From 710f7016456a98dfadc87fc19d76384c93a7155c Mon Sep 17 00:00:00 2001
From: Ingo Schommer
Date: Fri, 13 Nov 2009 21:43:55 +0000
Subject: [PATCH] MINOR Moved Security::encryptallpasswords() to
EncryptAllPasswordsTask (merged from r90948)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@91564 467b73ca-7a2a-4603-9d3b-597d59a354a9
---
security/Security.php | 64 ------------------
tasks/EncryptAllPasswordsTask.php | 73 +++++++++++++++++++++
tests/tasks/EncryptAllPasswordsTaskTest.php | 21 ++++++
3 files changed, 94 insertions(+), 64 deletions(-)
create mode 100644 tasks/EncryptAllPasswordsTask.php
create mode 100644 tests/tasks/EncryptAllPasswordsTaskTest.php
diff --git a/security/Security.php b/security/Security.php
index 64f1595e9..b8f7fb9f0 100644
--- a/security/Security.php
+++ b/security/Security.php
@@ -882,70 +882,6 @@ class Security extends Controller {
'salt' => $salt,
'algorithm' => $algorithm);
}
-
-
- /**
- * Encrypt all passwords
- *
- * Action to encrypt all *clear text* passwords in the database according
- * to the current settings.
- * If the current settings are so that passwords shouldn't be encrypted,
- * an explanation will be printed out.
- *
- * To run this action, the user needs to have administrator rights!
- */
- public function encryptallpasswords() {
- // Only administrators can run this method
- if(!Permission::check("ADMIN")) {
- Security::permissionFailure($this,
- _t('Security.PERMFAILURE',' This page is secured and you need administrator rights to access it.
- Enter your credentials below and we will send you right along.'));
- return;
- }
-
-
- if(self::$encryptPasswords == false) {
- print ''._t('Security.ENCDISABLED1', 'Password encryption disabled!')."
\n";
- print ''._t('Security.ENCDISABLED2', 'To encrypt your passwords change your password settings by adding')."\n";
- print "
Security::encrypt_passwords(true);
\n"._t('Security.ENCDISABLED3', 'to mysite/_config.php')."
";
-
- return;
- }
-
-
- // Are there members with a clear text password?
- $members = DataObject::get("Member",
- "\"PasswordEncryption\" = 'none' AND \"Password\" IS NOT NULL");
-
- if(!$members) {
- print ''._t('Security.NOTHINGTOENCRYPT1', 'No passwords to encrypt')."
\n";
- print ''._t('Security.NOTHINGTOENCRYPT2', 'There are no members with a clear text password that could be encrypted!')."
\n";
-
- return;
- }
-
- // Encrypt the passwords...
- print ''._t('Security.ENCRYPT', 'Encrypting all passwords').'
';
- print ''.sprintf(_t('Security.ENCRYPTWITH', 'The passwords will be encrypted using the "%s" algorithm'), htmlentities(self::$encryptionAlgorithm));
-
- print (self::$useSalt)
- ? _t('Security.ENCRYPTWITHSALT', 'with a salt to increase the security.')."
\n"
- : _t('Security.ENCRYPTWITHOUTSALT', 'without using a salt to increase the security.')."\n";
-
- foreach($members as $member) {
- // Force the update of the member record, as new passwords get
- // automatically encrypted according to the settings, this will do all
- // the work for us
- $member->forceChange();
- $member->write();
-
- print ' '._t('Security.ENCRYPTEDMEMBERS', 'Encrypted credentials for member "');
- print htmlentities($member->getTitle()) . '" ('._t('Security.ID', 'ID:').' ' . $member->ID .
- '; '._t('Security.EMAIL', 'E-Mail:').' ' . htmlentities($member->Email) . ")
\n";
- }
-
- print '
';
- }
/**
* Checks the database is in a state to perform security checks.
diff --git a/tasks/EncryptAllPasswordsTask.php b/tasks/EncryptAllPasswordsTask.php
new file mode 100644
index 000000000..b2724d8a9
--- /dev/null
+++ b/tasks/EncryptAllPasswordsTask.php
@@ -0,0 +1,73 @@
+debugMessage('Password encryption disabled');
+ return;
+ }
+
+ // Are there members with a clear text password?
+ $members = DataObject::get(
+ "Member",
+ "\"PasswordEncryption\" = 'none' AND \"Password\" IS NOT NULL"
+ );
+
+ if(!$members) {
+ $this->debugMessage('No passwords to encrypt');
+ return;
+ }
+
+ // Encrypt the passwords...
+ $this->debugMessage('Encrypting all passwords');
+ $this->debugMessage(sprintf(
+ 'The passwords will be encrypted using the %s algorithm',
+ $algo
+ ));
+
+ foreach($members as $member) {
+ // Force the update of the member record, as new passwords get
+ // automatically encrypted according to the settings, this will do all
+ // the work for us
+ $member->PasswordEncryption = $algo;
+ $member->forceChange();
+ $member->write();
+
+ $this->debugMessage(sprintf('Encrypted credentials for member #%d;', $member->ID));
+ }
+ }
+
+ /**
+ * @todo This should really be taken care of by TestRunner
+ */
+ protected function debugMessage($msg) {
+ if(!SapphireTest::is_running_test()) {
+ Debug::message($msg);
+ }
+ }
+}
\ No newline at end of file
diff --git a/tests/tasks/EncryptAllPasswordsTaskTest.php b/tests/tasks/EncryptAllPasswordsTaskTest.php
new file mode 100644
index 000000000..c37d35ef6
--- /dev/null
+++ b/tests/tasks/EncryptAllPasswordsTaskTest.php
@@ -0,0 +1,21 @@
+Password = 'plain';
+ $m->PasswordEncryption = 'none';
+ $m->write();
+
+ $t = new EncryptAllPasswordsTask();
+ $t->run();
+
+ $m = DataObject::get_by_id('Member', $m->ID);
+ $this->assertEquals($m->PasswordEncryption, 'sha1_v2.4');
+ $this->assertNotEquals($m->Password, 'plain');
+ $this->assertTrue($m->checkPassword('plain'));
+ }
+}
\ No newline at end of file