ENH Deprecate old password encryptors (#10948)

2024-10-22 14:05:37 +02:00 · 2023-09-19 18:22:08 +12:00 · 2023-09-19 18:22:08 +12:00 · b3b1d07616
commit b3b1d07616
parent 9ccba6bc73
5 changed files with 52 additions and 2 deletions
--- a/src/Security/PasswordEncryptor_LegacyPHPHash.php
+++ b/src/Security/PasswordEncryptor_LegacyPHPHash.php
@ -2,15 +2,28 @@

 namespace SilverStripe\Security;

+use SilverStripe\Dev\Deprecation;
+
 /**
 * Legacy implementation for SilverStripe 2.1 - 2.3,
 * which had a design flaw in password hashing that caused
 * the hashes to differ between architectures due to
 * floating point precision problems in base_convert().
 * See http://open.silverstripe.org/ticket/3004
+ *
+ * @deprecated 5.2.0 Use SilverStripe\Security\PasswordEncryptor_PHPHash instead.
 */
 class PasswordEncryptor_LegacyPHPHash extends PasswordEncryptor_PHPHash
 {
+    public function __construct()
+    {
+        Deprecation::notice(
+            '5.2.0',
+            'Use SilverStripe\Security\PasswordEncryptor_PHPHash instead.',
+            Deprecation::SCOPE_CLASS
+        );
+    }
+
    public function encrypt($password, $salt = null, $member = null)
    {
        $password = parent::encrypt($password, $salt, $member);
--- a/src/Security/PasswordEncryptor_MySQLOldPassword.php
+++ b/src/Security/PasswordEncryptor_MySQLOldPassword.php
@ -2,13 +2,25 @@

 namespace SilverStripe\Security;

+use SilverStripe\Dev\Deprecation;
 use SilverStripe\ORM\DB;

 /**
 * Uses MySQL's OLD_PASSWORD encyrption. Requires an active DB connection.
+ *
+ * @deprecated 5.2.0 Use another subclass of SilverStripe\Security\PasswordEncryptor instead.
 */
 class PasswordEncryptor_MySQLOldPassword extends PasswordEncryptor
 {
+    public function __construct()
+    {
+        Deprecation::notice(
+            '5.2.0',
+            'Use another subclass of SilverStripe\Security\PasswordEncryptor instead.',
+            Deprecation::SCOPE_CLASS
+        );
+    }
+
    public function encrypt($password, $salt = null, $member = null)
    {
        return DB::prepared_query("SELECT OLD_PASSWORD(?)", [$password])->value();
--- a/src/Security/PasswordEncryptor_MySQLPassword.php
+++ b/src/Security/PasswordEncryptor_MySQLPassword.php
@ -2,13 +2,25 @@

 namespace SilverStripe\Security;

+use SilverStripe\Dev\Deprecation;
 use SilverStripe\ORM\DB;

 /**
 * Uses MySQL's PASSWORD encryption. Requires an active DB connection.
+ *
+ * @deprecated 5.2.0 Use another subclass of SilverStripe\Security\PasswordEncryptor instead.
 */
 class PasswordEncryptor_MySQLPassword extends PasswordEncryptor
 {
+    public function __construct()
+    {
+        Deprecation::notice(
+            '5.2.0',
+            'Use another subclass of SilverStripe\Security\PasswordEncryptor instead.',
+            Deprecation::SCOPE_CLASS
+        );
+    }
+
    public function encrypt($password, $salt = null, $member = null)
    {
        return DB::prepared_query("SELECT PASSWORD(?)", [$password])->value();
--- a/src/Security/PasswordEncryptor_None.php
+++ b/src/Security/PasswordEncryptor_None.php
@ -2,13 +2,25 @@

 namespace SilverStripe\Security;

+use SilverStripe\Dev\Deprecation;
+
 /**
 * Cleartext passwords (used in SilverStripe 2.1).
- * Also used when Security::$encryptPasswords is set to FALSE.
 * Not recommended.
+ *
+ * @deprecated 5.2.0 Use another subclass of SilverStripe\Security\PasswordEncryptor instead.
 */
 class PasswordEncryptor_None extends PasswordEncryptor
 {
+    public function __construct()
+    {
+        Deprecation::notice(
+            '5.2.0',
+            'Use another subclass of SilverStripe\Security\PasswordEncryptor instead.',
+            Deprecation::SCOPE_CLASS
+        );
+    }
+
    public function encrypt($password, $salt = null, $member = null)
    {
        return $password;
--- a/tests/php/Security/PasswordEncryptorTest.php
+++ b/tests/php/Security/PasswordEncryptorTest.php
@ -5,6 +5,7 @@ namespace SilverStripe\Security\Tests;
 use SilverStripe\Security\PasswordEncryptor_Blowfish;
 use SilverStripe\Security\PasswordEncryptor;
 use SilverStripe\Core\Config\Config;
+use SilverStripe\Dev\Deprecation;
 use SilverStripe\Dev\SapphireTest;
 use SilverStripe\Security\PasswordEncryptor_LegacyPHPHash;
 use SilverStripe\Security\PasswordEncryptor_NotFoundException;
@ -155,7 +156,7 @@ class PasswordEncryptorTest extends SapphireTest
            'encryptors',
            ['test_sha1legacy' => [PasswordEncryptor_LegacyPHPHash::class => 'sha1']]
        );
-        $e = PasswordEncryptor::create_for_algorithm('test_sha1legacy');
+        $e = Deprecation::withNoReplacement(fn() => PasswordEncryptor::create_for_algorithm('test_sha1legacy'));
        // precomputed hashes for 'mypassword' from different architectures
        $amdHash = 'h1fj0a6m4o6k0sosks88oo08ko4gc4s';
        $intelHash = 'h1fj0a6m4o0g04ocg00o4kwoc4wowws';