Commit cbb9caf0 authored by Thomas Müller's avatar Thomas Müller
Browse files

Merge pull request #12226 from owncloud/remove-phpass

Remove phpass and migrate to new Hasher interface
parents 46e61047 8595b76d
Subproject commit 912a45c3458685a1105fba38a39a3a71c7348ed9
Subproject commit dd0e7b6dcec142c790a6325b74a7c4fd3c6d7233
......@@ -48,12 +48,26 @@ class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
if (isset($linkItem['share_with'])) {
if ($linkItem['share_type'] == \OCP\Share::SHARE_TYPE_LINK) {
// Check Password
$forcePortable = (CRYPT_BLOWFISH != 1);
$hasher = new \PasswordHash(8, $forcePortable);
if (!$hasher->CheckPassword($password . $this->config->getSystemValue('passwordsalt', ''), $linkItem['share_with'])) {
return false;
} else {
$newHash = '';
if(\OC::$server->getHasher()->verify($password, $linkItem['share_with'], $newHash)) {
/**
* FIXME: Migrate old hashes to new hash format
* Due to the fact that there is no reasonable functionality to update the password
* of an existing share no migration is yet performed there.
* The only possibility is to update the existing share which will result in a new
* share ID and is a major hack.
*
* In the future the migration should be performed once there is a proper method
* to update the share's password. (for example `$share->updatePassword($password)`
*
* @link https://github.com/owncloud/core/issues/10671
*/
if(!empty($newHash)) {
}
return true;
} else {
return false;
}
} else {
return false;
......
......@@ -99,6 +99,7 @@ class ShareController extends Controller {
/**
* @PublicPage
* @UseSession
*
* Authenticates against password-protected shares
* @param $token
......
......@@ -3,7 +3,6 @@
namespace OCA\Files_Sharing;
use OC_Config;
use PasswordHash;
class Helper {
......@@ -99,14 +98,28 @@ class Helper {
if ($password !== null) {
if ($linkItem['share_type'] == \OCP\Share::SHARE_TYPE_LINK) {
// Check Password
$forcePortable = (CRYPT_BLOWFISH != 1);
$hasher = new PasswordHash(8, $forcePortable);
if (!($hasher->CheckPassword($password.OC_Config::getValue('passwordsalt', ''),
$linkItem['share_with']))) {
return false;
} else {
$newHash = '';
if(\OC::$server->getHasher()->verify($password, $linkItem['share_with'], $newHash)) {
// Save item id in session for future requests
\OC::$server->getSession()->set('public_link_authenticated', $linkItem['id']);
/**
* FIXME: Migrate old hashes to new hash format
* Due to the fact that there is no reasonable functionality to update the password
* of an existing share no migration is yet performed there.
* The only possibility is to update the existing share which will result in a new
* share ID and is a major hack.
*
* In the future the migration should be performed once there is a proper method
* to update the share's password. (for example `$share->updatePassword($password)`
*
* @link https://github.com/owncloud/core/issues/10671
*/
if(!empty($newHash)) {
}
} else {
return false;
}
} else {
\OCP\Util::writeLog('share', 'Unknown share type '.$linkItem['share_type']
......
......@@ -464,8 +464,7 @@ class OC {
// setup 3rdparty autoloader
$vendorAutoLoad = OC::$THIRDPARTYROOT . '/3rdparty/autoload.php';
if (file_exists($vendorAutoLoad)) {
$loader = require_once $vendorAutoLoad;
$loader->add('PasswordHash', OC::$THIRDPARTYROOT . '/3rdparty/phpass');
require_once $vendorAutoLoad;
} else {
OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE);
OC_Template::printErrorPage('Composer autoloader not found, unable to continue.');
......
......@@ -633,9 +633,7 @@ class Share extends \OC\Share\Constants {
// Generate hash of password - same method as user passwords
if (!empty($shareWith)) {
$forcePortable = (CRYPT_BLOWFISH != 1);
$hasher = new \PasswordHash(8, $forcePortable);
$shareWith = $hasher->HashPassword($shareWith.\OC_Config::getValue('passwordsalt', ''));
$shareWith = \OC::$server->getHasher()->hash($shareWith);
} else {
// reuse the already set password, but only if we change permissions
// otherwise the user disabled the password protection
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment