/** * Replaces password with salted hash of passwort * extends tx_srfeuserregister_data->parseOutgoingData * * @param array $dataArray: array with user data to be modified * @param array $origArray * * @return array parsed array */ function parseOutgoingData(&$dataArray, $origArray) { $parsedArray = parent::parseOutgoingData($dataArray, $origArray); if (t3lib_extMgm::isLoaded('saltedpasswords') && tx_saltedpasswords_div::isUsageEnabled()) { $objPHPass = t3lib_div::makeInstance(tx_saltedpasswords_div::getDefaultSaltingHashingMethod()); $updatedPassword = $objPHPass->getHashedPassword($parsedArray['password']); $parsedArray['password'] = $parsedArray['password_again'] = $updatedPassword; } return $parsedArray; }
/** * Obtains a salting hashing method instance. * * This function will return an instance of a class that implements * tx_saltedpasswords_abstract_salts. * * Use parameter NULL to reset the factory! * * @param string $saltedHash: (optional) salted hashed password to determine the type of used method from or NULL to reset the factory * @param string $mode: (optional) The TYPO3 mode (FE or BE) saltedpasswords shall be used for * @return tx_saltedpasswords_abstract_salts an instance of salting hashing method object */ public static function getSaltingInstance($saltedHash = '', $mode = TYPO3_MODE) { // creating new instance when // * no instance existing // * a salted hash given to determine salted hashing method from // * a NULL parameter given to reset instance back to default method if (!is_object(self::$instance) || !empty($saltedHash) || is_NULL($saltedHash)) { // determine method by checking the given hash if (!empty($saltedHash)) { $result = self::determineSaltingHashingMethod($saltedHash); if (!$result) { self::$instance = NULL; } } else { $classNameToUse = tx_saltedpasswords_div::getDefaultSaltingHashingMethod($mode); $availableClasses = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/saltedpasswords']['saltMethods']; self::$instance = t3lib_div::getUserObj($availableClasses[$classNameToUse], 'tx_'); } } return self::$instance; }
/** * @test */ public function resettingFactoryInstanceSucceeds() { $defaultClassNameToUse = tx_saltedpasswords_div::getDefaultSaltingHashingMethod(); $saltedPW = ''; if ($defaultClassNameToUse == 'tx_saltedpasswords_salts_md5') { $saltedPW = '$P$CWF13LlG/0UcAQFUjnnS4LOqyRW43c.'; } else { $saltedPW = '$1$rasmusle$rISCgZzpwk3UhDidwXvin0'; } $this->objectInstance = tx_saltedpasswords_salts_factory::getSaltingInstance($saltedPW); // resetting $this->objectInstance = tx_saltedpasswords_salts_factory::getSaltingInstance(NULL); $this->assertTrue(get_class($this->objectInstance) == $defaultClassNameToUse || is_subclass_of($this->objectInstance, $defaultClassNameToUse)); }
/** * Checks the login data with the user record data for builtin login method. * * @param array user data array * @param array login data array * @param string login security level (optional) * @return boolean TRUE if login data matched */ function compareUident(array $user, array $loginData, $security_level = 'normal') { $validPasswd = FALSE; // could be merged; still here to clarify if (!strcmp(TYPO3_MODE, 'BE')) { $password = $loginData['uident_text']; } else { if (!strcmp(TYPO3_MODE, 'FE')) { $password = $loginData['uident_text']; } } // determine method used for given salted hashed password $this->objInstanceSaltedPW = tx_saltedpasswords_salts_factory::getSaltingInstance($user['password']); // existing record is in format of Salted Hash password if (is_object($this->objInstanceSaltedPW)) { $validPasswd = $this->objInstanceSaltedPW->checkPassword($password, $user['password']); // record is in format of Salted Hash password but authentication failed // skip further authentication methods if (!$validPasswd) { $this->authenticationFailed = TRUE; } $defaultHashingClassName = tx_saltedpasswords_div::getDefaultSaltingHashingMethod(); $skip = FALSE; // test for wrong salted hashing method if ($validPasswd && !(get_class($this->objInstanceSaltedPW) == $defaultHashingClassName) || is_subclass_of($this->objInstanceSaltedPW, $defaultHashingClassName)) { // instanciate default method class $this->objInstanceSaltedPW = tx_saltedpasswords_salts_factory::getSaltingInstance(NULL); $this->updatePassword(intval($user['uid']), array('password' => $this->objInstanceSaltedPW->getHashedPassword($password))); } if ($validPasswd && !$skip && $this->objInstanceSaltedPW->isHashUpdateNeeded($user['password'])) { $this->updatePassword(intval($user['uid']), array('password' => $this->objInstanceSaltedPW->getHashedPassword($password))); } // we process also clear-text, md5 and passwords updated by Portable PHP password hashing framework } else { if (!intval($this->extConf['forceSalted'])) { // stored password is in deprecated salted hashing method if (t3lib_div::inList('C$,M$', substr($user['password'], 0, 2))) { // instanciate default method class $this->objInstanceSaltedPW = tx_saltedpasswords_salts_factory::getSaltingInstance(substr($user['password'], 1)); // md5 if (!strcmp(substr($user['password'], 0, 1), 'M')) { $validPasswd = $this->objInstanceSaltedPW->checkPassword(md5($password), substr($user['password'], 1)); } else { $validPasswd = $this->objInstanceSaltedPW->checkPassword($password, substr($user['password'], 1)); } // skip further authentication methods if (!$validPasswd) { $this->authenticationFailed = TRUE; } // password is stored as md5 } else { if (preg_match('/[0-9abcdef]{32,32}/', $user['password'])) { $validPasswd = !strcmp(md5($password), $user['password']) ? TRUE : FALSE; // skip further authentication methods if (!$validPasswd) { $this->authenticationFailed = TRUE; } // password is stored plain or unrecognized format } else { $validPasswd = !strcmp($password, $user['password']) ? TRUE : FALSE; } } // should we store the new format value in DB? if ($validPasswd && intval($this->extConf['updatePasswd'])) { // instanciate default method class $this->objInstanceSaltedPW = tx_saltedpasswords_salts_factory::getSaltingInstance(NULL); $this->updatePassword(intval($user['uid']), array('password' => $this->objInstanceSaltedPW->getHashedPassword($password))); } } } return $validPasswd; }