Skip to content

Commit

Permalink
ENH Deprecate old password encryptors (#10948)
Browse files Browse the repository at this point in the history
  • Loading branch information
GuySartorelli authored Sep 19, 2023
1 parent 9ccba6b commit b3b1d07
Show file tree
Hide file tree
Showing 5 changed files with 52 additions and 2 deletions.
13 changes: 13 additions & 0 deletions src/Security/PasswordEncryptor_LegacyPHPHash.php
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,28 @@

namespace SilverStripe\Security;

use SilverStripe\Dev\Deprecation;

/**
* Legacy implementation for SilverStripe 2.1 - 2.3,
* which had a design flaw in password hashing that caused
* the hashes to differ between architectures due to
* floating point precision problems in base_convert().
* See http://open.silverstripe.org/ticket/3004
*
* @deprecated 5.2.0 Use SilverStripe\Security\PasswordEncryptor_PHPHash instead.
*/
class PasswordEncryptor_LegacyPHPHash extends PasswordEncryptor_PHPHash
{
public function __construct()
{
Deprecation::notice(
'5.2.0',
'Use SilverStripe\Security\PasswordEncryptor_PHPHash instead.',
Deprecation::SCOPE_CLASS
);
}

public function encrypt($password, $salt = null, $member = null)
{
$password = parent::encrypt($password, $salt, $member);
Expand Down
12 changes: 12 additions & 0 deletions src/Security/PasswordEncryptor_MySQLOldPassword.php
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,25 @@

namespace SilverStripe\Security;

use SilverStripe\Dev\Deprecation;
use SilverStripe\ORM\DB;

/**
* Uses MySQL's OLD_PASSWORD encyrption. Requires an active DB connection.
*
* @deprecated 5.2.0 Use another subclass of SilverStripe\Security\PasswordEncryptor instead.
*/
class PasswordEncryptor_MySQLOldPassword extends PasswordEncryptor
{
public function __construct()
{
Deprecation::notice(
'5.2.0',
'Use another subclass of SilverStripe\Security\PasswordEncryptor instead.',
Deprecation::SCOPE_CLASS
);
}

public function encrypt($password, $salt = null, $member = null)
{
return DB::prepared_query("SELECT OLD_PASSWORD(?)", [$password])->value();
Expand Down
12 changes: 12 additions & 0 deletions src/Security/PasswordEncryptor_MySQLPassword.php
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,25 @@

namespace SilverStripe\Security;

use SilverStripe\Dev\Deprecation;
use SilverStripe\ORM\DB;

/**
* Uses MySQL's PASSWORD encryption. Requires an active DB connection.
*
* @deprecated 5.2.0 Use another subclass of SilverStripe\Security\PasswordEncryptor instead.
*/
class PasswordEncryptor_MySQLPassword extends PasswordEncryptor
{
public function __construct()
{
Deprecation::notice(
'5.2.0',
'Use another subclass of SilverStripe\Security\PasswordEncryptor instead.',
Deprecation::SCOPE_CLASS
);
}

public function encrypt($password, $salt = null, $member = null)
{
return DB::prepared_query("SELECT PASSWORD(?)", [$password])->value();
Expand Down
14 changes: 13 additions & 1 deletion src/Security/PasswordEncryptor_None.php
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,25 @@

namespace SilverStripe\Security;

use SilverStripe\Dev\Deprecation;

/**
* Cleartext passwords (used in SilverStripe 2.1).
* Also used when Security::$encryptPasswords is set to FALSE.
* Not recommended.
*
* @deprecated 5.2.0 Use another subclass of SilverStripe\Security\PasswordEncryptor instead.
*/
class PasswordEncryptor_None extends PasswordEncryptor
{
public function __construct()
{
Deprecation::notice(
'5.2.0',
'Use another subclass of SilverStripe\Security\PasswordEncryptor instead.',
Deprecation::SCOPE_CLASS
);
}

public function encrypt($password, $salt = null, $member = null)
{
return $password;
Expand Down
3 changes: 2 additions & 1 deletion tests/php/Security/PasswordEncryptorTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
use SilverStripe\Security\PasswordEncryptor_Blowfish;
use SilverStripe\Security\PasswordEncryptor;
use SilverStripe\Core\Config\Config;
use SilverStripe\Dev\Deprecation;
use SilverStripe\Dev\SapphireTest;
use SilverStripe\Security\PasswordEncryptor_LegacyPHPHash;
use SilverStripe\Security\PasswordEncryptor_NotFoundException;
Expand Down Expand Up @@ -155,7 +156,7 @@ public function testEncryptorLegacyPHPHashCheck()
'encryptors',
['test_sha1legacy' => [PasswordEncryptor_LegacyPHPHash::class => 'sha1']]
);
$e = PasswordEncryptor::create_for_algorithm('test_sha1legacy');
$e = Deprecation::withNoReplacement(fn() => PasswordEncryptor::create_for_algorithm('test_sha1legacy'));
// precomputed hashes for 'mypassword' from different architectures
$amdHash = 'h1fj0a6m4o6k0sosks88oo08ko4gc4s';
$intelHash = 'h1fj0a6m4o0g04ocg00o4kwoc4wowws';
Expand Down

0 comments on commit b3b1d07

Please sign in to comment.