tonyair
/
silverstripe-framework
mirror of https://github.com/silverstripe/silverstripe-framework
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

MINOR Moved Security::encryptallpasswords() to EncryptAllPasswordsTask 

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90948 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2009-11-06 02:23:13 +00:00
parent edf7d4a134
commit 7dc1d607de
3 changed files with 102 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
security/Security.php
View File

@ -883,68 +883,15 @@ class Security extends Controller {
'algorithm' => $algorithm);
}
/**
* Encrypt all passwords
*
* Action to encrypt all *clear text* passwords in the database according
* to the current settings.
* If the current settings are so that passwords shouldn't be encrypted,
* an explanation will be printed out.
*
* To run this action, the user needs to have administrator rights!
*/
public function encryptallpasswords() {
// Only administrators can run this method
if(!Permission::check("ADMIN")) {
Security::permissionFailure($this,
_t('Security.PERMFAILURE',' This page is secured and you need administrator rights to access it.
Enter your credentials below and we will send you right along.'));
return;
}
if(self::$encryptPasswords == false) {
print '<h1>'._t('Security.ENCDISABLED1', 'Password encryption disabled!')."</h1>\n";
print '<p>'._t('Security.ENCDISABLED2', 'To encrypt your passwords change your password settings by adding')."\n";
print "<pre>Security::encrypt_passwords(true);</pre>\n"._t('Security.ENCDISABLED3', 'to mysite/_config.php')."</p>";
return;
}
// Are there members with a clear text password?
$members = DataObject::get("Member",
"\"PasswordEncryption\" = 'none' AND \"Password\" IS NOT NULL");
if(!$members) {
print '<h1>'._t('Security.NOTHINGTOENCRYPT1', 'No passwords to encrypt')."</h1>\n";
print '<p>'._t('Security.NOTHINGTOENCRYPT2', 'There are no members with a clear text password that could be encrypted!')."</p>\n";
return;
}
// Encrypt the passwords...
print '<h1>'._t('Security.ENCRYPT', 'Encrypting all passwords').'</h1>';
print '<p>'.sprintf(_t('Security.ENCRYPTWITH', 'The passwords will be encrypted using the &quot;%s&quot; algorithm'), htmlentities(self::$encryptionAlgorithm));
print (self::$useSalt)
? _t('Security.ENCRYPTWITHSALT', 'with a salt to increase the security.')."</p>\n"
: _t('Security.ENCRYPTWITHOUTSALT', 'without using a salt to increase the security.')."</p><p>\n";
foreach($members as $member) {
// Force the update of the member record, as new passwords get
// automatically encrypted according to the settings, this will do all
// the work for us
$member->forceChange();
$member->write();
print ' '._t('Security.ENCRYPTEDMEMBERS', 'Encrypted credentials for member &quot;');
print htmlentities($member->getTitle()) . '&quot; ('._t('Security.ID', 'ID:').' ' . $member->ID .
'; '._t('Security.EMAIL', 'E-Mail:').' ' . htmlentities($member->Email) . ")<br />\n";
}
print '</p>';
// New salts will only need to be generated if the password is hashed for the first time
$salt = ($salt) ? $salt : $e->salt($password);
return array(
'password' => $e->encrypt($password, $salt),
'salt' => $salt,
'algorithm' => $algorithm,
'encryptor' => $e
);
}
/**

72
tasks/EncryptAllPasswordsTask.php Normal file
View File

@ -0,0 +1,72 @@
<?php
/**
* Encrypt all passwords
*
* Action to encrypt all *clear text* passwords in the database according
* to the current settings.
* If the current settings are so that passwords shouldn't be encrypted,
* an explanation will be printed out.
*
* To run this action, the user needs to have administrator rights!
*
* @package sapphire
* @subpackage tasks
*/
class EncryptAllPasswordsTask extends DailyTask {
protected $title = 'Encrypt all passwords tasks';
protected $description = 'Convert all plaintext passwords on the Member table to the default encryption/hashing algorithm. Note: This mainly applies to passwords in SilverStripe 2.1 or earlier, passwords in newer versions are hashed by default.';
function init() {
parent::init();
if(!Permission::check('ADMIN')) {
return Security::permissionFailure($this);
}
}
public function run($request = null) {
$algo = Security::get_password_encryption_algorithm();
if($algo == 'none') {
$this->debugMessage('Password encryption disabled');
return;
}
// Are there members with a clear text password?
$members = DataObject::get(
"Member",
"\"PasswordEncryption\" = 'none' AND \"Password\" IS NOT NULL"
);
if(!$members) {
$this->debugMessage('No passwords to encrypt');
return;
}
// Encrypt the passwords...
$this->debugMessage('Encrypting all passwords');
$this->debugMessage(sprintf(
'The passwords will be encrypted using the %s algorithm',
$algo
));
foreach($members as $member) {
// Force the update of the member record, as new passwords get
// automatically encrypted according to the settings, this will do all
// the work for us
$member->PasswordEncryption = $algo;
$member->write();
$this->debugMessage(sprintf('Encrypted credentials for member #%d;', $member->ID));
}
}
/**
* @todo This should really be taken care of by TestRunner
*/
protected function debugMessage($msg) {
if(!SapphireTest::is_running_test()) {
Debug::message($msg);
}
}
}

21
tests/tasks/EncryptAllPasswordsTaskTest.php Normal file
View File

@ -0,0 +1,21 @@
<?php
/**
* @package sapphire
* @subpackage tests
*/
class EncryptAllPasswordsTaskTest extends SapphireTest {
function testRun() {
$m = new Member();
$m->Password = 'plain';
$m->PasswordEncryption = 'none';
$m->write();
$t = new EncryptAllPasswordsTask();
$t->run();
$m = DataObject::get_by_id('Member', $m->ID);
$this->assertEquals($m->PasswordEncryption, 'sha1_v2.4');
$this->assertNotEquals($m->Password, 'plain');
$this->assertTrue($m->checkPassword('plain'));
}
}