/** * @dataProvider providePasswordTests * @covers InvalidPassword::equals * @covers InvalidPassword::toString */ public function testInvalidUnequalNormal($shouldMatch, $hash, $password) { $invalid = $this->passwordFactory->newFromCiphertext(null); $normal = $this->passwordFactory->newFromCiphertext($hash); $this->assertFalse($invalid->equals($normal)); $this->assertFalse($normal->equals($invalid)); }
/** * @covers InvalidPassword::equals */ public function testInvalidUnequalInvalid() { $passwordFactory = new PasswordFactory(); $invalid1 = $passwordFactory->newFromCiphertext(null); $invalid2 = $passwordFactory->newFromCiphertext(null); $this->assertFalse($invalid1->equals($invalid2)); }
public function execute() { global $wgAuth; if (!$wgAuth->allowSetLocalPassword()) { $this->error('$wgAuth does not allow local passwords. Aborting.', true); } $passwordFactory = new PasswordFactory(); $passwordFactory->init(RequestContext::getMain()->getConfig()); $typeInfo = $passwordFactory->getTypes(); $layeredType = $this->getOption('type'); // Check that type exists and is a layered type if (!isset($typeInfo[$layeredType])) { $this->error('Undefined password type', true); } $passObj = $passwordFactory->newFromType($layeredType); if (!$passObj instanceof LayeredParameterizedPassword) { $this->error('Layered parameterized password type must be used.', true); } // Extract the first layer type $typeConfig = $typeInfo[$layeredType]; $firstType = $typeConfig['types'][0]; // Get a list of password types that are applicable $dbw = $this->getDB(DB_MASTER); $typeCond = 'user_password' . $dbw->buildLike(":{$firstType}:", $dbw->anyString()); $minUserId = 0; do { $dbw->begin(); $res = $dbw->select('user', array('user_id', 'user_name', 'user_password'), array('user_id > ' . $dbw->addQuotes($minUserId), $typeCond), __METHOD__, array('ORDER BY' => 'user_id', 'LIMIT' => $this->mBatchSize, 'LOCK IN SHARE MODE')); /** @var User[] $updateUsers */ $updateUsers = array(); foreach ($res as $row) { if ($this->hasOption('verbose')) { $this->output("Updating password for user {$row->user_name} ({$row->user_id}).\n"); } $user = User::newFromId($row->user_id); /** @var ParameterizedPassword $password */ $password = $passwordFactory->newFromCiphertext($row->user_password); /** @var LayeredParameterizedPassword $layeredPassword */ $layeredPassword = $passwordFactory->newFromType($layeredType); $layeredPassword->partialCrypt($password); $updateUsers[] = $user; $dbw->update('user', array('user_password' => $layeredPassword->toString()), array('user_id' => $row->user_id), __METHOD__); $minUserId = $row->user_id; } $dbw->commit(); // Clear memcached so old passwords are wiped out foreach ($updateUsers as $user) { $user->clearSharedCache(); } } while ($res->numRows()); }
/** * Compare a password hash with a plain-text password. Requires the user * ID if there's a chance that the hash is an old-style hash. * * @param string $hash Password hash * @param string $password Plain-text password to compare * @param string|bool $userId User ID for old-style password salt * * @return bool * @deprecated since 1.24, use Password class */ public static function comparePasswords($hash, $password, $userId = false) { wfDeprecated(__METHOD__, '1.24'); // Check for *really* old password hashes that don't even have a type // The old hash format was just an md5 hex hash, with no type information if (preg_match('/^[0-9a-f]{32}$/', $hash)) { global $wgPasswordSalt; if ($wgPasswordSalt) { $password = "******"; } else { $password = "******"; } } $passwordFactory = new PasswordFactory(); $passwordFactory->init(RequestContext::getMain()->getConfig()); $hash = $passwordFactory->newFromCiphertext($hash); return $hash->equals($password); }
/** * Get the password * @return Password */ protected function getPassword() { list($index, $options) = DBAccessObjectUtils::getDBOptions($this->flags); $db = self::getDB($index); $password = $db->selectField('bot_passwords', 'bp_password', array('bp_user' => $this->centralId, 'bp_app_id' => $this->appId), __METHOD__, $options); if ($password === false) { return PasswordFactory::newInvalidPassword(); } $passwordFactory = new \PasswordFactory(); $passwordFactory->init(\RequestContext::getMain()->getConfig()); try { return $passwordFactory->newFromCiphertext($password); } catch (PasswordError $ex) { return PasswordFactory::newInvalidPassword(); } }
/** * Set the password on a testing user * * This assumes we're still using the generic AuthManager config from * PHPUnitMaintClass::finalSetup(), and just sets the password in the * database directly. * @param User $user * @param string $password */ public static function setPasswordForUser(User $user, $password) { if (!$user->getId()) { throw new MWException("Passed User has not been added to the database yet!"); } $dbw = wfGetDB(DB_MASTER); $row = $dbw->selectRow('user', ['user_password'], ['user_id' => $user->getId()], __METHOD__); if (!$row) { throw new MWException("Passed User has an ID but is not in the database?"); } $passwordFactory = new PasswordFactory(); $passwordFactory->init(RequestContext::getMain()->getConfig()); if (!$passwordFactory->newFromCiphertext($row->user_password)->equals($password)) { $passwordHash = $passwordFactory->newFromPlaintext($password); $dbw->update('user', ['user_password' => $passwordHash->toString()], ['user_id' => $user->getId()], __METHOD__); } }