mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 12:05:37 +00:00
MINOR Moved Security::encryptallpasswords() to EncryptAllPasswordsTask
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90948 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
parent
edf7d4a134
commit
7dc1d607de
@ -883,68 +883,15 @@ class Security extends Controller {
|
||||
'algorithm' => $algorithm);
|
||||
}
|
||||
|
||||
// New salts will only need to be generated if the password is hashed for the first time
|
||||
$salt = ($salt) ? $salt : $e->salt($password);
|
||||
|
||||
/**
|
||||
* Encrypt all passwords
|
||||
*
|
||||
* Action to encrypt all *clear text* passwords in the database according
|
||||
* to the current settings.
|
||||
* If the current settings are so that passwords shouldn't be encrypted,
|
||||
* an explanation will be printed out.
|
||||
*
|
||||
* To run this action, the user needs to have administrator rights!
|
||||
*/
|
||||
public function encryptallpasswords() {
|
||||
// Only administrators can run this method
|
||||
if(!Permission::check("ADMIN")) {
|
||||
Security::permissionFailure($this,
|
||||
_t('Security.PERMFAILURE',' This page is secured and you need administrator rights to access it.
|
||||
Enter your credentials below and we will send you right along.'));
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
if(self::$encryptPasswords == false) {
|
||||
print '<h1>'._t('Security.ENCDISABLED1', 'Password encryption disabled!')."</h1>\n";
|
||||
print '<p>'._t('Security.ENCDISABLED2', 'To encrypt your passwords change your password settings by adding')."\n";
|
||||
print "<pre>Security::encrypt_passwords(true);</pre>\n"._t('Security.ENCDISABLED3', 'to mysite/_config.php')."</p>";
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
// Are there members with a clear text password?
|
||||
$members = DataObject::get("Member",
|
||||
"\"PasswordEncryption\" = 'none' AND \"Password\" IS NOT NULL");
|
||||
|
||||
if(!$members) {
|
||||
print '<h1>'._t('Security.NOTHINGTOENCRYPT1', 'No passwords to encrypt')."</h1>\n";
|
||||
print '<p>'._t('Security.NOTHINGTOENCRYPT2', 'There are no members with a clear text password that could be encrypted!')."</p>\n";
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
// Encrypt the passwords...
|
||||
print '<h1>'._t('Security.ENCRYPT', 'Encrypting all passwords').'</h1>';
|
||||
print '<p>'.sprintf(_t('Security.ENCRYPTWITH', 'The passwords will be encrypted using the "%s" algorithm'), htmlentities(self::$encryptionAlgorithm));
|
||||
|
||||
print (self::$useSalt)
|
||||
? _t('Security.ENCRYPTWITHSALT', 'with a salt to increase the security.')."</p>\n"
|
||||
: _t('Security.ENCRYPTWITHOUTSALT', 'without using a salt to increase the security.')."</p><p>\n";
|
||||
|
||||
foreach($members as $member) {
|
||||
// Force the update of the member record, as new passwords get
|
||||
// automatically encrypted according to the settings, this will do all
|
||||
// the work for us
|
||||
$member->forceChange();
|
||||
$member->write();
|
||||
|
||||
print ' '._t('Security.ENCRYPTEDMEMBERS', 'Encrypted credentials for member "');
|
||||
print htmlentities($member->getTitle()) . '" ('._t('Security.ID', 'ID:').' ' . $member->ID .
|
||||
'; '._t('Security.EMAIL', 'E-Mail:').' ' . htmlentities($member->Email) . ")<br />\n";
|
||||
}
|
||||
|
||||
print '</p>';
|
||||
return array(
|
||||
'password' => $e->encrypt($password, $salt),
|
||||
'salt' => $salt,
|
||||
'algorithm' => $algorithm,
|
||||
'encryptor' => $e
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
|
72
tasks/EncryptAllPasswordsTask.php
Normal file
72
tasks/EncryptAllPasswordsTask.php
Normal file
@ -0,0 +1,72 @@
|
||||
<?php
|
||||
/**
|
||||
* Encrypt all passwords
|
||||
*
|
||||
* Action to encrypt all *clear text* passwords in the database according
|
||||
* to the current settings.
|
||||
* If the current settings are so that passwords shouldn't be encrypted,
|
||||
* an explanation will be printed out.
|
||||
*
|
||||
* To run this action, the user needs to have administrator rights!
|
||||
*
|
||||
* @package sapphire
|
||||
* @subpackage tasks
|
||||
*/
|
||||
class EncryptAllPasswordsTask extends DailyTask {
|
||||
protected $title = 'Encrypt all passwords tasks';
|
||||
|
||||
protected $description = 'Convert all plaintext passwords on the Member table to the default encryption/hashing algorithm. Note: This mainly applies to passwords in SilverStripe 2.1 or earlier, passwords in newer versions are hashed by default.';
|
||||
|
||||
function init() {
|
||||
parent::init();
|
||||
|
||||
if(!Permission::check('ADMIN')) {
|
||||
return Security::permissionFailure($this);
|
||||
}
|
||||
}
|
||||
|
||||
public function run($request = null) {
|
||||
$algo = Security::get_password_encryption_algorithm();
|
||||
if($algo == 'none') {
|
||||
$this->debugMessage('Password encryption disabled');
|
||||
return;
|
||||
}
|
||||
|
||||
// Are there members with a clear text password?
|
||||
$members = DataObject::get(
|
||||
"Member",
|
||||
"\"PasswordEncryption\" = 'none' AND \"Password\" IS NOT NULL"
|
||||
);
|
||||
|
||||
if(!$members) {
|
||||
$this->debugMessage('No passwords to encrypt');
|
||||
return;
|
||||
}
|
||||
|
||||
// Encrypt the passwords...
|
||||
$this->debugMessage('Encrypting all passwords');
|
||||
$this->debugMessage(sprintf(
|
||||
'The passwords will be encrypted using the %s algorithm',
|
||||
$algo
|
||||
));
|
||||
|
||||
foreach($members as $member) {
|
||||
// Force the update of the member record, as new passwords get
|
||||
// automatically encrypted according to the settings, this will do all
|
||||
// the work for us
|
||||
$member->PasswordEncryption = $algo;
|
||||
$member->write();
|
||||
|
||||
$this->debugMessage(sprintf('Encrypted credentials for member #%d;', $member->ID));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @todo This should really be taken care of by TestRunner
|
||||
*/
|
||||
protected function debugMessage($msg) {
|
||||
if(!SapphireTest::is_running_test()) {
|
||||
Debug::message($msg);
|
||||
}
|
||||
}
|
||||
}
|
21
tests/tasks/EncryptAllPasswordsTaskTest.php
Normal file
21
tests/tasks/EncryptAllPasswordsTaskTest.php
Normal file
@ -0,0 +1,21 @@
|
||||
<?php
|
||||
/**
|
||||
* @package sapphire
|
||||
* @subpackage tests
|
||||
*/
|
||||
class EncryptAllPasswordsTaskTest extends SapphireTest {
|
||||
function testRun() {
|
||||
$m = new Member();
|
||||
$m->Password = 'plain';
|
||||
$m->PasswordEncryption = 'none';
|
||||
$m->write();
|
||||
|
||||
$t = new EncryptAllPasswordsTask();
|
||||
$t->run();
|
||||
|
||||
$m = DataObject::get_by_id('Member', $m->ID);
|
||||
$this->assertEquals($m->PasswordEncryption, 'sha1_v2.4');
|
||||
$this->assertNotEquals($m->Password, 'plain');
|
||||
$this->assertTrue($m->checkPassword('plain'));
|
||||
}
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user