spacefreak/user_sql
1
0
Fork 0
Code Pull Requests Activity

'Prepend salt' toggle

Browse Source
This commit is contained in:
Marcin Łojewski
2018-09-30 20:36:58 +02:00
parent f0d3d170f3
commit 2ef7716527
5 changed files with 28 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -7,6 +7,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
## [Unreleased] ## [Unreleased]
### Added ### Added
- Whirlpool hash algorithm - Whirlpool hash algorithm
- 'Prepend salt' toggle
### Fixed ### Fixed
- Error when 'Display name' not set - Error when 'Display name' not set
- Encoding of iteration for 'Extended DES (Crypt)' - Encoding of iteration for 'Extended DES (Crypt)'

1
README.md
View File

@@ -49,6 +49,7 @@ Name | Description | Details
--- | --- | --- --- | --- | ---
**Allow display name change** | With this option enabled user can change its display name. The display name change is propagated to the database. | Optional.<br/>Default: false.<br/>Requires: user *Display name* column. **Allow display name change** | With this option enabled user can change its display name. The display name change is propagated to the database. | Optional.<br/>Default: false.<br/>Requires: user *Display name* column.
**Allow password change** | Can user change its password. The password change is propagated to the database. See [Hash algorithms](#hash-algorithms). | Optional.<br/>Default: false. **Allow password change** | Can user change its password. The password change is propagated to the database. See [Hash algorithms](#hash-algorithms). | Optional.<br/>Default: false.
**Prepend salt** | Prepend a salt to the password instead of appending it. See [User table](#user-table) -> **Salt**. | Optional.<br/>Default: false.
**Use cache** | Use database query results cache. The cache can be cleared any time with the *Clear cache* button click. | Optional.<br/>Default: false. **Use cache** | Use database query results cache. The cache can be cleared any time with the *Clear cache* button click. | Optional.<br/>Default: false.
**Hash algorithm** | How users passwords are stored in the database. See [Hash algorithms](#hash-algorithms). | Mandatory. **Hash algorithm** | How users passwords are stored in the database. See [Hash algorithms](#hash-algorithms). | Mandatory.
**Email sync** | Sync e-mail address with the Nextcloud.<br/>- *None* - Disables this feature. This is the default option.<br/>- *Synchronise only once* - Copy the e-mail address to the Nextcloud preferences if its not set.<br/>- *Nextcloud always wins* - Always copy the e-mail address to the database. This updates the user table.<br/>- *SQL always wins* - Always copy the e-mail address to the Nextcloud preferences. | Optional.<br/>Default: *None*.<br/>Requires: user *Email* column. **Email sync** | Sync e-mail address with the Nextcloud.<br/>- *None* - Disables this feature. This is the default option.<br/>- *Synchronise only once* - Copy the e-mail address to the Nextcloud preferences if its not set.<br/>- *Nextcloud always wins* - Always copy the e-mail address to the database. This updates the user table.<br/>- *SQL always wins* - Always copy the e-mail address to the Nextcloud preferences. | Optional.<br/>Default: *None*.<br/>Requires: user *Email* column.

29
lib/Backend/UserBackend.php
View File

@@ -297,9 +297,7 @@ final class UserBackend extends ABackend implements
return false; return false;
} }
if ($user->salt !== null) { $password = $this->addSalt($user, $password);
$password .= $user->salt;
}
$isCorrect = $passwordAlgorithm->checkPassword( $isCorrect = $passwordAlgorithm->checkPassword(
$password, $user->password $password, $user->password
@@ -350,6 +348,27 @@ final class UserBackend extends ABackend implements
return $passwordAlgorithm; return $passwordAlgorithm;
} }
/**
* Append or prepend salt from external column if available.
*
* @param User $user The user instance.
* @param string $password The password.
*
* @return string Salted password.
*/
private function addSalt(User $user, string $password): string
{
if ($user->salt !== null) {
if (empty($this->properties[Opt::PREPEND_SALT])) {
return $password . $user->salt;
} else {
return $user->salt . $password;
}
}
return $password;
}
/** /**
* @inheritdoc * @inheritdoc
*/ */
@@ -457,9 +476,7 @@ final class UserBackend extends ABackend implements
return false; return false;
} }
if ($user->salt !== null) { $password = $this->addSalt($user, $password);
$password .= $user->salt;
}
$passwordHash = $passwordAlgorithm->getPasswordHash($password); $passwordHash = $passwordAlgorithm->getPasswordHash($password);
if ($passwordHash === false) { if ($passwordHash === false) {

1
lib/Constant/Opt.php
View File

@@ -34,6 +34,7 @@ final class Opt
const HOME_MODE = "opt.home_mode"; const HOME_MODE = "opt.home_mode";
const NAME_CHANGE = "opt.name_change"; const NAME_CHANGE = "opt.name_change";
const PASSWORD_CHANGE = "opt.password_change"; const PASSWORD_CHANGE = "opt.password_change";
const PREPEND_SALT = "opt.prepend_salt";
const QUOTA_SYNC = "opt.quota_sync"; const QUOTA_SYNC = "opt.quota_sync";
const USE_CACHE = "opt.use_cache"; const USE_CACHE = "opt.use_cache";
} }

3
templates/admin.php
View File

@@ -109,7 +109,8 @@ function print_select_options(
<p class="settings-hint"><?php p($l->t("Here are all currently supported options.")); ?></p> <p class="settings-hint"><?php p($l->t("Here are all currently supported options.")); ?></p>
<fieldset><?php <fieldset><?php
print_checkbox_input($l, "opt-name_change", "Allow display name change", $_["opt.name_change"]); print_checkbox_input($l, "opt-name_change", "Allow display name change", $_["opt.name_change"]);
print_checkbox_input($l, "opt-password_change", "Allow password change", $_["opt.password_change"]); ?> print_checkbox_input($l, "opt-password_change", "Allow password change", $_["opt.password_change"]);
print_checkbox_input($l, "opt-prepend_salt", "Prepend salt", $_["opt.prepend_salt"]); ?>
<div class="button-right"><?php <div class="button-right"><?php
print_checkbox_input($l, "opt-use_cache", "Use cache", $_["opt.use_cache"], false); ?> print_checkbox_input($l, "opt-use_cache", "Use cache", $_["opt.use_cache"], false); ?>
<input type="submit" id="user_sql-clear_cache" value="<?php p($l->t("Clear cache")); ?>"> <input type="submit" id="user_sql-clear_cache" value="<?php p($l->t("Clear cache")); ?>">