spacefreak/user_sql
1
0
Fork 0
Code Pull Requests Activity

Merge branch 'develop' into develop-14

Browse Source
This commit is contained in:
Marcin Łojewski
2018-07-09 20:19:50 +02:00
committed by GitHub
parent 657e5a7ced 4d48a58bf9
commit fe265ebcd6
58 changed files with 504 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
CHANGELOG.md
View File

@@ -6,9 +6,15 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
## [Unreleased]
### Added
- SHA512 Whirlpool hashing algorithm
- phpass hashing implementation
- SHA512 Whirlpool hash algorithm
- WoltLab Community Framework 2.x hash algorithm
- phpass hash implementation
- Support for salt column
- User quota synchronization
### Changed
- Example SQL script in README file
- Fixed misspelling
### Changed
- Support for Nextcloud 14 only
@@ -18,18 +24,16 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
### Fixed
- Table and column autocomplete in settings panel
## [4.0.0-rc2]
## [4.0.0-rc2] - 2018-06-14
### Added
- User active column
### Changed
- Fixed "Use of undefined constant" error for Argon2 Crypt with PHP below 7.2.
## [4.0.0-rc1]
## [4.0.0-rc1] - 2018-06-13
### Added
- New hashing algorithms: Argon2 Crypt (PHP 7.2 and above), Blowfish Crypt, Courier base64-encoded MD5, Courier base64-encoded SHA1,
Courier base64-encoded SHA256, Courier hexadecimal MD5, Extended DES Crypt, SHA256 Crypt,
SHA512 Crypt, SSHA512, Standard DES Crypt
- New hash algorithms: Argon2 Crypt (PHP 7.2 and above), Blowfish Crypt, Courier base64-encoded MD5, Courier base64-encoded SHA1, Courier base64-encoded SHA256, Courier hexadecimal MD5, Extended DES Crypt, SHA256 Crypt, SHA512 Crypt, SSHA512, Standard DES Crypt
- Option to allow users to change their display names
- Option to allow user to change its avatar
- Database query results cache
@@ -40,10 +44,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
- The whole core implementation, which is NOT COMPATIBLE with the previous versions.
- Minimum supported PHP version - 7.0
## Removed
- MySQL ENCRYPT() hashing implementation - Function is deprecated as of MySQL 5.7.6 and will be removed in a future MySQL release.
- MySQL PASSWORD() hashing implementation - Function is deprecated as of MySQL 5.7.6 and will be removed in a future MySQL release.
- Redmine hashing implementation - Cannot implement in new core system.
### Removed
- MySQL ENCRYPT() hash implementation - Function is deprecated as of MySQL 5.7.6 and will be removed in a future MySQL release.
- MySQL PASSWORD() hash implementation - Function is deprecated as of MySQL 5.7.6 and will be removed in a future MySQL release.
- Redmine hash implementation - Cannot implement in new core system.
- User active column - Use database view instead
- Domain support

51
README.md
View File

@@ -50,8 +50,9 @@ Name | Description | Details
**Allow display name change** | With this option enabled user can change its display name. The display name change is propagated to the database. | Optional.<br/>Default: false.<br/>Requires: user *Display name* column.
**Allow password change** | Can user change its password. The password change is propagated to the database. See [Hash algorithms](#hash-algorithms). | Optional.<br/>Default: false.
**Use cache** | Use database query results cache. The cache can be cleared any time with the *Clear cache* button click. | Optional.<br/>Default: false.
**Hashing algorithm** | How users passwords are stored in the database. See [Hash algorithms](#hash-algorithms). | Mandatory.
**Email sync** | Sync e-mail address with the Nextcloud.<br/>- *None* - Disables this feature. This is the default option.<br/>- *Synchronise only once* - Copy the e-mail address to the Nextcloud storage if its not set.<br/>- *Nextcloud always wins* - Always copy the e-mail address to the database. This updates the user table.<br/>- *SQL always wins* - Always copy the e-mail address to the Nextcloud storage. | Optional.<br/>Default: *None*.<br/>Requires: user *Email* column.
**Hash algorithm** | How users passwords are stored in the database. See [Hash algorithms](#hash-algorithms). | Mandatory.
**Email sync** | Sync e-mail address with the Nextcloud.<br/>- *None* - Disables this feature. This is the default option.<br/>- *Synchronise only once* - Copy the e-mail address to the Nextcloud preferences if its not set.<br/>- *Nextcloud always wins* - Always copy the e-mail address to the database. This updates the user table.<br/>- *SQL always wins* - Always copy the e-mail address to the Nextcloud preferences. | Optional.<br/>Default: *None*.<br/>Requires: user *Email* column.
**Quota sync** | Sync user quota with the Nextcloud.<br/>- *None* - Disables this feature. This is the default option.<br/>- *Synchronise only once* - Copy the user quota to the Nextcloud preferences if its not set.<br/>- *Nextcloud always wins* - Always copy the user quota to the database. This updates the user table.<br/>- *SQL always wins* - Always copy the user quota to the Nextcloud preferences. | Optional.<br/>Default: *None*.<br/>Requires: user *Quota* column.
**Home mode** | User storage path.<br/>- *Default* - Let the Nextcloud manage this. The default option.<br/>- *Query* - Use location from the user table pointed by the *home* column.<br/>- *Static* - Use static location. The `%u` variable is replaced with the username of the user. | Optional<br/>Default: *Default*.
**Home Location** | User storage path for the `static` *home mode*. | Mandatory if the *Home mode* is set to `Static`.
@@ -64,11 +65,12 @@ Name | Description | Details
**Table name** | The table name. | Mandatory for user backend.
**Username** | Username column. | Mandatory for user backend.
**Email** | E-mail column. | Mandatory for *Email sync* option.
**Quota** | Quota column. | Mandatory for *Quota sync* option.
**Home** | Home path column. | Mandatory for `Query` *Home sync* option.
**Password** | Password hash column. | Mandatory for user backend.
**Display name** | Display name column. | Optional.
**Active** | Flag indicating if user can log in. | Optional.<br/>Default: true.
**Can change avatar** | Flag indicating if user can change its avatar. | Optional.<br/>Default: false.
**Provide avatar** | Flag indicating if user can change its avatar. | Optional.<br/>Default: false.
**Salt** | Salt which is appended to password when checking or changing the password. | Optional.
#### Group table
@@ -106,36 +108,34 @@ but be aware that some functionalities requires data changes (update queries).
If you don't have any database model yet you can use below tables (MySQL):
```
CREATE TABLE sql_users
CREATE TABLE sql_user
(
id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(16) NOT NULL,
display_name TEXT NULL,
email TEXT NULL,
home TEXT NULL,
password TEXT NOT NULL,
active TINYINT(1) NOT NULL DEFAULT '1',
can_change_avatar BOOLEAN NOT NULL DEFAULT FALSE,
CONSTRAINT users_username_uindex UNIQUE (username)
username VARCHAR(16) PRIMARY KEY,
display_name TEXT NULL,
email TEXT NULL,
quota TEXT NULL,
home TEXT NULL,
password TEXT NOT NULL,
active TINYINT(1) NOT NULL DEFAULT '1',
provide_avatar BOOLEAN NOT NULL DEFAULT FALSE
);
CREATE TABLE sql_group
(
id INT AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(16) NOT NULL,
name VARCHAR(16) PRIMARY KEY,
display_name TEXT NULL,
admin BOOLEAN NOT NULL DEFAULT FALSE,
CONSTRAINT group_name_uindex UNIQUE (name)
admin BOOLEAN NOT NULL DEFAULT FALSE
);
CREATE TABLE sql_user_group
(
id INT AUTO_INCREMENT PRIMARY KEY,
group_name VARCHAR(16) NOT NULL,
username VARCHAR(16) NOT NULL,
CONSTRAINT user_group_group_name_username_uindex UNIQUE (group_name, username),
INDEX user_group_group_name_index (group_name),
INDEX user_group_username_index (username)
group_name VARCHAR(16) NOT NULL,
PRIMARY KEY (username, group_name),
FOREIGN KEY (username) REFERENCES sql_user (username),
FOREIGN KEY (group_name) REFERENCES sql_group (name),
INDEX sql_user_group_username_idx (username),
INDEX sql_user_group_group_name_idx (group_name)
);
```
@@ -149,7 +149,7 @@ User table: wp_users
Username column: user_login
Password column: user_pass
Hashing algorithm: Unix (Crypt) or Portable PHP password
Hash algorithm: Unix (Crypt) or Portable PHP password
```
#### JHipster
@@ -166,7 +166,7 @@ Password column: password_hash
Email column: email
Active column: activated
Hashing algorithm: Unix (Crypt)
Hash algorithm: Unix (Crypt)
```
## Hash algorithms
@@ -196,6 +196,7 @@ SHA1 | No salt supported. | 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
SHA512 Whirlpool | No salt supported. | a96b16ebb691dbe968b0d66d0d924cff5cf5de5e0885181d00761d87f295b2bf3d3c66187c050fc01c196ff3acaa48d3561ffd170413346e934a32280d632f2e
SSHA256 | Generates 32 chars salt. | {SSHA256}+WxTB3JxprNteeovsuSYtgI+UkVPA9lfwGoYkz3Ff7hjd1FSdmlTMkNsSExyR21KM3NvNTZ5V0p4WXJMUjFzUg==
SSHA512 | Generates 32 chars salt. | {SSHA512}It+v1kAEUBbhMJYJ2swAtz+RLE6ispv/FB6G/ALhK/YWwEmrloY+0jzrWIfmu+rWUXp8u0Tg4jLXypC5oXAW00IyYnRVdEZJbE9wak96bkNRVWFCYmlJNWxrdTA0QmhL
WoltLab Community Framework 2.x | Double salted bcrypt. | $2a$08$XEQDKNU/Vbootwxv5Gp7gujxFX/RUFsZLvQPYM435Dd3/p17fto02
## Development
@@ -205,7 +206,7 @@ Add a new class in the `OCA\UserSQL\Platform` namespace which extends the `Abstr
Add this driver in `admin.php` template to `$drivers` variable and in method `getPlatform(Connection $connection)`
of `PlatformFactory` class.
#### New hashing algorithm support
#### New hash algorithm support
Create a new class in `OCA\UserSQL\Crypto` namespace which implements `IPasswordAlgorithm` interface.
Do not forget to write unit tests.

BIN
img/screenshot.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 42 KiB

After

Width:  |  Height:  |  Size: 43 KiB

2
js/settings.js
View File

@@ -76,7 +76,7 @@ user_sql.adminSettingsUI = function () {
);
autocomplete(
"#db-table-user-column-uid, #db-table-user-column-email, #db-table-user-column-home, #db-table-user-column-password, #db-table-user-column-name, #db-table-user-column-active, #db-table-user-column-avatar, #db-table-user-column-salt",
"#db-table-user-column-uid, #db-table-user-column-email, #db-table-user-column-quota, #db-table-user-column-home, #db-table-user-column-password, #db-table-user-column-name, #db-table-user-column-active, #db-table-user-column-avatar, #db-table-user-column-salt",
"/apps/user_sql/settings/autocomplete/table/user"
);

6
lib/Action/EmailSync.php
View File

@@ -94,7 +94,7 @@ class EmailSync implements IUserAction
$result = false;
switch ($this->properties[Opt::EMAIL_SYNC]) {
case App::EMAIL_INITIAL:
case App::SYNC_INITIAL:
if (empty($ncMail) && !empty($user->email)) {
$this->config->setUserValue(
$user->uid, "settings", "email", $user->email
@@ -103,7 +103,7 @@ class EmailSync implements IUserAction
$result = true;
break;
case App::EMAIL_FORCE_NC:
case App::SYNC_FORCE_NC:
if (!empty($ncMail) && $user->email !== $ncMail) {
$user = $this->userRepository->findByUid($user->uid);
if (!($user instanceof User)) {
@@ -115,7 +115,7 @@ class EmailSync implements IUserAction
}
break;
case App::EMAIL_FORCE_SQL:
case App::SYNC_FORCE_SQL:
if (!empty($user->email) && $user->email !== $ncMail) {
$this->config->setUserValue(
$user->uid, "settings", "email", $user->email

137
lib/Action/QuotaSync.php Normal file
View File

@@ -0,0 +1,137 @@
<?php
/**
* Nextcloud - user_sql
*
* @copyright 2018 Marcin Łojewski <dev@mlojewski.me>
* @author Marcin Łojewski <dev@mlojewski.me>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
namespace OCA\UserSQL\Action;
use OCA\UserSQL\Constant\App;
use OCA\UserSQL\Constant\Opt;
use OCA\UserSQL\Model\User;
use OCA\UserSQL\Properties;
use OCA\UserSQL\Repository\UserRepository;
use OCP\IConfig;
use OCP\ILogger;
/**
* Synchronizes the user quota.
*
* @author Marcin Łojewski <dev@mlojewski.me>
*/
class QuotaSync implements IUserAction
{
/**
* @var string The application name.
*/
private $appName;
/**
* @var ILogger The logger instance.
*/
private $logger;
/**
* @var Properties The properties array.
*/
private $properties;
/**
* @var IConfig The config instance.
*/
private $config;
/**
* @var UserRepository The user repository.
*/
private $userRepository;
/**
* The default constructor.
*
* @param string $appName The application name.
* @param ILogger $logger The logger instance.
* @param Properties $properties The properties array.
* @param IConfig $config The config instance.
* @param UserRepository $userRepository The user repository.
*/
public function __construct(
$appName, ILogger $logger, Properties $properties, IConfig $config,
UserRepository $userRepository
) {
$this->appName = $appName;
$this->logger = $logger;
$this->properties = $properties;
$this->config = $config;
$this->userRepository = $userRepository;
}
/**
* @inheritdoc
* @throws \OCP\PreConditionNotMetException
*/
public function doAction(User $user)
{
$this->logger->debug(
"Entering QuotaSync#doAction($user->uid)", ["app" => $this->appName]
);
$ncQuota = $this->config->getUserValue(
$user->uid, "files", "quota", ""
);
$result = false;
switch ($this->properties[Opt::QUOTA_SYNC]) {
case App::SYNC_INITIAL:
if (empty($ncQuota) && !empty($user->quota)) {
$this->config->setUserValue(
$user->uid, "files", "quota", $user->quota
);
}
$result = true;
break;
case App::SYNC_FORCE_NC:
if (!empty($ncQuota) && $user->quota !== $ncQuota) {
$user = $this->userRepository->findByUid($user->uid);
if (!($user instanceof User)) {
break;
}
$user->quota = $ncQuota;
$result = $this->userRepository->save($user);
}
break;
case App::SYNC_FORCE_SQL:
if (!empty($user->quota) && $user->quota !== $ncQuota) {
$this->config->setUserValue(
$user->uid, "files", "quota", $user->quota
);
}
$result = true;
break;
}
$this->logger->debug(
"Returning QuotaSync#doAction($user->uid): " . ($result ? "true"
: "false"),
["app" => $this->appName]
);
return $result;
}
}

9
lib/Backend/UserBackend.php
View File

@@ -23,6 +23,7 @@ namespace OCA\UserSQL\Backend;
use OCA\UserSQL\Action\EmailSync;
use OCA\UserSQL\Action\IUserAction;
use OCA\UserSQL\Action\QuotaSync;
use OCA\UserSQL\Cache;
use OCA\UserSQL\Constant\App;
use OCA\UserSQL\Constant\DB;
@@ -130,6 +131,14 @@ final class UserBackend extends ABackend implements
$this->userRepository
);
}
if (!empty($this->properties[Opt::QUOTA_SYNC])
&& !empty($this->properties[DB::USER_QUOTA_COLUMN])
) {
$this->actions[] = new QuotaSync(
$this->appName, $this->logger, $this->properties, $this->config,
$this->userRepository
);
}
}
/**

6
lib/Constant/App.php
View File

@@ -34,7 +34,7 @@ final class App
const HOME_QUERY = "query";
const HOME_STATIC = "static";
const EMAIL_FORCE_NC = "force_nc";
const EMAIL_FORCE_SQL = "force_sql";
const EMAIL_INITIAL = "initial";
const SYNC_FORCE_NC = "force_nc";
const SYNC_FORCE_SQL = "force_sql";
const SYNC_INITIAL = "initial";
}

1
lib/Constant/DB.php
View File

@@ -51,6 +51,7 @@ final class DB
const USER_HOME_COLUMN = "db.table.user.column.home";
const USER_NAME_COLUMN = "db.table.user.column.name";
const USER_PASSWORD_COLUMN = "db.table.user.column.password";
const USER_QUOTA_COLUMN = "db.table.user.column.quota";
const USER_SALT_COLUMN = "db.table.user.column.salt";
const USER_UID_COLUMN = "db.table.user.column.uid";
}

1
lib/Constant/Opt.php
View File

@@ -34,5 +34,6 @@ final class Opt
const HOME_MODE = "opt.home_mode";
const NAME_CHANGE = "opt.name_change";
const PASSWORD_CHANGE = "opt.password_change";
const QUOTA_SYNC = "opt.quota_sync";
const USE_CACHE = "opt.use_cache";
}

2
lib/Constant/Query.php
View File

@@ -39,9 +39,11 @@ final class Query
const FIND_USERS = "find_users";
const SAVE_USER = "save_user";
const EMAIL_PARAM = "email";
const GID_PARAM = "gid";
const NAME_PARAM = "name";
const PASSWORD_PARAM = "password";
const QUOTA_PARAM = "quota";
const SEARCH_PARAM = "search";
const UID_PARAM = "uid";
}

11
lib/Crypto/AbstractCrypt.php
View File

@@ -22,8 +22,8 @@
namespace OCA\UserSQL\Crypto;
/**
* Abstract Unix Crypt hashing implementation.
* The hashing algorithm depends on the chosen salt.
* Abstract Unix Crypt hash implementation.
* The hash algorithm depends on the chosen salt.
*
* @see crypt()
* @author Marcin Łojewski <dev@mlojewski.me>
@@ -52,12 +52,9 @@ abstract class AbstractCrypt extends AbstractAlgorithm
}
/**
* Generate a salt string for the hashing algorithm.
* Generate a salt string for the hash algorithm.
*
* @return string The salt string.
*/
protected function getSalt()
{
return "";
}
protected abstract function getSalt();
}

2
lib/Crypto/CourierMD5.php
View File

@@ -24,7 +24,7 @@ namespace OCA\UserSQL\Crypto;
use OCP\IL10N;
/**
* Courier MD5 hashing implementation.
* Courier MD5 hash implementation.
*
* @author Marcin Łojewski <dev@mlojewski.me>
*/

2
lib/Crypto/CourierMD5Raw.php
View File

@@ -24,7 +24,7 @@ namespace OCA\UserSQL\Crypto;
use OCP\IL10N;
/**
* Courier MD5 RAW hashing implementation.
* Courier MD5 RAW hash implementation.
*
* @author Marcin Łojewski <dev@mlojewski.me>
*/

2
lib/Crypto/CourierSHA1.php
View File

@@ -24,7 +24,7 @@ namespace OCA\UserSQL\Crypto;
use OCP\IL10N;
/**
* Courier SHA1 hashing implementation.
* Courier SHA1 hash implementation.
*
* @author Marcin Łojewski <dev@mlojewski.me>
*/

2
lib/Crypto/CourierSHA256.php
View File

@@ -24,7 +24,7 @@ namespace OCA\UserSQL\Crypto;
use OCP\IL10N;
/**
* Courier SHA256 hashing implementation.
* Courier SHA256 hash implementation.
*
* @author Marcin Łojewski <dev@mlojewski.me>
*/

10
lib/Crypto/Crypt.php
View File

@@ -24,7 +24,7 @@ namespace OCA\UserSQL\Crypto;
use OCP\IL10N;
/**
* Unix Crypt hashing implementation.
* Unix Crypt hash implementation.
*
* @see crypt()
* @author Marcin Łojewski <dev@mlojewski.me>
@@ -56,4 +56,12 @@ class Crypt extends AbstractCrypt
{
return "Unix (Crypt)";
}
/**
* Not used.
*/
protected function getSalt()
{
return null;
}
}

2
lib/Crypto/CryptArgon2.php
View File

@@ -24,7 +24,7 @@ namespace OCA\UserSQL\Crypto;
use OCP\IL10N;
/**
* Argon2 Crypt hashing implementation.
* Argon2 Crypt hash implementation.
*
* @see crypt()
* @author Marcin Łojewski <dev@mlojewski.me>

2
lib/Crypto/CryptBlowfish.php
View File

@@ -24,7 +24,7 @@ namespace OCA\UserSQL\Crypto;
use OCP\IL10N;
/**
* Blowfish Crypt hashing implementation.
* Blowfish Crypt hash implementation.
*
* @see crypt()
* @author Marcin Łojewski <dev@mlojewski.me>

2
lib/Crypto/CryptExtendedDES.php
View File

@@ -24,7 +24,7 @@ namespace OCA\UserSQL\Crypto;
use OCP\IL10N;
/**
* Extended DES Crypt hashing implementation.
* Extended DES Crypt hash implementation.
*
* @see crypt()
* @author Marcin Łojewski <dev@mlojewski.me>

2
lib/Crypto/CryptMD5.php
View File

@@ -24,7 +24,7 @@ namespace OCA\UserSQL\Crypto;
use OCP\IL10N;
/**
* MD5 Crypt hashing implementation.
* MD5 Crypt hash implementation.
*
* @see crypt()
* @author Marcin Łojewski <dev@mlojewski.me>

2
lib/Crypto/CryptSHA256.php
View File

@@ -24,7 +24,7 @@ namespace OCA\UserSQL\Crypto;
use OCP\IL10N;
/**
* SHA256 Crypt hashing implementation.
* SHA256 Crypt hash implementation.
*
* @see crypt()
* @author Marcin Łojewski <dev@mlojewski.me>

2
lib/Crypto/CryptSHA512.php
View File

@@ -24,7 +24,7 @@ namespace OCA\UserSQL\Crypto;
use OCP\IL10N;
/**
* SHA512 Crypt hashing implementation.
* SHA512 Crypt hash implementation.
*
* @see crypt()
* @author Marcin Łojewski <dev@mlojewski.me>

2
lib/Crypto/CryptStandardDES.php
View File

@@ -24,7 +24,7 @@ namespace OCA\UserSQL\Crypto;
use OCP\IL10N;
/**
* Standard DES Crypt hashing implementation.
* Standard DES Crypt hash implementation.
*
* @author Marcin Łojewski <dev@mlojewski.me>
*/

2
lib/Crypto/Joomla.php
View File

@@ -24,7 +24,7 @@ namespace OCA\UserSQL\Crypto;
use OCP\IL10N;
/**
* Joomla hashing implementation.
* Joomla hash implementation.
*
* @author Marcin Łojewski <dev@mlojewski.me>
*/

2
lib/Crypto/MD5.php
View File

@@ -24,7 +24,7 @@ namespace OCA\UserSQL\Crypto;
use OCP\IL10N;
/**
* MD5 hashing implementation.
* MD5 hash implementation.
*
* @author Marcin Łojewski <dev@mlojewski.me>
*/

2
lib/Crypto/Phpass.php
View File

@@ -24,7 +24,7 @@ namespace OCA\UserSQL\Crypto;
use OCP\IL10N;
/**
* phpass hashing implementation.
* phpass hash implementation.
*
* @author Marcin Łojewski <dev@mlojewski.me>
*/

2
lib/Crypto/SHA1.php
View File

@@ -24,7 +24,7 @@ namespace OCA\UserSQL\Crypto;
use OCP\IL10N;
/**
* SHA1 hashing implementation.
* SHA1 hash implementation.
*
* @author Marcin Łojewski <dev@mlojewski.me>
*/

2
lib/Crypto/SHA512Whirlpool.php
View File

@@ -24,7 +24,7 @@ namespace OCA\UserSQL\Crypto;
use OCP\IL10N;
/**
* SHA512 Whirlpool hashing implementation.
* SHA512 Whirlpool hash implementation.
*
* @author Marcin Łojewski <dev@mlojewski.me>
*/

2
lib/Crypto/SSHA.php
View File

@@ -24,7 +24,7 @@ namespace OCA\UserSQL\Crypto;
use OCP\IL10N;
/**
* SSHA* hashing implementation.
* SSHA* hash implementation.
*
* @author Marcin Łojewski <dev@mlojewski.me>
*/

2
lib/Crypto/SSHA256.php
View File

@@ -24,7 +24,7 @@ namespace OCA\UserSQL\Crypto;
use OCP\IL10N;
/**
* SSHA256 hashing implementation.
* SSHA256 hash implementation.
*
* @author Marcin Łojewski <dev@mlojewski.me>
*/

2
lib/Crypto/SSHA512.php
View File

@@ -24,7 +24,7 @@ namespace OCA\UserSQL\Crypto;
use OCP\IL10N;
/**
* SSHA512 hashing implementation.
* SSHA512 hash implementation.
*
* @author Marcin Łojewski <dev@mlojewski.me>
*/

63
lib/Crypto/WCF2.php Normal file
View File

@@ -0,0 +1,63 @@
<?php
/**
* Nextcloud - user_sql
*
* @copyright 2018 Marcin Łojewski <dev@mlojewski.me>
* @author Marcin Łojewski <dev@mlojewski.me>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
namespace OCA\UserSQL\Crypto;
/**
* WCF2 hash implementation.
*
* @author Marcin Łojewski <dev@mlojewski.me>
*/
class WCF2 extends AbstractCrypt
{
/**
* @inheritdoc
*/
public function checkPassword($password, $dbHash)
{
return hash_equals($dbHash, crypt(crypt($password, $dbHash), $dbHash));
}
/**
* @inheritdoc
*/
public function getPasswordHash($password)
{
$salt = $this->getSalt();
return crypt(crypt($password, $salt), $salt);
}
/**
* @inheritdoc
*/
protected function getSalt()
{
return "$2a$08$" . Utils::randomString(22, self::SALT_ALPHABET) . "$";
}
/**
* @inheritdoc
*/
protected function getAlgorithmName()
{
return "WoltLab Community Framework 2.x";
}
}

4
lib/Model/User.php
View File

@@ -36,6 +36,10 @@ class User
* @var string The user's email address.
*/
public $email;
/**
* @var string The user quota.
*/
public $quota;
/**
* @var string The user's display name.
*/

8
lib/Query/QueryProvider.php
View File

@@ -71,15 +71,18 @@ class QueryProvider implements \ArrayAccess
$uHome = $this->properties[DB::USER_HOME_COLUMN];
$uName = $this->properties[DB::USER_NAME_COLUMN];
$uPassword = $this->properties[DB::USER_PASSWORD_COLUMN];
$uQuota = $this->properties[DB::USER_QUOTA_COLUMN];
$uSalt = $this->properties[DB::USER_SALT_COLUMN];
$uUID = $this->properties[DB::USER_UID_COLUMN];
$ugGID = $this->properties[DB::USER_GROUP_GID_COLUMN];
$ugUID = $this->properties[DB::USER_GROUP_UID_COLUMN];
$emailParam = Query::EMAIL_PARAM;
$gidParam = Query::GID_PARAM;
$nameParam = Query::NAME_PARAM;
$passwordParam = Query::PASSWORD_PARAM;
$quotaParam = Query::QUOTA_PARAM;
$searchParam = Query::SEARCH_PARAM;
$uidParam = Query::UID_PARAM;
@@ -91,6 +94,7 @@ class QueryProvider implements \ArrayAccess
= "$uUID AS uid, " .
(empty($uName) ? "null" : $uName) . " AS name, " .
(empty($uEmail) ? "null" : $uEmail) . " AS email, " .
(empty($uQuota) ? "null" : $uQuota) . " AS quota, " .
(empty($uHome) ? "null" : $uHome) . " AS home, " .
(empty($uActive) ? "true" : $uActive) . " AS active, " .
(empty($uAvatar) ? "false" : $uAvatar) . " AS avatar, " .
@@ -156,7 +160,9 @@ class QueryProvider implements \ArrayAccess
Query::SAVE_USER =>
"UPDATE $user " .
"SET $uPassword = :$passwordParam, " .
"$uName = :$nameParam " .
"$uName = :$nameParam, " .
"$uEmail = :$emailParam, " .
"$uQuota = :$quotaParam " .
"WHERE $uUID = :$uidParam",
];
}

2
lib/Repository/UserRepository.php
View File

@@ -107,6 +107,8 @@ class UserRepository
Query::SAVE_USER, [
Query::NAME_PARAM => $user->name,
Query::PASSWORD_PARAM => $user->password,
Query::EMAIL_PARAM => $user->email,
Query::QUOTA_PARAM => $user->quota,
Query::UID_PARAM => $user->uid
]
);

20
templates/admin.php
View File

@@ -71,6 +71,16 @@ function print_select_options(
echo "</option>";
}
#54: Merge develop-14 into develop Conflicts
Resolved all conflicts
2 conflicting files
CHANGELOG.md
CHANGELOG.md
admin.php
templates/admin.php
templates/admin.php
Resolved
echo "</select>";
echo "</label></div>";
}
@@ -115,7 +125,7 @@ function print_select_options(
<input type="submit" id="user_sql-clear_cache" value="<?php p($l->t("Clear cache")); ?>">
</div>
<?php
$hashing = [];
$hashes = [];
foreach (glob(__DIR__ . "/../lib/Crypto/*.php") as $filename) {
$class = "OCA\\UserSQL\\Crypto\\" . basename(substr($filename, 0, -4));
try {
@@ -123,14 +133,15 @@ function print_select_options(
if ($passwordAlgorithm instanceof
\OCA\UserSQL\Crypto\IPasswordAlgorithm
) {
$hashing[$class] = $passwordAlgorithm->getVisibleName();
$hashes[$class] = $passwordAlgorithm->getVisibleName();
}
} catch (Throwable $e) {
}
}
print_select_options($l, "opt-crypto_class", "Hashing algorithm", $hashing, $_["opt.crypto_class"]);
print_select_options($l, "opt-crypto_class", "Hash algorithm", $hashes, $_["opt.crypto_class"]);
print_select_options($l, "opt-email_sync", "Email sync", ["" => "None", "initial" => "Synchronise only once", "force_nc"=>"Nextcloud always wins", "force_sql"=>"SQL always wins"], $_["opt.email_sync"]);
print_select_options($l, "opt-quota_sync", "Quota sync", ["" => "None", "initial" => "Synchronise only once", "force_nc"=>"Nextcloud always wins", "force_sql"=>"SQL always wins"], $_["opt.quota_sync"]);
print_select_options($l, "opt-home_mode", "Home mode", ["" => "Default", "query" => "Query", "static" => "Static"], $_["opt.home_mode"]);
print_text_input($l, "opt-home_location", "Home Location", $_["opt.home_location"]); ?>
</fieldset>
@@ -144,11 +155,12 @@ function print_select_options(
<?php
print_text_input($l, "db-table-user-column-uid", "Username", $_["db.table.user.column.uid"]);
print_text_input($l, "db-table-user-column-email", "Email", $_["db.table.user.column.email"]);
print_text_input($l, "db-table-user-column-quota", "Quota", $_["db.table.user.column.quota"]);
print_text_input($l, "db-table-user-column-home", "Home", $_["db.table.user.column.home"]);
print_text_input($l, "db-table-user-column-password", "Password", $_["db.table.user.column.password"]);
print_text_input($l, "db-table-user-column-name", "Display name", $_["db.table.user.column.name"]);
print_text_input($l, "db-table-user-column-active", "Active", $_["db.table.user.column.active"]);
print_text_input($l, "db-table-user-column-avatar", "Can change avatar", $_["db.table.user.column.avatar"]);
print_text_input($l, "db-table-user-column-avatar", "Provide avatar", $_["db.table.user.column.avatar"]);
print_text_input($l, "db-table-user-column-salt", "Salt", $_["db.table.user.column.salt"]); ?>
</fieldset>
</div>

6
tests/Crypto/CleartextTest.php
View File

@@ -43,6 +43,12 @@ class CleartextTest extends TestCase
$this->assertTrue($this->crypto->checkPassword("password", "password"));
}
public function testPasswordHash()
{
$hash = $this->crypto->getPasswordHash("password");
$this->assertTrue($this->crypto->checkPassword("password", $hash));
}
protected function setUp()
{
parent::setUp();

6
tests/Crypto/CourierMD5RawTest.php
View File

@@ -47,6 +47,12 @@ class CourierMD5RawTest extends TestCase
);
}
public function testPasswordHash()
{
$hash = $this->crypto->getPasswordHash("password");
$this->assertTrue($this->crypto->checkPassword("password", $hash));
}
protected function setUp()
{
parent::setUp();

6
tests/Crypto/CourierMD5Test.php
View File

@@ -47,6 +47,12 @@ class CourierMD5Test extends TestCase
);
}
public function testPasswordHash()
{
$hash = $this->crypto->getPasswordHash("password");
$this->assertTrue($this->crypto->checkPassword("password", $hash));
}
protected function setUp()
{
parent::setUp();

6
tests/Crypto/CourierSHA1Test.php
View File

@@ -47,6 +47,12 @@ class CourierSHA1Test extends TestCase
);
}
public function testPasswordHash()
{
$hash = $this->crypto->getPasswordHash("password");
$this->assertTrue($this->crypto->checkPassword("password", $hash));
}
protected function setUp()
{
parent::setUp();

6
tests/Crypto/CourierSHA256Test.php
View File

@@ -48,6 +48,12 @@ class CourierSHA256Test extends TestCase
);
}
public function testPasswordHash()
{
$hash = $this->crypto->getPasswordHash("password");
$this->assertTrue($this->crypto->checkPassword("password", $hash));
}
protected function setUp()
{
parent::setUp();

6
tests/Crypto/CryptArgon2Test.php
View File

@@ -48,6 +48,12 @@ class CryptArgon2Test extends TestCase
);
}
public function testPasswordHash()
{
$hash = $this->crypto->getPasswordHash("password");
$this->assertTrue($this->crypto->checkPassword("password", $hash));
}
protected function setUp()
{
parent::setUp();

6
tests/Crypto/CryptBlowfishTest.php
View File

@@ -48,6 +48,12 @@ class CryptBlowfishTest extends TestCase
);
}
public function testPasswordHash()
{
$hash = $this->crypto->getPasswordHash("password");
$this->assertTrue($this->crypto->checkPassword("password", $hash));
}
protected function setUp()
{
parent::setUp();

6
tests/Crypto/CryptExtendedDESTest.php
View File

@@ -45,6 +45,12 @@ class CryptExtendedDESTest extends TestCase
);
}
public function testPasswordHash()
{
$hash = $this->crypto->getPasswordHash("password");
$this->assertTrue($this->crypto->checkPassword("password", $hash));
}
protected function setUp()
{
parent::setUp();

6
tests/Crypto/CryptMD5Test.php
View File

@@ -47,6 +47,12 @@ class CryptMD5Test extends TestCase
);
}
public function testPasswordHash()
{
$hash = $this->crypto->getPasswordHash("password");
$this->assertTrue($this->crypto->checkPassword("password", $hash));
}
protected function setUp()
{
parent::setUp();

6
tests/Crypto/CryptSHA256Test.php
View File

@@ -48,6 +48,12 @@ class CryptSHA256Test extends TestCase
);
}
public function testPasswordHash()
{
$hash = $this->crypto->getPasswordHash("password");
$this->assertTrue($this->crypto->checkPassword("password", $hash));
}
protected function setUp()
{
parent::setUp();

6
tests/Crypto/CryptSHA512Test.php
View File

@@ -48,6 +48,12 @@ class CryptSHA512Test extends TestCase
);
}
public function testPasswordHash()
{
$hash = $this->crypto->getPasswordHash("password");
$this->assertTrue($this->crypto->checkPassword("password", $hash));
}
protected function setUp()
{
parent::setUp();

6
tests/Crypto/CryptStandardDESTest.php
View File

@@ -45,6 +45,12 @@ class CryptStandardDESTest extends TestCase
);
}
public function testPasswordHash()
{
$hash = $this->crypto->getPasswordHash("password");
$this->assertTrue($this->crypto->checkPassword("password", $hash));
}
protected function setUp()
{
parent::setUp();

6
tests/Crypto/CryptTest.php
View File

@@ -48,6 +48,12 @@ class CryptTest extends TestCase
);
}
public function testPasswordHash()
{
$hash = $this->crypto->getPasswordHash("password");
$this->assertTrue($this->crypto->checkPassword("password", $hash));
}
protected function setUp()
{
parent::setUp();

6
tests/Crypto/JoomlaTest.php
View File

@@ -48,6 +48,12 @@ class JoomlaTest extends TestCase
);
}
public function testPasswordHash()
{
$hash = $this->crypto->getPasswordHash("password");
$this->assertTrue($this->crypto->checkPassword("password", $hash));
}
protected function setUp()
{
parent::setUp();

6
tests/Crypto/MD5Test.php
View File

@@ -47,6 +47,12 @@ class MD5Test extends TestCase
);
}
public function testPasswordHash()
{
$hash = $this->crypto->getPasswordHash("password");
$this->assertTrue($this->crypto->checkPassword("password", $hash));
}
protected function setUp()
{
parent::setUp();

6
tests/Crypto/PhpassTest.php
View File

@@ -47,6 +47,12 @@ class PhpassTest extends TestCase
);
}
public function testPasswordHash()
{
$hash = $this->crypto->getPasswordHash("password");
$this->assertTrue($this->crypto->checkPassword("password", $hash));
}
protected function setUp()
{
parent::setUp();

6
tests/Crypto/SHA1Test.php
View File

@@ -47,6 +47,12 @@ class SHA1Test extends TestCase
);
}
public function testPasswordHash()
{
$hash = $this->crypto->getPasswordHash("password");
$this->assertTrue($this->crypto->checkPassword("password", $hash));
}
protected function setUp()
{
parent::setUp();

6
tests/Crypto/SHA512WhirlpoolTest.php
View File

@@ -48,6 +48,12 @@ class SHA512WhirlpoolTest extends TestCase
);
}
public function testPasswordHash()
{
$hash = $this->crypto->getPasswordHash("password");
$this->assertTrue($this->crypto->checkPassword("password", $hash));
}
protected function setUp()
{
parent::setUp();

6
tests/Crypto/SSHA256Test.php
View File

@@ -48,6 +48,12 @@ class SSHA256Test extends TestCase
);
}
public function testPasswordHash()
{
$hash = $this->crypto->getPasswordHash("password");
$this->assertTrue($this->crypto->checkPassword("password", $hash));
}
protected function setUp()
{
parent::setUp();

6
tests/Crypto/SSHA512Test.php
View File

@@ -48,6 +48,12 @@ class SSHA512Test extends TestCase
);
}
public function testPasswordHash()
{
$hash = $this->crypto->getPasswordHash("password");
$this->assertTrue($this->crypto->checkPassword("password", $hash));
}
protected function setUp()
{
parent::setUp();

62
tests/Crypto/WCF2Test.php Normal file
View File

@@ -0,0 +1,62 @@
<?php
/**
* Nextcloud - user_sql
*
* @copyright 2018 Marcin Łojewski <dev@mlojewski.me>
* @author Marcin Łojewski <dev@mlojewski.me>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
namespace Tests\UserSQL\Crypto;
use OCA\UserSQL\Crypto\IPasswordAlgorithm;
use OCA\UserSQL\Crypto\WCF2;
use OCP\IL10N;
use Test\TestCase;
/**
* Unit tests for class <code>WCF2</code>.
*
* @author Marcin Łojewski <dev@mlojewski.me>
*/
class WCF2Test extends TestCase
{
/**
* @var IPasswordAlgorithm
*/
private $crypto;
public function testCheckPassword()
{
$this->assertTrue(
$this->crypto->checkPassword(
"password",
"$2a$08\$XEQDKNU/Vbootwxv5Gp7gujxFX/RUFsZLvQPYM435Dd3/p17fto02"
)
);
}
public function testPasswordHash()
{
$hash = $this->crypto->getPasswordHash("password");
$this->assertTrue($this->crypto->checkPassword("password", $hash));
}
protected function setUp()
{
parent::setUp();
$this->crypto = new WCF2($this->createMock(IL10N::class));
}
}