Adding SALT from DB and new Algorithm to be connected with HumHub

https://github.com/nextcloud/user_sql/pull/42
2018-06-30 13:19:04 +02:00
parent 434e2777c3
commit a2b65f144c
10 changed files with 142 additions and 8 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ## [v4.0.0-rc2]
 ### Added
 - User active column
+- SHA512 Whirlpool hashing algorithm
+- Support for salt column

 ### Changed
 - Fixed "Use of undefined constant" error for Argon2 Crypt with PHP below 7.2.
--- a/README.md
+++ b/README.md
@@ -69,6 +69,7 @@ Name | Description | Details
 **Display name** | Display name column. | Optional.
 **Active** | Flag indicating if user can log in. | Optional.<br/>Default: true.
 **Can change avatar** | Flag indicating if user can change its avatar. | Optional.<br/>Default: false.
+**Salt** | Salt which is appended to password when checking or changing the password. | Optional.

 #### Group table

@@ -191,6 +192,7 @@ Standard DES (Crypt) | | yTBnb7ab/N072
 Joomla MD5 Encryption | Generates 32 chars salt. | 14d21b49b0f13e2acba962b6b0039edd:haJK0yTvBXTNMh76xwEw5RYEVpJsN8us
 MD5 | No salt supported. | 5f4dcc3b5aa765d61d8327deb882cf99
 SHA1 | No salt supported. | 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
+SHA512 Whirlpool | No salt supported. | a96b16ebb691dbe968b0d66d0d924cff5cf5de5e0885181d00761d87f295b2bf3d3c66187c050fc01c196ff3acaa48d3561ffd170413346e934a32280d632f2e
 SSHA256 | Generates 32 chars salt. | {SSHA256}+WxTB3JxprNteeovsuSYtgI+UkVPA9lfwGoYkz3Ff7hjd1FSdmlTMkNsSExyR21KM3NvNTZ5V0p4WXJMUjFzUg==
 SSHA512 | Generates 32 chars salt. | {SSHA512}It+v1kAEUBbhMJYJ2swAtz+RLE6ispv/FB6G/ALhK/YWwEmrloY+0jzrWIfmu+rWUXp8u0Tg4jLXypC5oXAW00IyYnRVdEZJbE9wak96bkNRVWFCYmlJNWxrdTA0QmhL

--- a/js/settings.js
+++ b/js/settings.js
@@ -76,7 +76,7 @@ user_sql.adminSettingsUI = function () {
        );

        autocomplete(
-            "#db-table-user-column-uid, #db-table-user-column-email, #db-table-user-column-home, #db-table-user-column-password, #db-table-user-column-name, #db-table-user-column-active, #db-table-user-column-avatar",
+            "#db-table-user-column-uid, #db-table-user-column-email, #db-table-user-column-home, #db-table-user-column-password, #db-table-user-column-name, #db-table-user-column-active, #db-table-user-column-avatar, #db-table-user-column-salt",
            "/apps/user_sql/settings/autocomplete/table/user"
        );

--- a/lib/Backend/UserBackend.php
+++ b/lib/Backend/UserBackend.php
@@ -274,6 +274,10 @@ final class UserBackend extends Backend
            return false;
        }

+        if ($user->salt !== null) {
+            $password .= $user->salt;
+        }
+
        $isCorrect = $passwordAlgorithm->checkPassword(
            $password, $user->password
        );
@@ -417,13 +421,17 @@ final class UserBackend extends Backend
            return false;
        }

-        $passwordHash = $passwordAlgorithm->getPasswordHash($password);
-        if ($passwordHash === false) {
+        $user = $this->userRepository->findByUid($uid);
+        if (!($user instanceof User)) {
            return false;
        }

-        $user = $this->userRepository->findByUid($uid);
-        if (!($user instanceof User)) {
+        if ($user->salt !== null) {
+            $password .= $user->salt;
+        }
+
+        $passwordHash = $passwordAlgorithm->getPasswordHash($password);
+        if ($passwordHash === false) {
            return false;
        }

--- a/lib/Constant/DB.php
+++ b/lib/Constant/DB.php
@@ -51,5 +51,6 @@ final class DB
    const USER_HOME_COLUMN = "db.table.user.column.home";
    const USER_NAME_COLUMN = "db.table.user.column.name";
    const USER_PASSWORD_COLUMN = "db.table.user.column.password";
+    const USER_SALT_COLUMN = "db.table.user.column.salt";
    const USER_UID_COLUMN = "db.table.user.column.uid";
 }
--- a/lib/Crypto/SHA512Whirlpool.php
+++ b/lib/Crypto/SHA512Whirlpool.php
@@ -0,0 +1,58 @@
+<?php
+/**
+ * Nextcloud - user_sql
+ *
+ * @copyright 2018 Marcin Łojewski <dev@mlojewski.me>
+ * @author    Marcin Łojewski <dev@mlojewski.me>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace OCA\UserSQL\Crypto;
+
+use OCP\IL10N;
+
+/**
+ * SHA512 Whirlpool hashing implementation.
+ *
+ * @author Marcin Łojewski <dev@mlojewski.me>
+ */
+class SHA512Whirlpool extends AbstractAlgorithm
+{
+    /**
+     * The class constructor.
+     *
+     * @param IL10N $localization The localization service.
+     */
+    public function __construct(IL10N $localization)
+    {
+        parent::__construct($localization);
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getPasswordHash($password)
+    {
+        return hash('sha512', hash('whirlpool', $password));
+    }
+
+    /**
+     * @inheritdoc
+     */
+    protected function getAlgorithmName()
+    {
+        return "SHA512 Whirlpool";
+    }
+}
--- a/lib/Model/User.php
+++ b/lib/Model/User.php
@@ -56,4 +56,8 @@ class User
     * @var bool Can user change its avatar.
     */
    public $avatar;
+    /**
+     * @var string The password's salt.
+     */
+    public $salt;
 }
--- a/lib/Query/QueryProvider.php
+++ b/lib/Query/QueryProvider.php
@@ -71,6 +71,7 @@ class QueryProvider implements \ArrayAccess
        $uHome = $this->properties[DB::USER_HOME_COLUMN];
        $uName = $this->properties[DB::USER_NAME_COLUMN];
        $uPassword = $this->properties[DB::USER_PASSWORD_COLUMN];
+        $uSalt = $this->properties[DB::USER_SALT_COLUMN];
        $uUID = $this->properties[DB::USER_UID_COLUMN];

        $ugGID = $this->properties[DB::USER_GROUP_GID_COLUMN];
@@ -92,7 +93,8 @@ class QueryProvider implements \ArrayAccess
            (empty($uEmail) ? "null" : $uEmail) . " AS email, " .
            (empty($uHome) ? "null" : $uHome) . " AS home, " .
            (empty($uActive) ? "true" : $uActive) . " AS active, " .
-            (empty($uAvatar) ? "false" : $uAvatar) . " AS avatar";
+            (empty($uAvatar) ? "false" : $uAvatar) . " AS avatar, " .
+            (empty($uSalt) ? "null" : $uSalt) . " AS salt";

        $this->queries = [
            Query::BELONGS_TO_ADMIN =>
--- a/templates/admin.php
+++ b/templates/admin.php
@@ -148,7 +148,8 @@ function print_select_options(
                print_text_input($l, "db-table-user-column-password", "Password", $_['db.table.user.column.password']);
                print_text_input($l, "db-table-user-column-name", "Display name", $_['db.table.user.column.name']);
                print_text_input($l, "db-table-user-column-active", "Active", $_['db.table.user.column.active']);
-                print_text_input($l, "db-table-user-column-avatar", "Can change avatar", $_['db.table.user.column.avatar']); ?>
+                print_text_input($l, "db-table-user-column-avatar", "Can change avatar", $_['db.table.user.column.avatar']);
+                print_text_input($l, "db-table-user-column-salt", "Salt", $_['db.table.user.column.salt']); ?>
            </fieldset>
        </div>
        <div class="section">
--- a/tests/Crypto/SHA512WhirlpoolTest.php
+++ b/tests/Crypto/SHA512WhirlpoolTest.php
@@ -0,0 +1,56 @@
+<?php
+/**
+ * Nextcloud - user_sql
+ *
+ * @copyright 2018 Marcin Łojewski <dev@mlojewski.me>
+ * @author    Marcin Łojewski <dev@mlojewski.me>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace Tests\UserSQL\Crypto;
+
+use OCA\UserSQL\Crypto\SHA512Whirlpool;
+use OCA\UserSQL\Crypto\IPasswordAlgorithm;
+use OCP\IL10N;
+use Test\TestCase;
+
+/**
+ * Unit tests for class <code>SHA512Whirlpool</code>.
+ *
+ * @author Marcin Łojewski <dev@mlojewski.me>
+ */
+class SHA512WhirlpoolTest extends TestCase
+{
+    /**
+     * @var IPasswordAlgorithm
+     */
+    private $crypto;
+
+    public function testCheckPassword()
+    {
+        $this->assertTrue(
+            $this->crypto->checkPassword(
+                "password",
+                "a96b16ebb691dbe968b0d66d0d924cff5cf5de5e0885181d00761d87f295b2bf3d3c66187c050fc01c196ff3acaa48d3561ffd170413346e934a32280d632f2e"
+            )
+        );
+    }
+
+    protected function setUp()
+    {
+        parent::setUp();
+        $this->crypto = new SHA512Whirlpool($this->createMock(IL10N::class));
+    }
+}