Commit b34c203a authored by Andreas Beutel's avatar Andreas Beutel

Merge branch 'task/look-for-correct-hash-and-set-random-password-for-feuser' into 'develop'

Look for correct hashing to check if password is salted and set random password

See merge request !170
parents 483a0763 db77a78d
Pipeline #7413 passed with stages
in 4 minutes and 2 seconds
......@@ -545,19 +545,16 @@ class Ldap implements \Psr\Log\LoggerAwareInterface
* @param string $passwordString The password string
* @return bool
*/
private function isSaltedPassword($passwordString)
private function isSaltedPassword(string $passwordString): bool
{
$ret = false;
if ($passwordString !== '') {
$saltedHashingMethods = \TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashFactory::getRegisteredSaltedHashingMethods();
foreach ($saltedHashingMethods as $saltedHashingMethod) {
/** @var \TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface $method */
$method = GeneralUtility::makeInstance($saltedHashingMethod);
if ($method->isAvailable() && $method->isValidSaltedPW($passwordString)) {
return true;
}
}
$isSalted = false;
try {
GeneralUtility::makeInstance(\TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashFactory::class)->get($passwordString, 'FE');
$isSalted = true;
} catch (\TYPO3\CMS\Core\Crypto\PasswordHashing\InvalidPasswordHashException $e) {
}
return $isSalted;
}
/**
......
......@@ -173,6 +173,7 @@ class FeManagerHooks
$plainTextPassword = '';
if ($user->_isDirty('password') && $user->getPassword() !== '') {
$plainTextPassword = $user->getPassword();
$user->setPassword($this->getRandomPassword());
\In2code\Femanager\Utility\UserUtility::convertPassword($user, '');
}
$this->ldapUserCreateUpdateDelete->updateUser($user, true, $plainTextPassword);
......@@ -222,6 +223,7 @@ class FeManagerHooks
$objectManager = GeneralUtility::makeInstance(ObjectManager::class);
$userRepository = $objectManager->get(\In2code\Femanager\Domain\Repository\UserRepository::class);
$plainTextPassword = $user->getPassword();
$user->setPassword($this->getRandomPassword());
\In2code\Femanager\Utility\UserUtility::hashPassword($user, '');
$userRepository->add($user);
$this->persistenceManager->persistAll();
......@@ -328,6 +330,11 @@ class FeManagerHooks
return true;
}
private function getRandomPassword(): string
{
return GeneralUtility::makeInstance(\TYPO3\CMS\Core\Crypto\Random::class)->generateRandomHexString(20);
}
/**
* @return string
*/
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment