spacefreak/user_sql
1
0
Fork 0
Code Pull Requests Activity

mergre current develop

Browse Source
This commit is contained in:
Marcin Łojewski
2018-12-22 19:37:05 +01:00
parent 1b0467d070 55797f0d56
commit 602390b5b8
33 changed files with 501 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
lib/Backend/UserBackend.php
View File

@@ -21,6 +21,7 @@
namespace OCA\UserSQL\Backend;
use OC\User\Backend;
use OCA\UserSQL\Action\EmailSync;
use OCA\UserSQL\Action\IUserAction;
use OCA\UserSQL\Action\QuotaSync;
@@ -263,6 +264,10 @@ final class UserBackend extends ABackend implements
return false;
}
if (is_null($user->name)) {
return false;
}
$name = $user->name;
$this->logger->debug(
"Returning getDisplayName($uid): $name",
@@ -302,7 +307,7 @@ final class UserBackend extends ABackend implements
$password = $this->addSalt($user, $password);
$isCorrect = $passwordAlgorithm->checkPassword(
$password, $user->password
$password, $user->password, $user->salt
);
if ($user->active == false) {
@@ -361,9 +366,9 @@ final class UserBackend extends ABackend implements
private function addSalt(User $user, string $password): string
{
if ($user->salt !== null) {
if (empty($this->properties[Opt::PREPEND_SALT])) {
if (!empty($this->properties[Opt::APPEND_SALT])) {
return $password . $user->salt;
} else {
} elseif (!empty($this->properties[Opt::PREPEND_SALT])) {
return $user->salt . $password;
}
}
@@ -389,7 +394,9 @@ final class UserBackend extends ABackend implements
$names = [];
foreach ($users as $user) {
$names[$user] = $user->name;
if (!is_null($user->name)) {
$names[$user] = $user->name;
}
}
$this->logger->debug(
@@ -636,4 +643,16 @@ final class UserBackend extends ABackend implements
{
return false;
}
/**
* @inheritdoc
*/
public function implementsActions($actions): bool
{
if ($actions & Backend::SET_PASSWORD) {
return !empty($this->properties[Opt::PASSWORD_CHANGE]);
}
return parent::implementsActions($actions);
}
}

2
lib/Constant/Opt.php
View File

@@ -28,6 +28,7 @@ namespace OCA\UserSQL\Constant;
*/
final class Opt
{
const APPEND_SALT = "opt.append_salt";
const CASE_INSENSITIVE_USERNAME = "opt.case_insensitive_username";
const CRYPTO_CLASS = "opt.crypto_class";
const EMAIL_SYNC = "opt.email_sync";
@@ -37,5 +38,6 @@ final class Opt
const PASSWORD_CHANGE = "opt.password_change";
const PREPEND_SALT = "opt.prepend_salt";
const QUOTA_SYNC = "opt.quota_sync";
const REVERSE_ACTIVE = "opt.reverse_active";
const USE_CACHE = "opt.use_cache";
}

6
lib/Crypto/AbstractAlgorithm.php
View File

@@ -65,15 +65,15 @@ abstract class AbstractAlgorithm implements IPasswordAlgorithm
/**
* @inheritdoc
*/
public function checkPassword($password, $dbHash)
public function checkPassword($password, $dbHash, $salt = null)
{
return hash_equals($dbHash, $this->getPasswordHash($password));
return hash_equals($dbHash, $this->getPasswordHash($password, $salt));
}
/**
* @inheritdoc
*/
public abstract function getPasswordHash($password);
public abstract function getPasswordHash($password, $salt = null);
/**
* @inheritdoc

4
lib/Crypto/AbstractCrypt.php
View File

@@ -38,7 +38,7 @@ abstract class AbstractCrypt extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function checkPassword($password, $dbHash)
public function checkPassword($password, $dbHash, $salt = null)
{
return hash_equals($dbHash, crypt($password, $dbHash));
}
@@ -46,7 +46,7 @@ abstract class AbstractCrypt extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function getPasswordHash($password)
public function getPasswordHash($password, $salt = null)
{
return crypt($password, $this->getSalt());
}

2
lib/Crypto/Cleartext.php
View File

@@ -43,7 +43,7 @@ class Cleartext extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function getPasswordHash($password)
public function getPasswordHash($password, $salt = null)
{
return $password;
}

2
lib/Crypto/CourierMD5.php
View File

@@ -43,7 +43,7 @@ class CourierMD5 extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function getPasswordHash($password)
public function getPasswordHash($password, $salt = null)
{
return '{MD5}' . Utils::hexToBase64(md5($password));
}

2
lib/Crypto/CourierMD5Raw.php
View File

@@ -43,7 +43,7 @@ class CourierMD5Raw extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function getPasswordHash($password)
public function getPasswordHash($password, $salt = null)
{
return '{MD5RAW}' . md5($password);
}

2
lib/Crypto/CourierSHA1.php
View File

@@ -43,7 +43,7 @@ class CourierSHA1 extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function getPasswordHash($password)
public function getPasswordHash($password, $salt = null)
{
return '{SHA}' . Utils::hexToBase64(sha1($password));
}

2
lib/Crypto/CourierSHA256.php
View File

@@ -43,7 +43,7 @@ class CourierSHA256 extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function getPasswordHash($password)
public function getPasswordHash($password, $salt = null)
{
return '{SHA256}' . Utils::hexToBase64(hash('sha256', $password));
}

2
lib/Crypto/Crypt.php
View File

@@ -44,7 +44,7 @@ class Crypt extends AbstractCrypt
/**
* @inheritdoc
*/
public function getPasswordHash($password)
public function getPasswordHash($password, $salt = null)
{
return password_hash($password, PASSWORD_DEFAULT);
}

4
lib/Crypto/CryptArgon2.php
View File

@@ -81,7 +81,7 @@ class CryptArgon2 extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function checkPassword($password, $dbHash)
public function checkPassword($password, $dbHash, $salt = null)
{
return password_verify($password, $dbHash);
}
@@ -89,7 +89,7 @@ class CryptArgon2 extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function getPasswordHash($password)
public function getPasswordHash($password, $salt = null)
{
return password_hash(
$password, PASSWORD_ARGON2I, [

4
lib/Crypto/CryptBlowfish.php
View File

@@ -52,7 +52,7 @@ class CryptBlowfish extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function checkPassword($password, $dbHash)
public function checkPassword($password, $dbHash, $salt = null)
{
return password_verify($password, $dbHash);
}
@@ -60,7 +60,7 @@ class CryptBlowfish extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function getPasswordHash($password)
public function getPasswordHash($password, $salt = null)
{
return password_hash(
$password, PASSWORD_BCRYPT, ["cost" => $this->cost]

6
lib/Crypto/IPasswordAlgorithm.php
View File

@@ -42,20 +42,22 @@ interface IPasswordAlgorithm
* This value is stored in the database, when the password is changed.
*
* @param String $password The new password.
* @param String $salt Optional. Salt value.
*
* @return boolean True if the password was hashed successfully, false otherwise.
*/
public function getPasswordHash($password);
public function getPasswordHash($password, $salt = null);
/**
* Check password given by the user against hash stored in the database.
*
* @param String $password Password given by the user.
* @param String $dbHash Password hash stored in the database.
* @param String $salt Optional. Salt value.
*
* @return boolean True if the password is correct, false otherwise.
*/
public function checkPassword($password, $dbHash);
public function checkPassword($password, $dbHash, $salt = null);
/**
* Configuration for the algorithm.

4
lib/Crypto/Joomla.php
View File

@@ -43,7 +43,7 @@ class Joomla extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function getPasswordHash($password)
public function getPasswordHash($password, $salt = null)
{
$salt = Utils::randomString(
32, "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
@@ -55,7 +55,7 @@ class Joomla extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function checkPassword($password, $dbHash)
public function checkPassword($password, $dbHash, $salt = null)
{
return hash_equals($dbHash, self::generateHash($password, $dbHash));
}

2
lib/Crypto/MD5.php
View File

@@ -43,7 +43,7 @@ class MD5 extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function getPasswordHash($password)
public function getPasswordHash($password, $salt = null)
{
return md5($password);
}

4
lib/Crypto/Phpass.php
View File

@@ -50,7 +50,7 @@ class Phpass extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function checkPassword($password, $dbHash)
public function checkPassword($password, $dbHash, $salt = null)
{
return hash_equals($dbHash, $this->crypt($password, $dbHash));
}
@@ -136,7 +136,7 @@ class Phpass extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function getPasswordHash($password)
public function getPasswordHash($password, $salt = null)
{
return $this->crypt($password, $this->genSalt());
}

50
lib/Crypto/Redmine.php Normal file
View File

@@ -0,0 +1,50 @@
<?php
/**
* Nextcloud - user_sql
*
* @copyright 2018 Marcin Łojewski <dev@mlojewski.me>
* @author Marcin Łojewski <dev@mlojewski.me>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
namespace OCA\UserSQL\Crypto;
/**
* Redmine MD5 hash implementation.
*
* @author Marcin Łojewski <dev@mlojewski.me>
*/
class Redmine extends AbstractAlgorithm
{
/**
* @inheritdoc
*/
public function getPasswordHash($password, $salt = null)
{
if (is_null($salt)) {
return false;
}
return sha1($salt . sha1($password));
}
/**
* @inheritdoc
*/
protected function getAlgorithmName()
{
return "Redmine";
}
}

6
lib/Crypto/SHA1.php
View File

@@ -24,7 +24,7 @@ namespace OCA\UserSQL\Crypto;
use OCP\IL10N;
/**
* SHA1 hash implementation.
* SHA-1 hash implementation.
*
* @author Marcin Łojewski <dev@mlojewski.me>
*/
@@ -43,7 +43,7 @@ class SHA1 extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function getPasswordHash($password)
public function getPasswordHash($password, $salt = null)
{
return sha1($password);
}
@@ -53,6 +53,6 @@ class SHA1 extends AbstractAlgorithm
*/
protected function getAlgorithmName()
{
return "SHA1";
return "SHA-1";
}
}

58
lib/Crypto/SHA256.php Normal file
View File

@@ -0,0 +1,58 @@
<?php
/**
* Nextcloud - user_sql
*
* @copyright 2018 Marcin Łojewski <dev@mlojewski.me>
* @author Marcin Łojewski <dev@mlojewski.me>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
namespace OCA\UserSQL\Crypto;
use OCP\IL10N;
/**
* SHA-256 hash implementation.
*
* @author Marcin Łojewski <dev@mlojewski.me>
*/
class SHA256 extends AbstractAlgorithm
{
/**
* The class constructor.
*
* @param IL10N $localization The localization service.
*/
public function __construct(IL10N $localization)
{
parent::__construct($localization);
}
/**
* @inheritdoc
*/
public function getPasswordHash($password, $salt = null)
{
return hash('sha256', $password);
}
/**
* @inheritdoc
*/
protected function getAlgorithmName()
{
return "SHA-256";
}
}

58
lib/Crypto/SHA512.php Normal file
View File

@@ -0,0 +1,58 @@
<?php
/**
* Nextcloud - user_sql
*
* @copyright 2018 Marcin Łojewski <dev@mlojewski.me>
* @author Marcin Łojewski <dev@mlojewski.me>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
namespace OCA\UserSQL\Crypto;
use OCP\IL10N;
/**
* SHA-512 hash implementation.
*
* @author Marcin Łojewski <dev@mlojewski.me>
*/
class SHA512 extends AbstractAlgorithm
{
/**
* The class constructor.
*
* @param IL10N $localization The localization service.
*/
public function __construct(IL10N $localization)
{
parent::__construct($localization);
}
/**
* @inheritdoc
*/
public function getPasswordHash($password, $salt = null)
{
return hash('sha512', $password);
}
/**
* @inheritdoc
*/
protected function getAlgorithmName()
{
return "SHA-512";
}
}

6
lib/Crypto/SHA512Whirlpool.php
View File

@@ -24,7 +24,7 @@ namespace OCA\UserSQL\Crypto;
use OCP\IL10N;
/**
* SHA512 Whirlpool hash implementation.
* SHA-512 Whirlpool hash implementation.
*
* @author Marcin Łojewski <dev@mlojewski.me>
*/
@@ -43,7 +43,7 @@ class SHA512Whirlpool extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function getPasswordHash($password)
public function getPasswordHash($password, $salt = null)
{
return hash('sha512', hash('whirlpool', $password));
}
@@ -53,6 +53,6 @@ class SHA512Whirlpool extends AbstractAlgorithm
*/
protected function getAlgorithmName()
{
return "SHA512 Whirlpool";
return "SHA-512 Whirlpool";
}
}

4
lib/Crypto/SSHA.php
View File

@@ -43,7 +43,7 @@ abstract class SSHA extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function checkPassword($password, $dbHash)
public function checkPassword($password, $dbHash, $salt = null)
{
$saltedPassword = base64_decode(
preg_replace("/" . $this->getPrefix() . "/i", "", $dbHash)
@@ -94,7 +94,7 @@ abstract class SSHA extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function getPasswordHash($password)
public function getPasswordHash($password, $salt = null)
{
return self::ssha(
$password, Utils::randomString(

4
lib/Crypto/WCF2.php
View File

@@ -31,7 +31,7 @@ class WCF2 extends AbstractCrypt
/**
* @inheritdoc
*/
public function checkPassword($password, $dbHash)
public function checkPassword($password, $dbHash, $salt = null)
{
return hash_equals($dbHash, crypt(crypt($password, $dbHash), $dbHash));
}
@@ -39,7 +39,7 @@ class WCF2 extends AbstractCrypt
/**
* @inheritdoc
*/
public function getPasswordHash($password)
public function getPasswordHash($password, $salt = null)
{
$salt = $this->getSalt();
return crypt(crypt($password, $salt), $salt);

2
lib/Crypto/Whirlpool.php
View File

@@ -43,7 +43,7 @@ class Whirlpool extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function getPasswordHash($password)
public function getPasswordHash($password, $salt = null)
{
return hash('whirlpool', $password);
}

95
lib/Query/QueryProvider.php
View File

@@ -22,6 +22,7 @@
namespace OCA\UserSQL\Query;
use OCA\UserSQL\Constant\DB;
use OCA\UserSQL\Constant\Opt;
use OCA\UserSQL\Constant\Query;
use OCA\UserSQL\Properties;
@@ -86,81 +87,83 @@ class QueryProvider implements \ArrayAccess
$searchParam = Query::SEARCH_PARAM;
$uidParam = Query::UID_PARAM;
$reverseActiveOpt = $this->properties[Opt::REVERSE_ACTIVE];
$groupColumns
= "$gGID AS gid, " .
(empty($gName) ? $gGID : $gName) . " AS name, " .
(empty($gAdmin) ? "false" : $gAdmin) . " AS admin";
= "g.$gGID AS gid, " .
(empty($gName) ? "g." . $gGID : "g." . $gName) . " AS name, " .
(empty($gAdmin) ? "false" : "g." . $gAdmin) . " AS admin";
$userColumns
= "$uUID AS uid, " .
(empty($uName) ? $uUID : $uName) . " AS name, " .
(empty($uEmail) ? "null" : $uEmail) . " AS email, " .
(empty($uQuota) ? "null" : $uQuota) . " AS quota, " .
(empty($uHome) ? "null" : $uHome) . " AS home, " .
(empty($uActive) ? "true" : $uActive) . " AS active, " .
(empty($uAvatar) ? "false" : $uAvatar) . " AS avatar, " .
(empty($uSalt) ? "null" : $uSalt) . " AS salt";
= "u.$uUID AS uid, " .
(empty($uName) ? "u." . $uUID : "u." . $uName) . " AS name, " .
(empty($uEmail) ? "null" : "u." . $uEmail) . " AS email, " .
(empty($uQuota) ? "null" : "u." . $uQuota) . " AS quota, " .
(empty($uHome) ? "null" : "u." . $uHome) . " AS home, " .
(empty($uActive) ? "true" : (empty($reverseActiveOpt) ? "" : "NOT ") . "u." . $uActive) . " AS active, " .
(empty($uAvatar) ? "false" : "u." . $uAvatar) . " AS avatar, " .
(empty($uSalt) ? "null" : "u." . $uSalt) . " AS salt";
$this->queries = [
Query::BELONGS_TO_ADMIN =>
"SELECT COUNT($gGID) > 0 AS admin " .
"FROM $group, $userGroup " .
"WHERE $ugGID = $gGID " .
"AND $ugUID = :$uidParam " .
"AND $gAdmin",
"SELECT COUNT(g.$gGID) > 0 AS admin " .
"FROM $group g, $userGroup ug " .
"WHERE ug.$ugGID = g.$gGID " .
"AND ug.$ugUID = :$uidParam " .
"AND g.$gAdmin",
Query::COUNT_GROUPS =>
"SELECT COUNT($ugGID) " .
"FROM $userGroup " .
"WHERE $ugGID = :$gidParam " .
"AND $ugUID " .
"SELECT COUNT(ug.$ugGID) " .
"FROM $userGroup ug " .
"WHERE ug.$ugGID = :$gidParam " .
"AND ug.$ugUID " .
"LIKE :$searchParam",
Query::COUNT_USERS =>
"SELECT COUNT($uUID) AS count " .
"FROM $user " .
"WHERE $uUID LIKE :$searchParam",
"SELECT COUNT(u.$uUID) AS count " .
"FROM $user u " .
"WHERE u.$uUID LIKE :$searchParam",
Query::FIND_GROUP =>
"SELECT $groupColumns " .
"FROM $group " .
"WHERE $gGID = :$gidParam",
"FROM $group g " .
"WHERE g.$gGID = :$gidParam",
Query::FIND_GROUP_USERS =>
"SELECT $ugUID AS uid " .
"FROM $userGroup " .
"WHERE $ugGID = :$gidParam " .
"AND $ugUID " .
"SELECT ug.$ugUID AS uid " .
"FROM $userGroup ug " .
"WHERE ug.$ugGID = :$gidParam " .
"AND ug.$ugUID " .
"LIKE :$searchParam " .
"ORDER BY $ugUID",
"ORDER BY ug.$ugUID",
Query::FIND_GROUPS =>
"SELECT $groupColumns " .
"FROM $group " .
"WHERE $gGID LIKE :$searchParam " .
"ORDER BY $gGID",
"FROM $group g " .
"WHERE g.$gGID LIKE :$searchParam " .
"ORDER BY g.$gGID",
Query::FIND_USER =>
"SELECT $userColumns, $uPassword AS password " .
"FROM $user " .
"WHERE $uUID = :$uidParam",
"SELECT $userColumns, u.$uPassword AS password " .
"FROM $user u " .
"WHERE u.$uUID = :$uidParam",
Query::FIND_USER_CASE_INSENSITIVE =>
"SELECT $userColumns, $uPassword AS password " .
"FROM $user " .
"WHERE lower($uUID) = lower(:$uidParam)",
"SELECT $userColumns, u.$uPassword AS password " .
"FROM $user u " .
"WHERE lower(u.$uUID) = lower(:$uidParam)",
Query::FIND_USER_GROUPS =>
"SELECT $groupColumns " .
"FROM $group, $userGroup " .
"WHERE $ugGID = $gGID " .
"AND $ugUID = :$uidParam " .
"ORDER BY $gGID",
"FROM $group g, $userGroup ug " .
"WHERE ug.$ugGID = g.$gGID " .
"AND ug.$ugUID = :$uidParam " .
"ORDER BY g.$gGID",
Query::FIND_USERS =>
"SELECT $userColumns " .
"FROM $user " .
"WHERE $uUID LIKE :$searchParam " .
"ORDER BY $uUID",
"FROM $user u " .
"WHERE u.$uUID LIKE :$searchParam " .
"ORDER BY u.$uUID",
Query::UPDATE_DISPLAY_NAME =>
"UPDATE $user " .