ENH Deprecate old password encryptors (#10948)

This commit is contained in:
Guy Sartorelli 2023-09-19 18:22:08 +12:00 committed by GitHub
parent 9ccba6bc73
commit b3b1d07616
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 52 additions and 2 deletions

View File

@ -2,15 +2,28 @@
namespace SilverStripe\Security;
use SilverStripe\Dev\Deprecation;
/**
* Legacy implementation for SilverStripe 2.1 - 2.3,
* which had a design flaw in password hashing that caused
* the hashes to differ between architectures due to
* floating point precision problems in base_convert().
* See http://open.silverstripe.org/ticket/3004
*
* @deprecated 5.2.0 Use SilverStripe\Security\PasswordEncryptor_PHPHash instead.
*/
class PasswordEncryptor_LegacyPHPHash extends PasswordEncryptor_PHPHash
{
public function __construct()
{
Deprecation::notice(
'5.2.0',
'Use SilverStripe\Security\PasswordEncryptor_PHPHash instead.',
Deprecation::SCOPE_CLASS
);
}
public function encrypt($password, $salt = null, $member = null)
{
$password = parent::encrypt($password, $salt, $member);

View File

@ -2,13 +2,25 @@
namespace SilverStripe\Security;
use SilverStripe\Dev\Deprecation;
use SilverStripe\ORM\DB;
/**
* Uses MySQL's OLD_PASSWORD encyrption. Requires an active DB connection.
*
* @deprecated 5.2.0 Use another subclass of SilverStripe\Security\PasswordEncryptor instead.
*/
class PasswordEncryptor_MySQLOldPassword extends PasswordEncryptor
{
public function __construct()
{
Deprecation::notice(
'5.2.0',
'Use another subclass of SilverStripe\Security\PasswordEncryptor instead.',
Deprecation::SCOPE_CLASS
);
}
public function encrypt($password, $salt = null, $member = null)
{
return DB::prepared_query("SELECT OLD_PASSWORD(?)", [$password])->value();

View File

@ -2,13 +2,25 @@
namespace SilverStripe\Security;
use SilverStripe\Dev\Deprecation;
use SilverStripe\ORM\DB;
/**
* Uses MySQL's PASSWORD encryption. Requires an active DB connection.
*
* @deprecated 5.2.0 Use another subclass of SilverStripe\Security\PasswordEncryptor instead.
*/
class PasswordEncryptor_MySQLPassword extends PasswordEncryptor
{
public function __construct()
{
Deprecation::notice(
'5.2.0',
'Use another subclass of SilverStripe\Security\PasswordEncryptor instead.',
Deprecation::SCOPE_CLASS
);
}
public function encrypt($password, $salt = null, $member = null)
{
return DB::prepared_query("SELECT PASSWORD(?)", [$password])->value();

View File

@ -2,13 +2,25 @@
namespace SilverStripe\Security;
use SilverStripe\Dev\Deprecation;
/**
* Cleartext passwords (used in SilverStripe 2.1).
* Also used when Security::$encryptPasswords is set to FALSE.
* Not recommended.
*
* @deprecated 5.2.0 Use another subclass of SilverStripe\Security\PasswordEncryptor instead.
*/
class PasswordEncryptor_None extends PasswordEncryptor
{
public function __construct()
{
Deprecation::notice(
'5.2.0',
'Use another subclass of SilverStripe\Security\PasswordEncryptor instead.',
Deprecation::SCOPE_CLASS
);
}
public function encrypt($password, $salt = null, $member = null)
{
return $password;

View File

@ -5,6 +5,7 @@ namespace SilverStripe\Security\Tests;
use SilverStripe\Security\PasswordEncryptor_Blowfish;
use SilverStripe\Security\PasswordEncryptor;
use SilverStripe\Core\Config\Config;
use SilverStripe\Dev\Deprecation;
use SilverStripe\Dev\SapphireTest;
use SilverStripe\Security\PasswordEncryptor_LegacyPHPHash;
use SilverStripe\Security\PasswordEncryptor_NotFoundException;
@ -155,7 +156,7 @@ class PasswordEncryptorTest extends SapphireTest
'encryptors',
['test_sha1legacy' => [PasswordEncryptor_LegacyPHPHash::class => 'sha1']]
);
$e = PasswordEncryptor::create_for_algorithm('test_sha1legacy');
$e = Deprecation::withNoReplacement(fn() => PasswordEncryptor::create_for_algorithm('test_sha1legacy'));
// precomputed hashes for 'mypassword' from different architectures
$amdHash = 'h1fj0a6m4o6k0sosks88oo08ko4gc4s';
$intelHash = 'h1fj0a6m4o0g04ocg00o4kwoc4wowws';