From 710f7016456a98dfadc87fc19d76384c93a7155c Mon Sep 17 00:00:00 2001 From: Ingo Schommer Date: Fri, 13 Nov 2009 21:43:55 +0000 Subject: [PATCH] MINOR Moved Security::encryptallpasswords() to EncryptAllPasswordsTask (merged from r90948) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@91564 467b73ca-7a2a-4603-9d3b-597d59a354a9 --- security/Security.php | 64 ------------------ tasks/EncryptAllPasswordsTask.php | 73 +++++++++++++++++++++ tests/tasks/EncryptAllPasswordsTaskTest.php | 21 ++++++ 3 files changed, 94 insertions(+), 64 deletions(-) create mode 100644 tasks/EncryptAllPasswordsTask.php create mode 100644 tests/tasks/EncryptAllPasswordsTaskTest.php diff --git a/security/Security.php b/security/Security.php index 64f1595e9..b8f7fb9f0 100644 --- a/security/Security.php +++ b/security/Security.php @@ -882,70 +882,6 @@ class Security extends Controller { 'salt' => $salt, 'algorithm' => $algorithm); } - - - /** - * Encrypt all passwords - * - * Action to encrypt all *clear text* passwords in the database according - * to the current settings. - * If the current settings are so that passwords shouldn't be encrypted, - * an explanation will be printed out. - * - * To run this action, the user needs to have administrator rights! - */ - public function encryptallpasswords() { - // Only administrators can run this method - if(!Permission::check("ADMIN")) { - Security::permissionFailure($this, - _t('Security.PERMFAILURE',' This page is secured and you need administrator rights to access it. - Enter your credentials below and we will send you right along.')); - return; - } - - - if(self::$encryptPasswords == false) { - print '

'._t('Security.ENCDISABLED1', 'Password encryption disabled!')."

\n"; - print '

'._t('Security.ENCDISABLED2', 'To encrypt your passwords change your password settings by adding')."\n"; - print "

Security::encrypt_passwords(true);
\n"._t('Security.ENCDISABLED3', 'to mysite/_config.php')."

"; - - return; - } - - - // Are there members with a clear text password? - $members = DataObject::get("Member", - "\"PasswordEncryption\" = 'none' AND \"Password\" IS NOT NULL"); - - if(!$members) { - print '

'._t('Security.NOTHINGTOENCRYPT1', 'No passwords to encrypt')."

\n"; - print '

'._t('Security.NOTHINGTOENCRYPT2', 'There are no members with a clear text password that could be encrypted!')."

\n"; - - return; - } - - // Encrypt the passwords... - print '

'._t('Security.ENCRYPT', 'Encrypting all passwords').'

'; - print '

'.sprintf(_t('Security.ENCRYPTWITH', 'The passwords will be encrypted using the "%s" algorithm'), htmlentities(self::$encryptionAlgorithm)); - - print (self::$useSalt) - ? _t('Security.ENCRYPTWITHSALT', 'with a salt to increase the security.')."

\n" - : _t('Security.ENCRYPTWITHOUTSALT', 'without using a salt to increase the security.')."

\n"; - - foreach($members as $member) { - // Force the update of the member record, as new passwords get - // automatically encrypted according to the settings, this will do all - // the work for us - $member->forceChange(); - $member->write(); - - print ' '._t('Security.ENCRYPTEDMEMBERS', 'Encrypted credentials for member "'); - print htmlentities($member->getTitle()) . '" ('._t('Security.ID', 'ID:').' ' . $member->ID . - '; '._t('Security.EMAIL', 'E-Mail:').' ' . htmlentities($member->Email) . ")
\n"; - } - - print '

'; - } /** * Checks the database is in a state to perform security checks. diff --git a/tasks/EncryptAllPasswordsTask.php b/tasks/EncryptAllPasswordsTask.php new file mode 100644 index 000000000..b2724d8a9 --- /dev/null +++ b/tasks/EncryptAllPasswordsTask.php @@ -0,0 +1,73 @@ +debugMessage('Password encryption disabled'); + return; + } + + // Are there members with a clear text password? + $members = DataObject::get( + "Member", + "\"PasswordEncryption\" = 'none' AND \"Password\" IS NOT NULL" + ); + + if(!$members) { + $this->debugMessage('No passwords to encrypt'); + return; + } + + // Encrypt the passwords... + $this->debugMessage('Encrypting all passwords'); + $this->debugMessage(sprintf( + 'The passwords will be encrypted using the %s algorithm', + $algo + )); + + foreach($members as $member) { + // Force the update of the member record, as new passwords get + // automatically encrypted according to the settings, this will do all + // the work for us + $member->PasswordEncryption = $algo; + $member->forceChange(); + $member->write(); + + $this->debugMessage(sprintf('Encrypted credentials for member #%d;', $member->ID)); + } + } + + /** + * @todo This should really be taken care of by TestRunner + */ + protected function debugMessage($msg) { + if(!SapphireTest::is_running_test()) { + Debug::message($msg); + } + } +} \ No newline at end of file diff --git a/tests/tasks/EncryptAllPasswordsTaskTest.php b/tests/tasks/EncryptAllPasswordsTaskTest.php new file mode 100644 index 000000000..c37d35ef6 --- /dev/null +++ b/tests/tasks/EncryptAllPasswordsTaskTest.php @@ -0,0 +1,21 @@ +Password = 'plain'; + $m->PasswordEncryption = 'none'; + $m->write(); + + $t = new EncryptAllPasswordsTask(); + $t->run(); + + $m = DataObject::get_by_id('Member', $m->ID); + $this->assertEquals($m->PasswordEncryption, 'sha1_v2.4'); + $this->assertNotEquals($m->Password, 'plain'); + $this->assertTrue($m->checkPassword('plain')); + } +} \ No newline at end of file