From e7bc8ae99f6fdbc0da942029a5ac11195ca4f15e Mon Sep 17 00:00:00 2001 From: Thomas Portelange Date: Mon, 26 Feb 2024 11:31:53 +0100 Subject: [PATCH 1/2] FIX Generate salt if needed --- src/Security/Member.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/Security/Member.php b/src/Security/Member.php index 70380aca5..238c5c3f7 100644 --- a/src/Security/Member.php +++ b/src/Security/Member.php @@ -524,9 +524,14 @@ class Member extends DataObject return $string; } - // We assume we have PasswordEncryption and Salt available here. $e = PasswordEncryptor::create_for_algorithm($this->PasswordEncryption); + // If we don't have a salt, don't allow invalid calls to encrypt method + if (!$this->Salt) { + $this->Salt = $e->salt($string, $this); + $this->write(); + } + return $e->encrypt($string, $this->Salt); } From eb4ef623abeeda8b3b4941261dd06ec6a88df826 Mon Sep 17 00:00:00 2001 From: Thomas Portelange Date: Mon, 4 Mar 2024 08:34:43 +0100 Subject: [PATCH 2/2] check for empty salt --- src/Security/Member.php | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/src/Security/Member.php b/src/Security/Member.php index 238c5c3f7..a511a9e3e 100644 --- a/src/Security/Member.php +++ b/src/Security/Member.php @@ -520,18 +520,11 @@ class Member extends DataObject // If the algorithm or salt is not available, it means we are operating // on legacy account with unhashed password. Do not hash the string. - if (!$this->PasswordEncryption) { + if (!$this->PasswordEncryption || !$this->Salt) { return $string; } $e = PasswordEncryptor::create_for_algorithm($this->PasswordEncryption); - - // If we don't have a salt, don't allow invalid calls to encrypt method - if (!$this->Salt) { - $this->Salt = $e->salt($string, $this); - $this->write(); - } - return $e->encrypt($string, $this->Salt); }