silverstripe-framework/tasks/EncryptAllPasswordsTask.php

82 lines
2.2 KiB
PHP
Raw Normal View History

<?php
use SilverStripe\ORM\DataObject;
2016-06-23 11:37:22 +12:00
use SilverStripe\Security\Member;
use SilverStripe\Security\Permission;
use SilverStripe\Security\Security;
/**
* Encrypt all passwords
*
* Action to encrypt all *clear text* passwords in the database according
* to the current settings.
* If the current settings are so that passwords shouldn't be encrypted,
* an explanation will be printed out.
*
* To run this action, the user needs to have administrator rights!
2014-08-15 18:53:05 +12:00
*
* @package framework
* @subpackage tasks
*/
class EncryptAllPasswordsTask extends BuildTask {
protected $title = 'Encrypt all passwords tasks';
2014-08-15 18:53:05 +12:00
protected $description = 'Convert all plaintext passwords on the Member table to the default encryption/hashing
algorithm. Note: This mainly applies to passwords in SilverStripe 2.1 or earlier, passwords in newer versions
are hashed by default.';
2014-08-15 18:53:05 +12:00
public function init() {
parent::init();
2014-08-15 18:53:05 +12:00
if(!Permission::check('ADMIN')) {
return Security::permissionFailure($this);
}
}
2014-08-15 18:53:05 +12:00
public function run($request) {
$algo = Security::config()->password_encryption_algorithm;
if($algo == 'none') {
$this->debugMessage('Password encryption disabled');
return;
}
// Are there members with a clear text password?
2016-06-23 11:37:22 +12:00
$members = Member::get()->where(array(
'"Member"."PasswordEncryption"' => 'none',
'"Member"."Password" IS NOT NULL'
));
if(!$members) {
$this->debugMessage('No passwords to encrypt');
return;
}
// Encrypt the passwords...
$this->debugMessage('Encrypting all passwords');
$this->debugMessage(sprintf(
'The passwords will be encrypted using the %s algorithm',
$algo
));
foreach($members as $member) {
// Force the update of the member record, as new passwords get
// automatically encrypted according to the settings, this will do all
// the work for us
$member->PasswordEncryption = $algo;
$member->forceChange();
$member->write();
2014-08-15 18:53:05 +12:00
$this->debugMessage(sprintf('Encrypted credentials for member #%d;', $member->ID));
}
}
2014-08-15 18:53:05 +12:00
/**
* @todo This should really be taken care of by the testing framework
*/
protected function debugMessage($msg) {
if(class_exists('SapphireTest', false) && !SapphireTest::is_running_test()) {
Debug::message($msg);
}
}
}