diff options
-rw-r--r-- | CHANGELOG.md | 2 | ||||
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | js/settings.js | 2 | ||||
-rw-r--r-- | lib/Backend/UserBackend.php | 16 | ||||
-rw-r--r-- | lib/Constant/DB.php | 1 | ||||
-rw-r--r-- | lib/Crypto/SHA512Whirlpool.php | 58 | ||||
-rw-r--r-- | lib/Model/User.php | 4 | ||||
-rw-r--r-- | lib/Query/QueryProvider.php | 4 | ||||
-rw-r--r-- | templates/admin.php | 5 | ||||
-rw-r--r-- | tests/Crypto/SHA512WhirlpoolTest.php | 56 |
10 files changed, 142 insertions, 8 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 9af8528..cc1c2ee 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ## [v4.0.0-rc2] ### Added - User active column +- SHA512 Whirlpool hashing algorithm +- Support for salt column ### Changed - Fixed "Use of undefined constant" error for Argon2 Crypt with PHP below 7.2. @@ -69,6 +69,7 @@ Name | Description | Details **Display name** | Display name column. | Optional. **Active** | Flag indicating if user can log in. | Optional.<br/>Default: true. **Can change avatar** | Flag indicating if user can change its avatar. | Optional.<br/>Default: false. +**Salt** | Salt which is appended to password when checking or changing the password. | Optional. #### Group table @@ -191,6 +192,7 @@ Standard DES (Crypt) | | yTBnb7ab/N072 Joomla MD5 Encryption | Generates 32 chars salt. | 14d21b49b0f13e2acba962b6b0039edd:haJK0yTvBXTNMh76xwEw5RYEVpJsN8us MD5 | No salt supported. | 5f4dcc3b5aa765d61d8327deb882cf99 SHA1 | No salt supported. | 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 +SHA512 Whirlpool | No salt supported. | a96b16ebb691dbe968b0d66d0d924cff5cf5de5e0885181d00761d87f295b2bf3d3c66187c050fc01c196ff3acaa48d3561ffd170413346e934a32280d632f2e SSHA256 | Generates 32 chars salt. | {SSHA256}+WxTB3JxprNteeovsuSYtgI+UkVPA9lfwGoYkz3Ff7hjd1FSdmlTMkNsSExyR21KM3NvNTZ5V0p4WXJMUjFzUg== SSHA512 | Generates 32 chars salt. | {SSHA512}It+v1kAEUBbhMJYJ2swAtz+RLE6ispv/FB6G/ALhK/YWwEmrloY+0jzrWIfmu+rWUXp8u0Tg4jLXypC5oXAW00IyYnRVdEZJbE9wak96bkNRVWFCYmlJNWxrdTA0QmhL diff --git a/js/settings.js b/js/settings.js index 47b1061..c42bb4a 100644 --- a/js/settings.js +++ b/js/settings.js @@ -76,7 +76,7 @@ user_sql.adminSettingsUI = function () { ); autocomplete( - "#db-table-user-column-uid, #db-table-user-column-email, #db-table-user-column-home, #db-table-user-column-password, #db-table-user-column-name, #db-table-user-column-active, #db-table-user-column-avatar", + "#db-table-user-column-uid, #db-table-user-column-email, #db-table-user-column-home, #db-table-user-column-password, #db-table-user-column-name, #db-table-user-column-active, #db-table-user-column-avatar, #db-table-user-column-salt", "/apps/user_sql/settings/autocomplete/table/user" ); diff --git a/lib/Backend/UserBackend.php b/lib/Backend/UserBackend.php index 88119ee..6a8237b 100644 --- a/lib/Backend/UserBackend.php +++ b/lib/Backend/UserBackend.php @@ -274,6 +274,10 @@ final class UserBackend extends Backend return false; } + if ($user->salt !== null) { + $password .= $user->salt; + } + $isCorrect = $passwordAlgorithm->checkPassword( $password, $user->password ); @@ -417,13 +421,17 @@ final class UserBackend extends Backend return false; } - $passwordHash = $passwordAlgorithm->getPasswordHash($password); - if ($passwordHash === false) { + $user = $this->userRepository->findByUid($uid); + if (!($user instanceof User)) { return false; } - $user = $this->userRepository->findByUid($uid); - if (!($user instanceof User)) { + if ($user->salt !== null) { + $password .= $user->salt; + } + + $passwordHash = $passwordAlgorithm->getPasswordHash($password); + if ($passwordHash === false) { return false; } diff --git a/lib/Constant/DB.php b/lib/Constant/DB.php index 832cda5..ce0da21 100644 --- a/lib/Constant/DB.php +++ b/lib/Constant/DB.php @@ -51,5 +51,6 @@ final class DB const USER_HOME_COLUMN = "db.table.user.column.home"; const USER_NAME_COLUMN = "db.table.user.column.name"; const USER_PASSWORD_COLUMN = "db.table.user.column.password"; + const USER_SALT_COLUMN = "db.table.user.column.salt"; const USER_UID_COLUMN = "db.table.user.column.uid"; } diff --git a/lib/Crypto/SHA512Whirlpool.php b/lib/Crypto/SHA512Whirlpool.php new file mode 100644 index 0000000..1fd3988 --- /dev/null +++ b/lib/Crypto/SHA512Whirlpool.php @@ -0,0 +1,58 @@ +<?php +/** + * Nextcloud - user_sql + * + * @copyright 2018 Marcin Łojewski <dev@mlojewski.me> + * @author Marcin Łojewski <dev@mlojewski.me> + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <https://www.gnu.org/licenses/>. + */ + +namespace OCA\UserSQL\Crypto; + +use OCP\IL10N; + +/** + * SHA512 Whirlpool hashing implementation. + * + * @author Marcin Łojewski <dev@mlojewski.me> + */ +class SHA512Whirlpool extends AbstractAlgorithm +{ + /** + * The class constructor. + * + * @param IL10N $localization The localization service. + */ + public function __construct(IL10N $localization) + { + parent::__construct($localization); + } + + /** + * @inheritdoc + */ + public function getPasswordHash($password) + { + return hash('sha512', hash('whirlpool', $password)); + } + + /** + * @inheritdoc + */ + protected function getAlgorithmName() + { + return "SHA512 Whirlpool"; + } +} diff --git a/lib/Model/User.php b/lib/Model/User.php index 90048f9..dcc9551 100644 --- a/lib/Model/User.php +++ b/lib/Model/User.php @@ -56,4 +56,8 @@ class User * @var bool Can user change its avatar. */ public $avatar; + /** + * @var string The password's salt. + */ + public $salt; } diff --git a/lib/Query/QueryProvider.php b/lib/Query/QueryProvider.php index 742e784..49f2ac9 100644 --- a/lib/Query/QueryProvider.php +++ b/lib/Query/QueryProvider.php @@ -71,6 +71,7 @@ class QueryProvider implements \ArrayAccess $uHome = $this->properties[DB::USER_HOME_COLUMN]; $uName = $this->properties[DB::USER_NAME_COLUMN]; $uPassword = $this->properties[DB::USER_PASSWORD_COLUMN]; + $uSalt = $this->properties[DB::USER_SALT_COLUMN]; $uUID = $this->properties[DB::USER_UID_COLUMN]; $ugGID = $this->properties[DB::USER_GROUP_GID_COLUMN]; @@ -92,7 +93,8 @@ class QueryProvider implements \ArrayAccess (empty($uEmail) ? "null" : $uEmail) . " AS email, " . (empty($uHome) ? "null" : $uHome) . " AS home, " . (empty($uActive) ? "true" : $uActive) . " AS active, " . - (empty($uAvatar) ? "false" : $uAvatar) . " AS avatar"; + (empty($uAvatar) ? "false" : $uAvatar) . " AS avatar, " . + (empty($uSalt) ? "null" : $uSalt) . " AS salt"; $this->queries = [ Query::BELONGS_TO_ADMIN => diff --git a/templates/admin.php b/templates/admin.php index 43d812e..a39becf 100644 --- a/templates/admin.php +++ b/templates/admin.php @@ -148,7 +148,8 @@ function print_select_options( print_text_input($l, "db-table-user-column-password", "Password", $_['db.table.user.column.password']); print_text_input($l, "db-table-user-column-name", "Display name", $_['db.table.user.column.name']); print_text_input($l, "db-table-user-column-active", "Active", $_['db.table.user.column.active']); - print_text_input($l, "db-table-user-column-avatar", "Can change avatar", $_['db.table.user.column.avatar']); ?> + print_text_input($l, "db-table-user-column-avatar", "Can change avatar", $_['db.table.user.column.avatar']); + print_text_input($l, "db-table-user-column-salt", "Salt", $_['db.table.user.column.salt']); ?> </fieldset> </div> <div class="section"> @@ -180,4 +181,4 @@ function print_select_options( <input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']); ?>" id="requesttoken"/> <input id="user_sql-save" type="submit" value="<?php p($l->t('Save')); ?>"/> </div> -</form>
\ No newline at end of file +</form> diff --git a/tests/Crypto/SHA512WhirlpoolTest.php b/tests/Crypto/SHA512WhirlpoolTest.php new file mode 100644 index 0000000..558db94 --- /dev/null +++ b/tests/Crypto/SHA512WhirlpoolTest.php @@ -0,0 +1,56 @@ +<?php +/** + * Nextcloud - user_sql + * + * @copyright 2018 Marcin Łojewski <dev@mlojewski.me> + * @author Marcin Łojewski <dev@mlojewski.me> + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <https://www.gnu.org/licenses/>. + */ + +namespace Tests\UserSQL\Crypto; + +use OCA\UserSQL\Crypto\SHA512Whirlpool; +use OCA\UserSQL\Crypto\IPasswordAlgorithm; +use OCP\IL10N; +use Test\TestCase; + +/** + * Unit tests for class <code>SHA512Whirlpool</code>. + * + * @author Marcin Łojewski <dev@mlojewski.me> + */ +class SHA512WhirlpoolTest extends TestCase +{ + /** + * @var IPasswordAlgorithm + */ + private $crypto; + + public function testCheckPassword() + { + $this->assertTrue( + $this->crypto->checkPassword( + "password", + "a96b16ebb691dbe968b0d66d0d924cff5cf5de5e0885181d00761d87f295b2bf3d3c66187c050fc01c196ff3acaa48d3561ffd170413346e934a32280d632f2e" + ) + ); + } + + protected function setUp() + { + parent::setUp(); + $this->crypto = new SHA512Whirlpool($this->createMock(IL10N::class)); + } +} |