2009-11-06 02:23:13 +00:00
|
|
|
<?php
|
2016-06-15 16:03:16 +12:00
|
|
|
|
|
|
|
use SilverStripe\ORM\DataObject;
|
2016-06-23 11:37:22 +12:00
|
|
|
use SilverStripe\Security\Member;
|
|
|
|
use SilverStripe\Security\Permission;
|
|
|
|
use SilverStripe\Security\Security;
|
|
|
|
|
2009-11-06 02:23:13 +00:00
|
|
|
/**
|
|
|
|
* Encrypt all passwords
|
|
|
|
*
|
|
|
|
* Action to encrypt all *clear text* passwords in the database according
|
|
|
|
* to the current settings.
|
|
|
|
* If the current settings are so that passwords shouldn't be encrypted,
|
|
|
|
* an explanation will be printed out.
|
|
|
|
*
|
|
|
|
* To run this action, the user needs to have administrator rights!
|
2014-08-15 18:53:05 +12:00
|
|
|
*
|
2012-04-12 18:02:46 +12:00
|
|
|
* @package framework
|
2009-11-06 02:23:13 +00:00
|
|
|
* @subpackage tasks
|
|
|
|
*/
|
2010-04-12 01:58:32 +00:00
|
|
|
class EncryptAllPasswordsTask extends BuildTask {
|
2009-11-06 02:23:13 +00:00
|
|
|
protected $title = 'Encrypt all passwords tasks';
|
2014-08-15 18:53:05 +12:00
|
|
|
|
2012-09-27 09:34:00 +12:00
|
|
|
protected $description = 'Convert all plaintext passwords on the Member table to the default encryption/hashing
|
|
|
|
algorithm. Note: This mainly applies to passwords in SilverStripe 2.1 or earlier, passwords in newer versions
|
|
|
|
are hashed by default.';
|
2014-08-15 18:53:05 +12:00
|
|
|
|
2012-09-19 12:07:39 +02:00
|
|
|
public function init() {
|
2009-11-06 02:23:13 +00:00
|
|
|
parent::init();
|
2014-08-15 18:53:05 +12:00
|
|
|
|
2009-11-06 02:23:13 +00:00
|
|
|
if(!Permission::check('ADMIN')) {
|
|
|
|
return Security::permissionFailure($this);
|
|
|
|
}
|
|
|
|
}
|
2014-08-15 18:53:05 +12:00
|
|
|
|
2010-04-12 01:58:32 +00:00
|
|
|
public function run($request) {
|
2013-03-21 19:48:54 +01:00
|
|
|
$algo = Security::config()->password_encryption_algorithm;
|
2009-11-06 02:23:13 +00:00
|
|
|
if($algo == 'none') {
|
|
|
|
$this->debugMessage('Password encryption disabled');
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Are there members with a clear text password?
|
2016-06-23 11:37:22 +12:00
|
|
|
$members = Member::get()->where(array(
|
2013-06-21 10:32:08 +12:00
|
|
|
'"Member"."PasswordEncryption"' => 'none',
|
|
|
|
'"Member"."Password" IS NOT NULL'
|
|
|
|
));
|
2009-11-06 02:23:13 +00:00
|
|
|
|
|
|
|
if(!$members) {
|
|
|
|
$this->debugMessage('No passwords to encrypt');
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Encrypt the passwords...
|
|
|
|
$this->debugMessage('Encrypting all passwords');
|
|
|
|
$this->debugMessage(sprintf(
|
|
|
|
'The passwords will be encrypted using the %s algorithm',
|
|
|
|
$algo
|
|
|
|
));
|
|
|
|
|
|
|
|
foreach($members as $member) {
|
|
|
|
// Force the update of the member record, as new passwords get
|
|
|
|
// automatically encrypted according to the settings, this will do all
|
|
|
|
// the work for us
|
|
|
|
$member->PasswordEncryption = $algo;
|
2009-11-06 02:23:30 +00:00
|
|
|
$member->forceChange();
|
2009-11-06 02:23:13 +00:00
|
|
|
$member->write();
|
2014-08-15 18:53:05 +12:00
|
|
|
|
2009-11-06 02:23:13 +00:00
|
|
|
$this->debugMessage(sprintf('Encrypted credentials for member #%d;', $member->ID));
|
|
|
|
}
|
|
|
|
}
|
2014-08-15 18:53:05 +12:00
|
|
|
|
2009-11-06 02:23:13 +00:00
|
|
|
/**
|
2015-07-16 21:32:42 +12:00
|
|
|
* @todo This should really be taken care of by the testing framework
|
2009-11-06 02:23:13 +00:00
|
|
|
*/
|
|
|
|
protected function debugMessage($msg) {
|
2010-11-30 05:13:09 +00:00
|
|
|
if(class_exists('SapphireTest', false) && !SapphireTest::is_running_test()) {
|
2009-11-06 02:23:13 +00:00
|
|
|
Debug::message($msg);
|
|
|
|
}
|
|
|
|
}
|
2012-03-24 16:04:52 +13:00
|
|
|
}
|