vagrant](https://github.com/mlojewski-me/user_sql-vagrant) box which you can use at development stage. + #### New database driver support Add a new class in the `OCA\UserSQL\Platform` namespace which extends the `AbstractPlatform` class. diff --git a/appinfo/info.xml b/appinfo/info.xml index 77b7291..83ded89 100644 --- a/appinfo/info.xml +++ b/appinfo/info.xml @@ -8,7 +8,7 @@ Retrieve the users and groups info. Allow the users to change their passwords. Sync the users' email addresses with the addresses stored by Nextcloud. </description> - <version>4.1.0</version> + <version>4.2.0</version> <licence>agpl</licence> <author>Marcin Łojewski</author> <author>Andreas Böhler</author> @@ -22,7 +22,7 @@ <category>auth</category> <dependencies> <php min-version="7.0"/> - <nextcloud min-version="14" max-version="14"/> + <nextcloud min-version="14" max-version="15"/> </dependencies> <settings> <admin>\OCA\UserSQL\Settings\Admin</admin> diff --git a/lib/Backend/UserBackend.php b/lib/Backend/UserBackend.php index e26f708..27927e4 100644 --- a/lib/Backend/UserBackend.php +++ b/lib/Backend/UserBackend.php @@ -21,6 +21,7 @@ namespace OCA\UserSQL\Backend; +use OC\User\Backend; use OCA\UserSQL\Action\EmailSync; use OCA\UserSQL\Action\IUserAction; use OCA\UserSQL\Action\QuotaSync; @@ -263,6 +264,10 @@ final class UserBackend extends ABackend implements return false; } + if (is_null($user->name)) { + return false; + } + $name = $user->name; $this->logger->debug( "Returning getDisplayName($uid): $name", @@ -302,7 +307,7 @@ final class UserBackend extends ABackend implements $password = $this->addSalt($user, $password); $isCorrect = $passwordAlgorithm->checkPassword( - $password, $user->password + $password, $user->password, $user->salt ); if ($user->active == false) { @@ -361,9 +366,9 @@ final class UserBackend extends ABackend implements private function addSalt(User $user, string $password): string { if ($user->salt !== null) { - if (empty($this->properties[Opt::PREPEND_SALT])) { + if (!empty($this->properties[Opt::APPEND_SALT])) { return $password . $user->salt; - } else { + } elseif (!empty($this->properties[Opt::PREPEND_SALT])) { return $user->salt . $password; } } @@ -389,7 +394,9 @@ final class UserBackend extends ABackend implements $names = []; foreach ($users as $user) { - $names[$user] = $user->name; + if (!is_null($user->name)) { + $names[$user] = $user->name; + } } $this->logger->debug( @@ -636,4 +643,16 @@ final class UserBackend extends ABackend implements { return false; } + + /** + * @inheritdoc + */ + public function implementsActions($actions): bool + { + if ($actions & Backend::SET_PASSWORD) { + return !empty($this->properties[Opt::PASSWORD_CHANGE]); + } + + return parent::implementsActions($actions); + } } diff --git a/lib/Constant/Opt.php b/lib/Constant/Opt.php index 75b0da6..5093210 100644 --- a/lib/Constant/Opt.php +++ b/lib/Constant/Opt.php @@ -28,6 +28,7 @@ namespace OCA\UserSQL\Constant; */ final class Opt { + const APPEND_SALT = "opt.append_salt"; const CASE_INSENSITIVE_USERNAME = "opt.case_insensitive_username"; const CRYPTO_CLASS = "opt.crypto_class"; const EMAIL_SYNC = "opt.email_sync"; diff --git a/lib/Crypto/AbstractAlgorithm.php b/lib/Crypto/AbstractAlgorithm.php index 9556d78..99f344e 100644 --- a/lib/Crypto/AbstractAlgorithm.php +++ b/lib/Crypto/AbstractAlgorithm.php @@ -65,13 +65,13 @@ abstract class AbstractAlgorithm implements IPasswordAlgorithm /** * @inheritdoc */ - public function checkPassword($password, $dbHash) + public function checkPassword($password, $dbHash, $salt = null) { - return hash_equals($dbHash, $this->getPasswordHash($password)); + return hash_equals($dbHash, $this->getPasswordHash($password, $salt)); } /** * @inheritdoc */ - public abstract function getPasswordHash($password); + public abstract function getPasswordHash($password, $salt = null); } diff --git a/lib/Crypto/AbstractCrypt.php b/lib/Crypto/AbstractCrypt.php index e27e957..4bf3f43 100644 --- a/lib/Crypto/AbstractCrypt.php +++ b/lib/Crypto/AbstractCrypt.php @@ -38,7 +38,7 @@ abstract class AbstractCrypt extends AbstractAlgorithm /** * @inheritdoc */ - public function checkPassword($password, $dbHash) + public function checkPassword($password, $dbHash, $salt = null) { return hash_equals($dbHash, crypt($password, $dbHash)); } @@ -46,7 +46,7 @@ abstract class AbstractCrypt extends AbstractAlgorithm /** * @inheritdoc */ - public function getPasswordHash($password) + public function getPasswordHash($password, $salt = null) { return crypt($password, $this->getSalt()); } diff --git a/lib/Crypto/Cleartext.php b/lib/Crypto/Cleartext.php index e33d919..b1dd98c 100644 --- a/lib/Crypto/Cleartext.php +++ b/lib/Crypto/Cleartext.php @@ -43,7 +43,7 @@ class Cleartext extends AbstractAlgorithm /** * @inheritdoc */ - public function getPasswordHash($password) + public function getPasswordHash($password, $salt = null) { return $password; } diff --git a/lib/Crypto/CourierMD5.php b/lib/Crypto/CourierMD5.php index c2463e3..95d8799 100644 --- a/lib/Crypto/CourierMD5.php +++ b/lib/Crypto/CourierMD5.php @@ -43,7 +43,7 @@ class CourierMD5 extends AbstractAlgorithm /** * @inheritdoc */ - public function getPasswordHash($password) + public function getPasswordHash($password, $salt = null) { return '{MD5}' . Utils::hexToBase64(md5($password)); } diff --git a/lib/Crypto/CourierMD5Raw.php b/lib/Crypto/CourierMD5Raw.php index 094eab3..491be5c 100644 --- a/lib/Crypto/CourierMD5Raw.php +++ b/lib/Crypto/CourierMD5Raw.php @@ -43,7 +43,7 @@ class CourierMD5Raw extends AbstractAlgorithm /** * @inheritdoc */ - public function getPasswordHash($password) + public function getPasswordHash($password, $salt = null) { return '{MD5RAW}' . md5($password); } diff --git a/lib/Crypto/CourierSHA1.php b/lib/Crypto/CourierSHA1.php index 6a96a44..f66b7c6 100644 --- a/lib/Crypto/CourierSHA1.php +++ b/lib/Crypto/CourierSHA1.php @@ -43,7 +43,7 @@ class CourierSHA1 extends AbstractAlgorithm /** * @inheritdoc */ - public function getPasswordHash($password) + public function getPasswordHash($password, $salt = null) { return '{SHA}' . Utils::hexToBase64(sha1($password)); } diff --git a/lib/Crypto/CourierSHA256.php b/lib/Crypto/CourierSHA256.php index 081cd9d..bbf8c72 100644 --- a/lib/Crypto/CourierSHA256.php +++ b/lib/Crypto/CourierSHA256.php @@ -43,7 +43,7 @@ class CourierSHA256 extends AbstractAlgorithm /** * @inheritdoc */ - public function getPasswordHash($password) + public function getPasswordHash($password, $salt = null) { return '{SHA256}' . Utils::hexToBase64(hash('sha256', $password)); } diff --git a/lib/Crypto/Crypt.php b/lib/Crypto/Crypt.php index c28763a..3c8227d 100644 --- a/lib/Crypto/Crypt.php +++ b/lib/Crypto/Crypt.php @@ -44,7 +44,7 @@ class Crypt extends AbstractCrypt /** * @inheritdoc */ - public function getPasswordHash($password) + public function getPasswordHash($password, $salt = null) { return password_hash($password, PASSWORD_DEFAULT); } diff --git a/lib/Crypto/CryptArgon2.php b/lib/Crypto/CryptArgon2.php index ed4aafb..6e086cc 100644 --- a/lib/Crypto/CryptArgon2.php +++ b/lib/Crypto/CryptArgon2.php @@ -81,7 +81,7 @@ class CryptArgon2 extends AbstractAlgorithm /** * @inheritdoc */ - public function checkPassword($password, $dbHash) + public function checkPassword($password, $dbHash, $salt = null) { return password_verify($password, $dbHash); } @@ -89,7 +89,7 @@ class CryptArgon2 extends AbstractAlgorithm /** * @inheritdoc */ - public function getPasswordHash($password) + public function getPasswordHash($password, $salt = null) { return password_hash( $password, PASSWORD_ARGON2I, [ diff --git a/lib/Crypto/CryptBlowfish.php b/lib/Crypto/CryptBlowfish.php index 6e1b8a5..73a27b1 100644 --- a/lib/Crypto/CryptBlowfish.php +++ b/lib/Crypto/CryptBlowfish.php @@ -52,7 +52,7 @@ class CryptBlowfish extends AbstractAlgorithm /** * @inheritdoc */ - public function checkPassword($password, $dbHash) + public function checkPassword($password, $dbHash, $salt = null) { return password_verify($password, $dbHash); } @@ -60,7 +60,7 @@ class CryptBlowfish extends AbstractAlgorithm /** * @inheritdoc */ - public function getPasswordHash($password) + public function getPasswordHash($password, $salt = null) { return password_hash( $password, PASSWORD_BCRYPT, ["cost" => $this->cost] diff --git a/lib/Crypto/IPasswordAlgorithm.php b/lib/Crypto/IPasswordAlgorithm.php index 47ba961..4c5a160 100644 --- a/lib/Crypto/IPasswordAlgorithm.php +++ b/lib/Crypto/IPasswordAlgorithm.php @@ -42,18 +42,20 @@ interface IPasswordAlgorithm * This value is stored in the database, when the password is changed. * * @param String $password The new password. + * @param String $salt Optional. Salt value. * * @return boolean True if the password was hashed successfully, false otherwise. */ - public function getPasswordHash($password); + public function getPasswordHash($password, $salt = null); /** * Check password given by the user against hash stored in the database. * * @param String $password Password given by the user. * @param String $dbHash Password hash stored in the database. + * @param String $salt Optional. Salt value. * * @return boolean True if the password is correct, false otherwise. */ - public function checkPassword($password, $dbHash); + public function checkPassword($password, $dbHash, $salt = null); } diff --git a/lib/Crypto/Joomla.php b/lib/Crypto/Joomla.php index 46af41c..ddec9ae 100644 --- a/lib/Crypto/Joomla.php +++ b/lib/Crypto/Joomla.php @@ -43,7 +43,7 @@ class Joomla extends AbstractAlgorithm /** * @inheritdoc */ - public function getPasswordHash($password) + public function getPasswordHash($password, $salt = null) { $salt = Utils::randomString( 32, "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" @@ -55,7 +55,7 @@ class Joomla extends AbstractAlgorithm /** * @inheritdoc */ - public function checkPassword($password, $dbHash) + public function checkPassword($password, $dbHash, $salt = null) { return hash_equals($dbHash, self::generateHash($password, $dbHash)); } diff --git a/lib/Crypto/MD5.php b/lib/Crypto/MD5.php index b995b9c..72ea2ce 100644 --- a/lib/Crypto/MD5.php +++ b/lib/Crypto/MD5.php @@ -43,7 +43,7 @@ class MD5 extends AbstractAlgorithm /** * @inheritdoc */ - public function getPasswordHash($password) + public function getPasswordHash($password, $salt = null) { return md5($password); } diff --git a/lib/Crypto/Phpass.php b/lib/Crypto/Phpass.php index a430ae3..bea911d 100644 --- a/lib/Crypto/Phpass.php +++ b/lib/Crypto/Phpass.php @@ -50,7 +50,7 @@ class Phpass extends AbstractAlgorithm /** * @inheritdoc */ - public function checkPassword($password, $dbHash) + public function checkPassword($password, $dbHash, $salt = null) { return hash_equals($dbHash, $this->crypt($password, $dbHash)); } @@ -136,7 +136,7 @@ class Phpass extends AbstractAlgorithm /** * @inheritdoc */ - public function getPasswordHash($password) + public function getPasswordHash($password, $salt = null) { return $this->crypt($password, $this->genSalt()); } diff --git a/lib/Crypto/Redmine.php b/lib/Crypto/Redmine.php new file mode 100644 index 0000000..81a80c9 --- /dev/null +++ b/lib/Crypto/Redmine.php @@ -0,0 +1,50 @@ +<?php +/** + * Nextcloud - user_sql + * + * @copyright 2018 Marcin Łojewski <dev@mlojewski.me> + * @author Marcin Łojewski <dev@mlojewski.me> + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <https://www.gnu.org/licenses/>. + */ + +namespace OCA\UserSQL\Crypto; + +/** + * Redmine MD5 hash implementation. + * + * @author Marcin Łojewski <dev@mlojewski.me> + */ +class Redmine extends AbstractAlgorithm +{ + /** + * @inheritdoc + */ + public function getPasswordHash($password, $salt = null) + { + if (is_null($salt)) { + return false; + } + + return sha1($salt . sha1($password)); + } + + /** + * @inheritdoc + */ + protected function getAlgorithmName() + { + return "Redmine"; + } +} diff --git a/lib/Crypto/SHA1.php b/lib/Crypto/SHA1.php index 6a1c707..9c0c92f 100644 --- a/lib/Crypto/SHA1.php +++ b/lib/Crypto/SHA1.php @@ -24,7 +24,7 @@ namespace OCA\UserSQL\Crypto; use OCP\IL10N; /** - * SHA1 hash implementation. + * SHA-1 hash implementation. * * @author Marcin Łojewski <dev@mlojewski.me> */ @@ -43,7 +43,7 @@ class SHA1 extends AbstractAlgorithm /** * @inheritdoc */ - public function getPasswordHash($password) + public function getPasswordHash($password, $salt = null) { return sha1($password); } @@ -53,6 +53,6 @@ class SHA1 extends AbstractAlgorithm */ protected function getAlgorithmName() { - return "SHA1"; + return "SHA-1"; } } diff --git a/lib/Crypto/SHA256.php b/lib/Crypto/SHA256.php new file mode 100644 index 0000000..a71bb29 --- /dev/null +++ b/lib/Crypto/SHA256.php @@ -0,0 +1,58 @@ +<?php +/** + * Nextcloud - user_sql + * + * @copyright 2018 Marcin Łojewski <dev@mlojewski.me> + * @author Marcin Łojewski <dev@mlojewski.me> + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <https://www.gnu.org/licenses/>. + */ + +namespace OCA\UserSQL\Crypto; + +use OCP\IL10N; + +/** + * SHA-256 hash implementation. + * + * @author Marcin Łojewski <dev@mlojewski.me> + */ +class SHA256 extends AbstractAlgorithm +{ + /** + * The class constructor. + * + * @param IL10N $localization The localization service. + */ + public function __construct(IL10N $localization) + { + parent::__construct($localization); + } + + /** + * @inheritdoc + */ + public function getPasswordHash($password, $salt = null) + { + return hash('sha256', $password); + } + + /** + * @inheritdoc + */ + protected function getAlgorithmName() + { + return "SHA-256"; + } +} diff --git a/lib/Crypto/SHA512.php b/lib/Crypto/SHA512.php new file mode 100644 index 0000000..efc655f --- /dev/null +++ b/lib/Crypto/SHA512.php @@ -0,0 +1,58 @@ +<?php +/** + * Nextcloud - user_sql + * + * @copyright 2018 Marcin Łojewski <dev@mlojewski.me> + * @author Marcin Łojewski <dev@mlojewski.me> + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <https://www.gnu.org/licenses/>. + */ + +namespace OCA\UserSQL\Crypto; + +use OCP\IL10N; + +/** + * SHA-512 hash implementation. + * + * @author Marcin Łojewski <dev@mlojewski.me> + */ +class SHA512 extends AbstractAlgorithm +{ + /** + * The class constructor. + * + * @param IL10N $localization The localization service. + */ + public function __construct(IL10N $localization) + { + parent::__construct($localization); + } + + /** + * @inheritdoc + */ + public function getPasswordHash($password, $salt = null) + { + return hash('sha512', $password); + } + + /** + * @inheritdoc + */ + protected function getAlgorithmName() + { + return "SHA-512"; + } +} diff --git a/lib/Crypto/SHA512Whirlpool.php b/lib/Crypto/SHA512Whirlpool.php index 4f36e9a..b58bf96 100644 --- a/lib/Crypto/SHA512Whirlpool.php +++ b/lib/Crypto/SHA512Whirlpool.php @@ -24,7 +24,7 @@ namespace OCA\UserSQL\Crypto; use OCP\IL10N; /** - * SHA512 Whirlpool hash implementation. + * SHA-512 Whirlpool hash implementation. * * @author Marcin Łojewski <dev@mlojewski.me> */ @@ -43,7 +43,7 @@ class SHA512Whirlpool extends AbstractAlgorithm /** * @inheritdoc */ - public function getPasswordHash($password) + public function getPasswordHash($password, $salt = null) { return hash('sha512', hash('whirlpool', $password)); } @@ -53,6 +53,6 @@ class SHA512Whirlpool extends AbstractAlgorithm */ protected function getAlgorithmName() { - return "SHA512 Whirlpool"; + return "SHA-512 Whirlpool"; } } diff --git a/lib/Crypto/SSHA.php b/lib/Crypto/SSHA.php index ddae4b2..ff29f0f 100644 --- a/lib/Crypto/SSHA.php +++ b/lib/Crypto/SSHA.php @@ -43,7 +43,7 @@ abstract class SSHA extends AbstractAlgorithm /** * @inheritdoc */ - public function checkPassword($password, $dbHash) + public function checkPassword($password, $dbHash, $salt = null) { $saltedPassword = base64_decode( preg_replace("/" . $this->getPrefix() . "/i", "", $dbHash) @@ -94,7 +94,7 @@ abstract class SSHA extends AbstractAlgorithm /** * @inheritdoc */ - public function getPasswordHash($password) + public function getPasswordHash($password, $salt = null) { return self::ssha( $password, Utils::randomString( diff --git a/lib/Crypto/WCF2.php b/lib/Crypto/WCF2.php index 498818a..6a8eeef 100644 --- a/lib/Crypto/WCF2.php +++ b/lib/Crypto/WCF2.php @@ -31,7 +31,7 @@ class WCF2 extends AbstractCrypt /** * @inheritdoc */ - public function checkPassword($password, $dbHash) + public function checkPassword($password, $dbHash, $salt = null) { return hash_equals($dbHash, crypt(crypt($password, $dbHash), $dbHash)); } @@ -39,7 +39,7 @@ class WCF2 extends AbstractCrypt /** * @inheritdoc */ - public function getPasswordHash($password) + public function getPasswordHash($password, $salt = null) { $salt = $this->getSalt(); return crypt(crypt($password, $salt), $salt); diff --git a/lib/Crypto/Whirlpool.php b/lib/Crypto/Whirlpool.php index 7ae6360..97e3b2b 100644 --- a/lib/Crypto/Whirlpool.php +++ b/lib/Crypto/Whirlpool.php @@ -43,7 +43,7 @@ class Whirlpool extends AbstractAlgorithm /** * @inheritdoc */ - public function getPasswordHash($password) + public function getPasswordHash($password, $salt = null) { return hash('whirlpool', $password); } diff --git a/templates/admin.php b/templates/admin.php index b722b8b..c00b06e 100644 --- a/templates/admin.php +++ b/templates/admin.php @@ -153,6 +153,7 @@ function print_select_options( print_text_input($l, "db-table-user-column-active", "Active", $_["db.table.user.column.active"]); print_text_input($l, "db-table-user-column-avatar", "Provide avatar", $_["db.table.user.column.avatar"]); print_text_input($l, "db-table-user-column-salt", "Salt", $_["db.table.user.column.salt"]); + print_checkbox_input($l, "opt-append_salt", "Append salt", $_["opt.append_salt"]); print_checkbox_input($l, "opt-prepend_salt", "Prepend salt", $_["opt.prepend_salt"]); ?> </fieldset> </div> diff --git a/tests/Crypto/PhpassTest.php b/tests/Crypto/PhpassTest.php index 6ef9c42..16e4a0e 100644 --- a/tests/Crypto/PhpassTest.php +++ b/tests/Crypto/PhpassTest.php @@ -27,7 +27,7 @@ use OCP\IL10N; use Test\TestCase; /** - * Unit tests for class <code>PhpassTest</code>. + * Unit tests for class <code>Phpass</code>. * * @author Marcin Łojewski <dev@mlojewski.me> */ diff --git a/tests/Crypto/RedmineTest.php b/tests/Crypto/RedmineTest.php new file mode 100644 index 0000000..8dfeee2 --- /dev/null +++ b/tests/Crypto/RedmineTest.php @@ -0,0 +1,61 @@ +<?php +/** + * Nextcloud - user_sql + * + * @copyright 2018 Marcin Łojewski <dev@mlojewski.me> + * @author Marcin Łojewski <dev@mlojewski.me> + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <https://www.gnu.org/licenses/>. + */ + +namespace Tests\UserSQL\Crypto; + +use OCA\UserSQL\Crypto\IPasswordAlgorithm; +use OCA\UserSQL\Crypto\Redmine; +use OCP\IL10N; +use Test\TestCase; + +/** + * Unit tests for class <code>Redmine</code>. + * + * @author Marcin Łojewski <dev@mlojewski.me> + */ +class RedmineTest extends TestCase +{ + /** + * @var IPasswordAlgorithm + */ + private $crypto; + + public function testCheckPassword() + { + $this->assertTrue( + $this->crypto->checkPassword( + "password", "48b75edeffd8e413341d7734f0f3391e7a5da994", "salt" + ) + ); + } + + public function testPasswordHash() + { + $hash = $this->crypto->getPasswordHash("password", "salt"); + $this->assertTrue($this->crypto->checkPassword("password", $hash, "salt")); + } + + protected function setUp() + { + parent::setUp(); + $this->crypto = new Redmine($this->createMock(IL10N::class)); + } +} diff --git a/tests/Crypto/SHA256Test.php b/tests/Crypto/SHA256Test.php new file mode 100644 index 0000000..1c925ab --- /dev/null +++ b/tests/Crypto/SHA256Test.php @@ -0,0 +1,61 @@ +<?php +/** + * Nextcloud - user_sql + * + * @copyright 2018 Marcin Łojewski <dev@mlojewski.me> + * @author Marcin Łojewski <dev@mlojewski.me> + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <https://www.gnu.org/licenses/>. + */ + +namespace Tests\UserSQL\Crypto; + +use OCA\UserSQL\Crypto\IPasswordAlgorithm; +use OCA\UserSQL\Crypto\SHA256; +use OCP\IL10N; +use Test\TestCase; + +/** + * Unit tests for class <code>SHA256</code>. + * + * @author Marcin Łojewski <dev@mlojewski.me> + */ +class SHA512Test extends TestCase +{ + /** + * @var IPasswordAlgorithm + */ + private $crypto; + + public function testCheckPassword() + { + $this->assertTrue( + $this->crypto->checkPassword( + "password", "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8" + ) + ); + } + + public function testPasswordHash() + { + $hash = $this->crypto->getPasswordHash("password"); + $this->assertTrue($this->crypto->checkPassword("password", $hash)); + } + + protected function setUp() + { + parent::setUp(); + $this->crypto = new SHA256($this->createMock(IL10N::class)); + } +} diff --git a/tests/Crypto/SHA512Test.php b/tests/Crypto/SHA512Test.php new file mode 100644 index 0000000..791f352 --- /dev/null +++ b/tests/Crypto/SHA512Test.php @@ -0,0 +1,62 @@ +<?php +/** + * Nextcloud - user_sql + * + * @copyright 2018 Marcin Łojewski <dev@mlojewski.me> + * @author Marcin Łojewski <dev@mlojewski.me> + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <https://www.gnu.org/licenses/>. + */ + +namespace Tests\UserSQL\Crypto; + +use OCA\UserSQL\Crypto\IPasswordAlgorithm; +use OCA\UserSQL\Crypto\SHA512; +use OCP\IL10N; +use Test\TestCase; + +/** + * Unit tests for class <code>SHA512</code>. + * + * @author Marcin Łojewski <dev@mlojewski.me> + */ +class SHA512Test extends TestCase +{ + /** + * @var IPasswordAlgorithm + */ + private $crypto; + + public function testCheckPassword() + { + $this->assertTrue( + $this->crypto->checkPassword( + "password", + "b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86" + ) + ); + } + + public function testPasswordHash() + { + $hash = $this->crypto->getPasswordHash("password"); + $this->assertTrue($this->crypto->checkPassword("password", $hash)); + } + + protected function setUp() + { + parent::setUp(); + $this->crypto = new SHA512($this->createMock(IL10N::class)); + } +} |