Merge branch 'feature/drupal_7' into develop

lib/Crypto/Drupal7.php

@@ -0,0 +1,60 @@
+<?php
+/**
+ * Nextcloud - user_sql
+ *
+ * @copyright 2018 Marcin Łojewski <dev@mlojewski.me>
+ * @author    Marcin Łojewski <dev@mlojewski.me>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace OCA\UserSQL\Crypto;
+
+/**
+ * Drupal 7 overrides of phpass hash implementation.
+ *
+ * @author BrandonKerr
+ * @author Marcin Łojewski <dev@mlojewski.me>
+ */
+class Drupal7 extends Phpass
+{
+    /**
+     * The expected (and maximum) number of characters in a hashed password.
+     */
+    const DRUPAL_HASH_LENGTH = 55;
+
+    /**
+     * @inheritdoc
+     */
+    protected function crypt($password, $setting)
+    {
+        return substr(parent::crypt($password, $setting), 0, self::DRUPAL_HASH_LENGTH);
+    }
+
+    /**
+     * @inheritdoc
+     */
+    protected function hash($input)
+    {
+        return hash('sha512', $input, true);
+    }
+
+    /**
+     * @inheritdoc
+     */
+    protected function getAlgorithmName()
+    {
+        return "Drupal 7";
+    }
+}

lib/Crypto/Phpass.php

@@ -61,7 +61,7 @@ class Phpass extends AbstractAlgorithm
      *
      * @return string|null Generated hash. Null on invalid settings.
      */
-    private function crypt($password, $setting)
+    protected function crypt($password, $setting)
     {
         $countLog2 = strpos(self::ITOA64, $setting[3]);
         if ($countLog2 < 7 || $countLog2 > 30) {
@@ -75,17 +75,29 @@ class Phpass extends AbstractAlgorithm
             return null;
         }
 
-        $hash = md5($salt . $password, true);
+        $hash = $this->hash($salt . $password);
         do {
-            $hash = md5($hash . $password, true);
+            $hash = $this->hash($hash . $password);
         } while (--$count);
 
         $output = substr($setting, 0, 12);
-        $output .= $this->encode64($hash, 16);
+        $output .= $this->encode64($hash, strlen($hash));
 
         return $output;
     }
 
+    /**
+     * Apply hash function to input.
+     *
+     * @param string $input Input string.
+     *
+     * @return string Hashed input.
+     */
+    protected function hash($input)
+    {
+        return md5($input, true);
+    }
+
     /**
      * Encode binary input to base64 string.
      *