mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-03-23 00:50:30 +01:00
Code Issues Releases Wiki Activity

Merge pull request #4826 from marc1706/ticket/15219-rhea

Browse Source 
[ticket/15219] Update hashes to bcrypt with cron -- Rhea

* github.com:phpbb/phpbb:
  [ticket/15219] Add console command for updating hashes to bcrypt
  [ticket/15219] Add missing space
  [ticket/15219] Update hashes to bcrypt with cron
This commit is contained in:
Tristan Darricau 2017-06-06 09:33:22 +02:00
commit 1571c76ccd
No known key found for this signature in database
GPG Key ID: 817043C2E29DB881
7 changed files with 316 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
phpBB/config/default/container/services_console.yml
View File

@ -167,6 +167,18 @@ services:
tags:
- { name: console.command }
console.command.fixup.update_hashes:
class: phpbb\console\command\fixup\update_hashes
arguments:
- '@config'
- '@user'
- '@dbal.conn'
- '@passwords.manager'
- '@passwords.driver_collection'
- '%passwords.algorithms%'
tags:
- { name: console.command }
console.command.reparser.list:
class: phpbb\console\command\reparser\list_all
arguments:

14
phpBB/config/default/container/services_cron.yml
View File

@ -219,3 +219,17 @@ services:
- [set_reparser, [text_reparser.user_signature]]
tags:
- { name: cron.task }
cron.task.core.update_hashes:
class: phpbb\cron\task\core\update_hashes
arguments:
- '@config'
- '@dbal.conn'
- '@passwords.update.lock'
- '@passwords.manager'
- '@passwords.driver_collection'
- '%passwords.algorithms%'
calls:
- [set_name, [cron.task.core.update_hashes]]
tags:
- { name: cron.task }

7
phpBB/config/default/container/services_password.yml
View File

@ -127,3 +127,10 @@ services:
- '@passwords.driver_helper'
tags:
- { name: passwords.driver }
passwords.update.lock:
class: phpbb\lock\db
arguments:
- update_hashes_lock
- '@config'
- '@dbal.conn'

3
phpBB/language/en/cli.php
View File

@ -91,6 +91,8 @@ $lang = array_merge($lang, array(
'CLI_DESCRIPTION_UPDATE_CHECK_OPTION_CACHE' => 'Run check command with cache.',
'CLI_DESCRIPTION_UPDATE_CHECK_OPTION_STABILITY' => 'Run command choosing to check only stable or unstable versions.',
'CLI_DESCRIPTION_UPDATE_HASH_BCRYPT' => 'Updates outdated password hashes to be hashed with bcrypt.',
'CLI_ERROR_INVALID_STABILITY' => '"%s" needs to be set to "stable" or "unstable".',
'CLI_DESCRIPTION_USER_ACTIVATE' => 'Activate (or deactivate) a user account.',
@ -125,6 +127,7 @@ $lang = array_merge($lang, array(
'CLI_EXTENSIONS_ENABLED' => 'Enabled',
'CLI_FIXUP_RECALCULATE_EMAIL_HASH_SUCCESS' => 'Successfully recalculated all email hashes.',
'CLI_FIXUP_UPDATE_HASH_BCRYPT_SUCCESS' => 'Successfully updated outdated password hashes to bcrypt.',
'CLI_MIGRATION_NAME' => 'Migration name, including the namespace (use forward slashes instead of backslashes to avoid problems).',
'CLI_MIGRATIONS_AVAILABLE' => 'Available migrations',

117
phpBB/phpbb/console/command/fixup/update_hashes.php Normal file
View File

@ -0,0 +1,117 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\console\command\fixup;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Output\OutputInterface;
use Symfony\Component\Console\Helper\ProgressBar;
class update_hashes extends \phpbb\console\command\command
{
/** @var \phpbb\config\config */
protected $config;
/** @var \phpbb\db\driver\driver_interface */
protected $db;
/** @var \phpbb\passwords\manager */
protected $passwords_manager;
/** @var string Default hashing type */
protected $default_type;
/**
* Update_hashes constructor
*
* @param \phpbb\config\config $config
* @param \phpbb\user $user
* @param \phpbb\db\driver\driver_interface $db
* @param \phpbb\passwords\manager $passwords_manager
* @param array $hashing_algorithms Hashing driver
* service collection
* @param array $defaults Default password types
*/
public function __construct(\phpbb\config\config $config, \phpbb\user $user,
\phpbb\db\driver\driver_interface $db, \phpbb\passwords\manager $passwords_manager,
$hashing_algorithms, $defaults)
{
$this->config = $config;
$this->db = $db;
$this->passwords_manager = $passwords_manager;
foreach ($defaults as $type)
{
if ($hashing_algorithms[$type]->is_supported())
{
$this->default_type = $type;
break;
}
}
parent::__construct($user);
}
/**
* {@inheritdoc}
*/
protected function configure()
{
$this
->setName('fixup:update-hashes')
->setDescription($this->user->lang('CLI_DESCRIPTION_UPDATE_HASH_BCRYPT'))
;
}
/**
* {@inheritdoc}
*/
protected function execute(InputInterface $input, OutputInterface $output)
{
// Get count to be able to display progress
$sql = 'SELECT COUNT(user_id) AS count
FROM ' . USERS_TABLE . '
WHERE user_password ' . $this->db->sql_like_expression('$H$' . $this->db->get_any_char()) . '
OR user_password ' . $this->db->sql_like_expression('$CP$' . $this->db->get_any_char());
$result = $this->db->sql_query($sql);
$total_update_passwords = $this->db->sql_fetchfield('count');
$this->db->sql_freeresult($result);
// Create progress bar
$progress_bar = new ProgressBar($output, $total_update_passwords);
$progress_bar->start();
$sql = 'SELECT user_id, user_password
FROM ' . USERS_TABLE . '
WHERE user_password ' . $this->db->sql_like_expression('$H$' . $this->db->get_any_char()) . '
OR user_password ' . $this->db->sql_like_expression('$CP$' . $this->db->get_any_char());
$result = $this->db->sql_query($sql);
while ($row = $this->db->sql_fetchrow($result))
{
$new_hash = $this->passwords_manager->hash($row['user_password'], array($this->default_type));
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_password = "' . $this->db->sql_escape($new_hash) . '"
WHERE user_id = ' . (int) $row['user_id'];
$this->db->sql_query($sql);
$progress_bar->advance();
}
$this->config->set('update_hashes_last_cron', time());
$progress_bar->finish();
$output->writeln('<info>' . $this->user->lang('CLI_FIXUP_UPDATE_HASH_BCRYPT_SUCCESS') . '</info>');
}
}

130
phpBB/phpbb/cron/task/core/update_hashes.php Normal file
View File

@ -0,0 +1,130 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\cron\task\core;
/**
* Update old hashes to the current default hashing algorithm
*
* It is intended to gradually update all "old" style hashes to the
* current default hashing algorithm.
*/
class update_hashes extends \phpbb\cron\task\base
{
/** @var \phpbb\config\config */
protected $config;
/** @var \phpbb\db\driver\driver_interface */
protected $db;
/** @var \phpbb\lock\db */
protected $update_lock;
/** @var \phpbb\passwords\manager */
protected $passwords_manager;
/** @var string Default hashing type */
protected $default_type;
/**
* Constructor.
*
* @param \phpbb\config\config $config
* @param \phpbb\db\driver\driver_interface $db
* @param \phpbb\lock\db $update_lock
* @param \phpbb\passwords\manager $passwords_manager
* @param array $hashing_algorithms Hashing driver
* service collection
* @param array $defaults Default password types
*/
public function __construct(\phpbb\config\config $config, \phpbb\db\driver\driver_interface $db, \phpbb\lock\db $update_lock, \phpbb\passwords\manager $passwords_manager, $hashing_algorithms, $defaults)
{
$this->config = $config;
$this->db = $db;
$this->passwords_manager = $passwords_manager;
$this->update_lock = $update_lock;
foreach ($defaults as $type)
{
if ($hashing_algorithms[$type]->is_supported())
{
$this->default_type = $type;
break;
}
}
}
/**
* {@inheritdoc}
*/
public function is_runnable()
{
return !$this->config['use_system_cron'];
}
/**
* {@inheritdoc}
*/
public function should_run()
{
if (!empty($this->config['update_hashes_lock']))
{
$last_run = explode(' ', $this->config['update_hashes_lock']);
if ($last_run[0] + 60 >= time())
{
return false;
}
}
return $this->config['enable_update_hashes'] && $this->config['update_hashes_last_cron'] < (time() - 60);
}
/**
* {@inheritdoc}
*/
public function run()
{
if ($this->update_lock->acquire())
{
$sql = 'SELECT user_id, user_password
FROM ' . USERS_TABLE . '
WHERE user_password ' . $this->db->sql_like_expression('$H$' . $this->db->get_any_char()) . '
OR user_password ' . $this->db->sql_like_expression('$CP$' . $this->db->get_any_char());
$result = $this->db->sql_query_limit($sql, 20);
$affected_rows = 0;
while ($row = $this->db->sql_fetchrow($result))
{
$new_hash = $this->passwords_manager->hash($row['user_password'], array($this->default_type));
// Increase number so we know that users were selected from the database
$affected_rows++;
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_password = "' . $this->db->sql_escape($new_hash) . '"
WHERE user_id = ' . (int) $row['user_id'];
$this->db->sql_query($sql);
}
$this->config->set('update_hashes_last_cron', time());
$this->update_lock->release();
// Stop cron for good once all hashes are converted
if ($affected_rows === 0)
{
$this->config->set('enable_update_hashes', '0');
}
}
}
}

33
phpBB/phpbb/db/migration/data/v31x/update_hashes.php Normal file
View File

@ -0,0 +1,33 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\db\migration\data\v31x;
class update_hashes extends \phpbb\db\migration\migration
{
static public function depends_on()
{
return array(
'\phpbb\db\migration\data\v31x\v3110',
);
}
public function update_data()
{
return array(
array('config.add', array('enable_update_hashes', '1')),
array('config.add', array('update_hashes_lock', '')),
array('config.add', array('update_hashes_last_cron', '0'))
);
}
}