From c4d7483a0a7d1ea75bf06d0a4e726e2b150be81f Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@owncloud.com>
Date: Thu, 6 Nov 2014 15:42:06 +0100
Subject: [PATCH] Use new hashing API for OC_User_Database
This will use the new Hashing API for OC_User_Database and migrate old passwords upon initial login of the user.
---
lib/private/user/database.php | 39 +++++++----------------------------
1 file changed, 7 insertions(+), 32 deletions(-)
diff --git a/lib/private/user/database.php b/lib/private/user/database.php
index 3a76adbe76..a6289066f0 100644
--- a/lib/private/user/database.php
+++ b/lib/private/user/database.php
@@ -33,28 +33,12 @@
*
*/
-require_once 'phpass/PasswordHash.php';
-
/**
* Class for user management in a SQL Database (e.g. MySQL, SQLite)
*/
class OC_User_Database extends OC_User_Backend {
- /**
- * @var PasswordHash
- */
- private static $hasher = null;
-
private $cache = array();
- private function getHasher() {
- if (!self::$hasher) {
- //we don't want to use DES based crypt(), since it doesn't return a hash with a recognisable prefix
- $forcePortable = (CRYPT_BLOWFISH != 1);
- self::$hasher = new PasswordHash(8, $forcePortable);
- }
- return self::$hasher;
- }
-
/**
* Create a new user
* @param string $uid The username of the user to create
@@ -66,10 +50,8 @@ class OC_User_Database extends OC_User_Backend {
*/
public function createUser($uid, $password) {
if (!$this->userExists($uid)) {
- $hasher = $this->getHasher();
- $hash = $hasher->HashPassword($password . OC_Config::getValue('passwordsalt', ''));
$query = OC_DB::prepare('INSERT INTO `*PREFIX*users` ( `uid`, `password` ) VALUES( ?, ? )');
- $result = $query->execute(array($uid, $hash));
+ $result = $query->execute(array($uid, \OC::$server->getHasher()->hash($password)));
return $result ? true : false;
}
@@ -106,10 +88,8 @@ class OC_User_Database extends OC_User_Backend {
*/
public function setPassword($uid, $password) {
if ($this->userExists($uid)) {
- $hasher = $this->getHasher();
- $hash = $hasher->HashPassword($password . OC_Config::getValue('passwordsalt', ''));
$query = OC_DB::prepare('UPDATE `*PREFIX*users` SET `password` = ? WHERE `uid` = ?');
- $result = $query->execute(array($hash, $uid));
+ $result = $query->execute(array(\OC::$server->getHasher()->hash($password), $uid));
return $result ? true : false;
}
@@ -159,7 +139,6 @@ class OC_User_Database extends OC_User_Backend {
. ' WHERE LOWER(`displayname`) LIKE LOWER(?) OR '
. 'LOWER(`uid`) LIKE LOWER(?) ORDER BY `uid` ASC', $limit, $offset);
$result = $query->execute(array('%' . $search . '%', '%' . $search . '%'));
- $users = array();
while ($row = $result->fetchRow()) {
$displayNames[$row['uid']] = $row['displayname'];
}
@@ -183,18 +162,14 @@ class OC_User_Database extends OC_User_Backend {
$row = $result->fetchRow();
if ($row) {
$storedHash = $row['password'];
- if ($storedHash[0] === '$') { //the new phpass based hashing
- $hasher = $this->getHasher();
- if ($hasher->CheckPassword($password . OC_Config::getValue('passwordsalt', ''), $storedHash)) {
- return $row['uid'];
+ $newHash = '';
+ if(\OC::$server->getHasher()->verify($password, $storedHash, $newHash)) {
+ if(!empty($newHash)) {
+ $this->setPassword($uid, $password);
}
-
- //old sha1 based hashing
- } elseif (sha1($password) === $storedHash) {
- //upgrade to new hashing
- $this->setPassword($row['uid'], $password);
return $row['uid'];
}
+
}
return false;
--
GitLab