public function renderConfigurationFooter() { $hashers = PhabricatorPasswordHasher::getAllHashers(); $hashers = msort($hashers, 'getStrength'); $hashers = array_reverse($hashers); $yes = phutil_tag('strong', array('style' => 'color: #009900'), pht('Yes')); $no = phutil_tag('strong', array('style' => 'color: #990000'), pht('Not Installed')); $best_hasher_name = null; try { $best_hasher = PhabricatorPasswordHasher::getBestHasher(); $best_hasher_name = $best_hasher->getHashName(); } catch (PhabricatorPasswordHasherUnavailableException $ex) { // There are no suitable hashers. The user might be able to enable some, // so we don't want to fatal here. We'll fatal when users try to actually // use this stuff if it isn't fixed before then. Until then, we just // don't highlight a row. In practice, at least one hasher should always // be available. } $rows = array(); $rowc = array(); foreach ($hashers as $hasher) { $is_installed = $hasher->canHashPasswords(); $rows[] = array($hasher->getHumanReadableName(), $hasher->getHashName(), $hasher->getHumanReadableStrength(), $is_installed ? $yes : $no, $is_installed ? null : $hasher->getInstallInstructions()); $rowc[] = $best_hasher_name == $hasher->getHashName() ? 'highlighted' : null; } $table = new AphrontTableView($rows); $table->setRowClasses($rowc); $table->setHeaders(array(pht('Algorithm'), pht('Name'), pht('Strength'), pht('Installed'), pht('Install Instructions'))); $table->setColumnClasses(array('', '', '', '', 'wide')); $header = id(new PHUIHeaderView())->setHeader(pht('Password Hash Algorithms'))->setSubheader(pht('Stronger algorithms are listed first. The highlighted algorithm ' . 'will be used when storing new hashes. Older hashes will be ' . 'upgraded to the best algorithm over time.')); return id(new PHUIObjectBoxView())->setHeader($header)->appendChild($table); }
<?php $table = new PhabricatorRepositoryVCSPassword(); $conn_w = $table->establishConnection('w'); echo "Upgrading password hashing for VCS passwords.\n"; $best_hasher = PhabricatorPasswordHasher::getBestHasher(); foreach (new LiskMigrationIterator($table) as $password) { $id = $password->getID(); echo "Migrating VCS password {$id}...\n"; $input_hash = $password->getPasswordHash(); $input_envelope = new PhutilOpaqueEnvelope($input_hash); $storage_hash = $best_hasher->getPasswordHashForStorage($input_envelope); queryfx($conn_w, 'UPDATE %T SET passwordHash = %s WHERE id = %d', $table->getTableName(), $storage_hash->openEnvelope(), $id); } echo "Done.\n";
private function hashPassword(PhutilOpaqueEnvelope $password) { $hasher = PhabricatorPasswordHasher::getBestHasher(); $input_envelope = $this->getPasswordHashInput($password); return $hasher->getPasswordHashForStorage($input_envelope); }
/** * Get the human-readable algorithm name for the best available hash. * * @return string Human-readable name for best hash. */ public static function getBestAlgorithmName() { try { $best_hasher = PhabricatorPasswordHasher::getBestHasher(); return $best_hasher->getHumanReadableName(); } catch (Exception $ex) { return pht('Unknown'); } }