From 7dc1d607de0b8efe34ebce414c74e30013d7ea81 Mon Sep 17 00:00:00 2001 From: Ingo Schommer Date: Fri, 6 Nov 2009 02:23:13 +0000 Subject: [PATCH] MINOR Moved Security::encryptallpasswords() to EncryptAllPasswordsTask git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90948 467b73ca-7a2a-4603-9d3b-597d59a354a9 --- security/Security.php | 71 +++----------------- tasks/EncryptAllPasswordsTask.php | 72 +++++++++++++++++++++ tests/tasks/EncryptAllPasswordsTaskTest.php | 21 ++++++ 3 files changed, 102 insertions(+), 62 deletions(-) create mode 100644 tasks/EncryptAllPasswordsTask.php create mode 100644 tests/tasks/EncryptAllPasswordsTaskTest.php diff --git a/security/Security.php b/security/Security.php index 64f1595e9..b59e5627a 100644 --- a/security/Security.php +++ b/security/Security.php @@ -883,68 +883,15 @@ class Security extends Controller { 'algorithm' => $algorithm); } - - /** - * Encrypt all passwords - * - * Action to encrypt all *clear text* passwords in the database according - * to the current settings. - * If the current settings are so that passwords shouldn't be encrypted, - * an explanation will be printed out. - * - * To run this action, the user needs to have administrator rights! - */ - public function encryptallpasswords() { - // Only administrators can run this method - if(!Permission::check("ADMIN")) { - Security::permissionFailure($this, - _t('Security.PERMFAILURE',' This page is secured and you need administrator rights to access it. - Enter your credentials below and we will send you right along.')); - return; - } - - - if(self::$encryptPasswords == false) { - print '

'._t('Security.ENCDISABLED1', 'Password encryption disabled!')."

\n"; - print '

'._t('Security.ENCDISABLED2', 'To encrypt your passwords change your password settings by adding')."\n"; - print "

Security::encrypt_passwords(true);
\n"._t('Security.ENCDISABLED3', 'to mysite/_config.php')."

"; - - return; - } - - - // Are there members with a clear text password? - $members = DataObject::get("Member", - "\"PasswordEncryption\" = 'none' AND \"Password\" IS NOT NULL"); - - if(!$members) { - print '

'._t('Security.NOTHINGTOENCRYPT1', 'No passwords to encrypt')."

\n"; - print '

'._t('Security.NOTHINGTOENCRYPT2', 'There are no members with a clear text password that could be encrypted!')."

\n"; - - return; - } - - // Encrypt the passwords... - print '

'._t('Security.ENCRYPT', 'Encrypting all passwords').'

'; - print '

'.sprintf(_t('Security.ENCRYPTWITH', 'The passwords will be encrypted using the "%s" algorithm'), htmlentities(self::$encryptionAlgorithm)); - - print (self::$useSalt) - ? _t('Security.ENCRYPTWITHSALT', 'with a salt to increase the security.')."

\n" - : _t('Security.ENCRYPTWITHOUTSALT', 'without using a salt to increase the security.')."

\n"; - - foreach($members as $member) { - // Force the update of the member record, as new passwords get - // automatically encrypted according to the settings, this will do all - // the work for us - $member->forceChange(); - $member->write(); - - print ' '._t('Security.ENCRYPTEDMEMBERS', 'Encrypted credentials for member "'); - print htmlentities($member->getTitle()) . '" ('._t('Security.ID', 'ID:').' ' . $member->ID . - '; '._t('Security.EMAIL', 'E-Mail:').' ' . htmlentities($member->Email) . ")
\n"; - } - - print '

'; + // New salts will only need to be generated if the password is hashed for the first time + $salt = ($salt) ? $salt : $e->salt($password); + + return array( + 'password' => $e->encrypt($password, $salt), + 'salt' => $salt, + 'algorithm' => $algorithm, + 'encryptor' => $e + ); } /** diff --git a/tasks/EncryptAllPasswordsTask.php b/tasks/EncryptAllPasswordsTask.php new file mode 100644 index 000000000..1fc11843b --- /dev/null +++ b/tasks/EncryptAllPasswordsTask.php @@ -0,0 +1,72 @@ +debugMessage('Password encryption disabled'); + return; + } + + // Are there members with a clear text password? + $members = DataObject::get( + "Member", + "\"PasswordEncryption\" = 'none' AND \"Password\" IS NOT NULL" + ); + + if(!$members) { + $this->debugMessage('No passwords to encrypt'); + return; + } + + // Encrypt the passwords... + $this->debugMessage('Encrypting all passwords'); + $this->debugMessage(sprintf( + 'The passwords will be encrypted using the %s algorithm', + $algo + )); + + foreach($members as $member) { + // Force the update of the member record, as new passwords get + // automatically encrypted according to the settings, this will do all + // the work for us + $member->PasswordEncryption = $algo; + $member->write(); + + $this->debugMessage(sprintf('Encrypted credentials for member #%d;', $member->ID)); + } + } + + /** + * @todo This should really be taken care of by TestRunner + */ + protected function debugMessage($msg) { + if(!SapphireTest::is_running_test()) { + Debug::message($msg); + } + } +} \ No newline at end of file diff --git a/tests/tasks/EncryptAllPasswordsTaskTest.php b/tests/tasks/EncryptAllPasswordsTaskTest.php new file mode 100644 index 000000000..c37d35ef6 --- /dev/null +++ b/tests/tasks/EncryptAllPasswordsTaskTest.php @@ -0,0 +1,21 @@ +Password = 'plain'; + $m->PasswordEncryption = 'none'; + $m->write(); + + $t = new EncryptAllPasswordsTask(); + $t->run(); + + $m = DataObject::get_by_id('Member', $m->ID); + $this->assertEquals($m->PasswordEncryption, 'sha1_v2.4'); + $this->assertNotEquals($m->Password, 'plain'); + $this->assertTrue($m->checkPassword('plain')); + } +} \ No newline at end of file