mirror of
https://github.com/phpbb/phpbb.git
synced 2025-01-18 06:38:43 +01:00
[ticket/14733] Support increasing hashing cost factor
PHPBB3-14733
This commit is contained in:
Marc Alexander
parent
7bb4e88acd
commit
1d40c0f43b
@ -1,3 +1,6 @@
|
||||
parameters:
|
||||
passwords.driver.bcrypt_cost: 10
|
||||
|
||||
services:
|
||||
# ----- Password management -----
|
||||
passwords.manager:
|
||||
@ -29,6 +32,7 @@ services:
|
||||
arguments:
|
||||
- '@config'
|
||||
- '@passwords.driver_helper'
|
||||
- '%passwords.driver.bcrypt_cost%'
|
||||
tags:
|
||||
- { name: passwords.driver }
|
||||
|
||||
@ -37,6 +41,7 @@ services:
|
||||
arguments:
|
||||
- '@config'
|
||||
- '@passwords.driver_helper'
|
||||
- '%passwords.driver.bcrypt_cost%'
|
||||
tags:
|
||||
- { name: passwords.driver }
|
||||
|
||||
|
||||
@ -52,6 +52,14 @@ abstract class base implements driver_interface
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function needs_rehash($hash)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
|
||||
@ -17,6 +17,23 @@ class bcrypt extends base
|
||||
{
|
||||
const PREFIX = '$2a$';
|
||||
|
||||
/** @var int Hashing cost factor */
|
||||
protected $cost_factor;
|
||||
|
||||
/**
|
||||
* Constructor of passwords driver object
|
||||
*
|
||||
* @param \phpbb\config\config $config phpBB config
|
||||
* @param \phpbb\passwords\driver\helper $helper Password driver helper
|
||||
*/
|
||||
public function __construct(\phpbb\config\config $config, helper $helper, $cost_factor)
|
||||
{
|
||||
parent::__construct($config, $helper);
|
||||
|
||||
// Don't allow cost factor to be below default setting
|
||||
$this->cost_factor = max(10, $cost_factor);
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
@ -25,6 +42,18 @@ class bcrypt extends base
|
||||
return self::PREFIX;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function needs_rehash($hash)
|
||||
{
|
||||
preg_match('/^' . preg_quote($this->get_prefix()) . '([0-9]+)\$/', $hash, $matches);
|
||||
|
||||
list(, $cost_factor) = $matches;
|
||||
|
||||
return empty($cost_factor) || $this->cost_factor !== intval($cost_factor);
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
@ -46,7 +75,7 @@ class bcrypt extends base
|
||||
|
||||
if ($salt == '')
|
||||
{
|
||||
$salt = $prefix . '10$' . $this->get_random_salt();
|
||||
$salt = $prefix . $this->cost_factor . '$' . $this->get_random_salt();
|
||||
}
|
||||
|
||||
$hash = crypt($password, $salt);
|
||||
|
||||
@ -29,6 +29,14 @@ interface driver_interface
|
||||
*/
|
||||
public function is_legacy();
|
||||
|
||||
/**
|
||||
* Check if password needs to be rehashed
|
||||
*
|
||||
* @param string $hash Hash to check for rehash
|
||||
* @return bool True if password needs to be rehashed, false if not
|
||||
*/
|
||||
public function needs_rehash($hash);
|
||||
|
||||
/**
|
||||
* Returns the hash prefix
|
||||
*
|
||||
|
||||
@ -297,7 +297,7 @@ class manager
|
||||
}
|
||||
else
|
||||
{
|
||||
$this->convert_flag = false;
|
||||
$this->convert_flag = $stored_hash_type->needs_rehash($hash);
|
||||
}
|
||||
|
||||
// Check all legacy hash types if prefix is $CP$
|
||||
|
||||
@ -23,8 +23,8 @@ class phpbb_passwords_helper_test extends \phpbb_test_case
|
||||
$php_ext = 'php';
|
||||
|
||||
$this->passwords_drivers = array(
|
||||
'passwords.driver.bcrypt_2y' => new \phpbb\passwords\driver\bcrypt_2y($config, $this->driver_helper),
|
||||
'passwords.driver.bcrypt' => new \phpbb\passwords\driver\bcrypt($config, $this->driver_helper),
|
||||
'passwords.driver.bcrypt_2y' => new \phpbb\passwords\driver\bcrypt_2y($config, $this->driver_helper, 10),
|
||||
'passwords.driver.bcrypt' => new \phpbb\passwords\driver\bcrypt($config, $this->driver_helper, 10),
|
||||
'passwords.driver.salted_md5' => new \phpbb\passwords\driver\salted_md5($config, $this->driver_helper),
|
||||
'passwords.driver.phpass' => new \phpbb\passwords\driver\phpass($config, $this->driver_helper),
|
||||
'passwords.driver.sha1_smf' => new \phpbb\passwords\driver\sha1_smf($config, $this->driver_helper),
|
||||
@ -413,4 +413,23 @@ class phpbb_passwords_helper_test extends \phpbb_test_case
|
||||
);
|
||||
return strtr($string, $transform);
|
||||
}
|
||||
|
||||
public function data_needs_rehash()
|
||||
{
|
||||
return array(
|
||||
array('passwords.driver.bcrypt_2y', '$2y$10$somerandomhash', false),
|
||||
array('passwords.driver.bcrypt', '$2a$10$somerandomhash', false),
|
||||
array('passwords.driver.salted_md5', 'foobar', false),
|
||||
array('passwords.driver.bcrypt_2y', '$2y$9$somerandomhash', true),
|
||||
array('passwords.driver.bcrypt', '$2a$04$somerandomhash', true),
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider data_needs_rehash
|
||||
*/
|
||||
public function test_needs_rehash($driver, $hash, $expected)
|
||||
{
|
||||
$this->assertSame($this->passwords_drivers[$driver]->needs_rehash($hash), $expected);
|
||||
}
|
||||
}
|
||||
|
||||
@ -29,8 +29,8 @@ class phpbb_passwords_manager_test extends \phpbb_test_case
|
||||
$php_ext = 'php';
|
||||
|
||||
$this->passwords_drivers = array(
|
||||
'passwords.driver.bcrypt_2y' => new \phpbb\passwords\driver\bcrypt_2y($config, $this->driver_helper),
|
||||
'passwords.driver.bcrypt' => new \phpbb\passwords\driver\bcrypt($config, $this->driver_helper),
|
||||
'passwords.driver.bcrypt_2y' => new \phpbb\passwords\driver\bcrypt_2y($config, $this->driver_helper, 10),
|
||||
'passwords.driver.bcrypt' => new \phpbb\passwords\driver\bcrypt($config, $this->driver_helper, 10),
|
||||
'passwords.driver.salted_md5' => new \phpbb\passwords\driver\salted_md5($config, $this->driver_helper),
|
||||
'passwords.driver.phpass' => new \phpbb\passwords\driver\phpass($config, $this->driver_helper),
|
||||
'passwords.driver.convert_password' => new \phpbb\passwords\driver\convert_password($config, $this->driver_helper),
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user