diff options
author | Thomas Müller <thomas.mueller@tmit.eu> | 2014-11-20 14:59:59 +0100 |
---|---|---|
committer | Thomas Müller <thomas.mueller@tmit.eu> | 2014-11-20 14:59:59 +0100 |
commit | cbb9caf03083cc083491e292143ee53871920106 (patch) | |
tree | a36fbfa95a4cfb0a3d5bd6cfb1e35f7062d85aea | |
parent | 46e610479514787d114ea519a4d70982413d152e (diff) | |
parent | 8595b76df2fa5c0e536dd37456943162a154d4da (diff) | |
download | nextcloud-server-cbb9caf03083cc083491e292143ee53871920106.tar.gz nextcloud-server-cbb9caf03083cc083491e292143ee53871920106.zip |
Merge pull request #12226 from owncloud/remove-phpass
Remove phpass and migrate to new Hasher interface
m--------- | 3rdparty | 0 | ||||
-rw-r--r-- | apps/files_sharing/lib/connector/publicauth.php | 24 | ||||
-rw-r--r-- | apps/files_sharing/lib/controllers/sharecontroller.php | 1 | ||||
-rw-r--r-- | apps/files_sharing/lib/helper.php | 27 | ||||
-rw-r--r-- | lib/base.php | 3 | ||||
-rw-r--r-- | lib/private/share/share.php | 4 |
6 files changed, 42 insertions, 17 deletions
diff --git a/3rdparty b/3rdparty -Subproject 912a45c3458685a1105fba38a39a3a71c7348ed +Subproject dd0e7b6dcec142c790a6325b74a7c4fd3c6d723 diff --git a/apps/files_sharing/lib/connector/publicauth.php b/apps/files_sharing/lib/connector/publicauth.php index c9d545180b3..4144dafa379 100644 --- a/apps/files_sharing/lib/connector/publicauth.php +++ b/apps/files_sharing/lib/connector/publicauth.php @@ -48,12 +48,26 @@ class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic { if (isset($linkItem['share_with'])) { if ($linkItem['share_type'] == \OCP\Share::SHARE_TYPE_LINK) { // Check Password - $forcePortable = (CRYPT_BLOWFISH != 1); - $hasher = new \PasswordHash(8, $forcePortable); - if (!$hasher->CheckPassword($password . $this->config->getSystemValue('passwordsalt', ''), $linkItem['share_with'])) { - return false; - } else { + $newHash = ''; + if(\OC::$server->getHasher()->verify($password, $linkItem['share_with'], $newHash)) { + /** + * FIXME: Migrate old hashes to new hash format + * Due to the fact that there is no reasonable functionality to update the password + * of an existing share no migration is yet performed there. + * The only possibility is to update the existing share which will result in a new + * share ID and is a major hack. + * + * In the future the migration should be performed once there is a proper method + * to update the share's password. (for example `$share->updatePassword($password)` + * + * @link https://github.com/owncloud/core/issues/10671 + */ + if(!empty($newHash)) { + + } return true; + } else { + return false; } } else { return false; diff --git a/apps/files_sharing/lib/controllers/sharecontroller.php b/apps/files_sharing/lib/controllers/sharecontroller.php index e5fd0f401c2..552d9164344 100644 --- a/apps/files_sharing/lib/controllers/sharecontroller.php +++ b/apps/files_sharing/lib/controllers/sharecontroller.php @@ -99,6 +99,7 @@ class ShareController extends Controller { /** * @PublicPage + * @UseSession * * Authenticates against password-protected shares * @param $token diff --git a/apps/files_sharing/lib/helper.php b/apps/files_sharing/lib/helper.php index 3a2d51cddb7..f7204a8db8f 100644 --- a/apps/files_sharing/lib/helper.php +++ b/apps/files_sharing/lib/helper.php @@ -3,7 +3,6 @@ namespace OCA\Files_Sharing; use OC_Config; -use PasswordHash; class Helper { @@ -99,14 +98,28 @@ class Helper { if ($password !== null) { if ($linkItem['share_type'] == \OCP\Share::SHARE_TYPE_LINK) { // Check Password - $forcePortable = (CRYPT_BLOWFISH != 1); - $hasher = new PasswordHash(8, $forcePortable); - if (!($hasher->CheckPassword($password.OC_Config::getValue('passwordsalt', ''), - $linkItem['share_with']))) { - return false; - } else { + $newHash = ''; + if(\OC::$server->getHasher()->verify($password, $linkItem['share_with'], $newHash)) { // Save item id in session for future requests \OC::$server->getSession()->set('public_link_authenticated', $linkItem['id']); + + /** + * FIXME: Migrate old hashes to new hash format + * Due to the fact that there is no reasonable functionality to update the password + * of an existing share no migration is yet performed there. + * The only possibility is to update the existing share which will result in a new + * share ID and is a major hack. + * + * In the future the migration should be performed once there is a proper method + * to update the share's password. (for example `$share->updatePassword($password)` + * + * @link https://github.com/owncloud/core/issues/10671 + */ + if(!empty($newHash)) { + + } + } else { + return false; } } else { \OCP\Util::writeLog('share', 'Unknown share type '.$linkItem['share_type'] diff --git a/lib/base.php b/lib/base.php index c97c158a1fb..9353de5588a 100644 --- a/lib/base.php +++ b/lib/base.php @@ -464,8 +464,7 @@ class OC { // setup 3rdparty autoloader $vendorAutoLoad = OC::$THIRDPARTYROOT . '/3rdparty/autoload.php'; if (file_exists($vendorAutoLoad)) { - $loader = require_once $vendorAutoLoad; - $loader->add('PasswordHash', OC::$THIRDPARTYROOT . '/3rdparty/phpass'); + require_once $vendorAutoLoad; } else { OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE); OC_Template::printErrorPage('Composer autoloader not found, unable to continue.'); diff --git a/lib/private/share/share.php b/lib/private/share/share.php index cd5decf6f71..a8febc9aca7 100644 --- a/lib/private/share/share.php +++ b/lib/private/share/share.php @@ -633,9 +633,7 @@ class Share extends \OC\Share\Constants { // Generate hash of password - same method as user passwords if (!empty($shareWith)) { - $forcePortable = (CRYPT_BLOWFISH != 1); - $hasher = new \PasswordHash(8, $forcePortable); - $shareWith = $hasher->HashPassword($shareWith.\OC_Config::getValue('passwordsalt', '')); + $shareWith = \OC::$server->getHasher()->hash($shareWith); } else { // reuse the already set password, but only if we change permissions // otherwise the user disabled the password protection |