mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
MINOR Moved Security::encryptallpasswords() to EncryptAllPasswordsTask
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90948 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
parent
edf7d4a134
commit
7dc1d607de
@ -883,68 +883,15 @@ class Security extends Controller {
|
|||||||
'algorithm' => $algorithm);
|
'algorithm' => $algorithm);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// New salts will only need to be generated if the password is hashed for the first time
|
||||||
/**
|
$salt = ($salt) ? $salt : $e->salt($password);
|
||||||
* Encrypt all passwords
|
|
||||||
*
|
return array(
|
||||||
* Action to encrypt all *clear text* passwords in the database according
|
'password' => $e->encrypt($password, $salt),
|
||||||
* to the current settings.
|
'salt' => $salt,
|
||||||
* If the current settings are so that passwords shouldn't be encrypted,
|
'algorithm' => $algorithm,
|
||||||
* an explanation will be printed out.
|
'encryptor' => $e
|
||||||
*
|
);
|
||||||
* To run this action, the user needs to have administrator rights!
|
|
||||||
*/
|
|
||||||
public function encryptallpasswords() {
|
|
||||||
// Only administrators can run this method
|
|
||||||
if(!Permission::check("ADMIN")) {
|
|
||||||
Security::permissionFailure($this,
|
|
||||||
_t('Security.PERMFAILURE',' This page is secured and you need administrator rights to access it.
|
|
||||||
Enter your credentials below and we will send you right along.'));
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
if(self::$encryptPasswords == false) {
|
|
||||||
print '<h1>'._t('Security.ENCDISABLED1', 'Password encryption disabled!')."</h1>\n";
|
|
||||||
print '<p>'._t('Security.ENCDISABLED2', 'To encrypt your passwords change your password settings by adding')."\n";
|
|
||||||
print "<pre>Security::encrypt_passwords(true);</pre>\n"._t('Security.ENCDISABLED3', 'to mysite/_config.php')."</p>";
|
|
||||||
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// Are there members with a clear text password?
|
|
||||||
$members = DataObject::get("Member",
|
|
||||||
"\"PasswordEncryption\" = 'none' AND \"Password\" IS NOT NULL");
|
|
||||||
|
|
||||||
if(!$members) {
|
|
||||||
print '<h1>'._t('Security.NOTHINGTOENCRYPT1', 'No passwords to encrypt')."</h1>\n";
|
|
||||||
print '<p>'._t('Security.NOTHINGTOENCRYPT2', 'There are no members with a clear text password that could be encrypted!')."</p>\n";
|
|
||||||
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Encrypt the passwords...
|
|
||||||
print '<h1>'._t('Security.ENCRYPT', 'Encrypting all passwords').'</h1>';
|
|
||||||
print '<p>'.sprintf(_t('Security.ENCRYPTWITH', 'The passwords will be encrypted using the "%s" algorithm'), htmlentities(self::$encryptionAlgorithm));
|
|
||||||
|
|
||||||
print (self::$useSalt)
|
|
||||||
? _t('Security.ENCRYPTWITHSALT', 'with a salt to increase the security.')."</p>\n"
|
|
||||||
: _t('Security.ENCRYPTWITHOUTSALT', 'without using a salt to increase the security.')."</p><p>\n";
|
|
||||||
|
|
||||||
foreach($members as $member) {
|
|
||||||
// Force the update of the member record, as new passwords get
|
|
||||||
// automatically encrypted according to the settings, this will do all
|
|
||||||
// the work for us
|
|
||||||
$member->forceChange();
|
|
||||||
$member->write();
|
|
||||||
|
|
||||||
print ' '._t('Security.ENCRYPTEDMEMBERS', 'Encrypted credentials for member "');
|
|
||||||
print htmlentities($member->getTitle()) . '" ('._t('Security.ID', 'ID:').' ' . $member->ID .
|
|
||||||
'; '._t('Security.EMAIL', 'E-Mail:').' ' . htmlentities($member->Email) . ")<br />\n";
|
|
||||||
}
|
|
||||||
|
|
||||||
print '</p>';
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
72
tasks/EncryptAllPasswordsTask.php
Normal file
72
tasks/EncryptAllPasswordsTask.php
Normal file
@ -0,0 +1,72 @@
|
|||||||
|
<?php
|
||||||
|
/**
|
||||||
|
* Encrypt all passwords
|
||||||
|
*
|
||||||
|
* Action to encrypt all *clear text* passwords in the database according
|
||||||
|
* to the current settings.
|
||||||
|
* If the current settings are so that passwords shouldn't be encrypted,
|
||||||
|
* an explanation will be printed out.
|
||||||
|
*
|
||||||
|
* To run this action, the user needs to have administrator rights!
|
||||||
|
*
|
||||||
|
* @package sapphire
|
||||||
|
* @subpackage tasks
|
||||||
|
*/
|
||||||
|
class EncryptAllPasswordsTask extends DailyTask {
|
||||||
|
protected $title = 'Encrypt all passwords tasks';
|
||||||
|
|
||||||
|
protected $description = 'Convert all plaintext passwords on the Member table to the default encryption/hashing algorithm. Note: This mainly applies to passwords in SilverStripe 2.1 or earlier, passwords in newer versions are hashed by default.';
|
||||||
|
|
||||||
|
function init() {
|
||||||
|
parent::init();
|
||||||
|
|
||||||
|
if(!Permission::check('ADMIN')) {
|
||||||
|
return Security::permissionFailure($this);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public function run($request = null) {
|
||||||
|
$algo = Security::get_password_encryption_algorithm();
|
||||||
|
if($algo == 'none') {
|
||||||
|
$this->debugMessage('Password encryption disabled');
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Are there members with a clear text password?
|
||||||
|
$members = DataObject::get(
|
||||||
|
"Member",
|
||||||
|
"\"PasswordEncryption\" = 'none' AND \"Password\" IS NOT NULL"
|
||||||
|
);
|
||||||
|
|
||||||
|
if(!$members) {
|
||||||
|
$this->debugMessage('No passwords to encrypt');
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Encrypt the passwords...
|
||||||
|
$this->debugMessage('Encrypting all passwords');
|
||||||
|
$this->debugMessage(sprintf(
|
||||||
|
'The passwords will be encrypted using the %s algorithm',
|
||||||
|
$algo
|
||||||
|
));
|
||||||
|
|
||||||
|
foreach($members as $member) {
|
||||||
|
// Force the update of the member record, as new passwords get
|
||||||
|
// automatically encrypted according to the settings, this will do all
|
||||||
|
// the work for us
|
||||||
|
$member->PasswordEncryption = $algo;
|
||||||
|
$member->write();
|
||||||
|
|
||||||
|
$this->debugMessage(sprintf('Encrypted credentials for member #%d;', $member->ID));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @todo This should really be taken care of by TestRunner
|
||||||
|
*/
|
||||||
|
protected function debugMessage($msg) {
|
||||||
|
if(!SapphireTest::is_running_test()) {
|
||||||
|
Debug::message($msg);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
21
tests/tasks/EncryptAllPasswordsTaskTest.php
Normal file
21
tests/tasks/EncryptAllPasswordsTaskTest.php
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
<?php
|
||||||
|
/**
|
||||||
|
* @package sapphire
|
||||||
|
* @subpackage tests
|
||||||
|
*/
|
||||||
|
class EncryptAllPasswordsTaskTest extends SapphireTest {
|
||||||
|
function testRun() {
|
||||||
|
$m = new Member();
|
||||||
|
$m->Password = 'plain';
|
||||||
|
$m->PasswordEncryption = 'none';
|
||||||
|
$m->write();
|
||||||
|
|
||||||
|
$t = new EncryptAllPasswordsTask();
|
||||||
|
$t->run();
|
||||||
|
|
||||||
|
$m = DataObject::get_by_id('Member', $m->ID);
|
||||||
|
$this->assertEquals($m->PasswordEncryption, 'sha1_v2.4');
|
||||||
|
$this->assertNotEquals($m->Password, 'plain');
|
||||||
|
$this->assertTrue($m->checkPassword('plain'));
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user