bitPickups/friendica_2019-12_sharedHosting_hotFix
1
1
Fork 0
Code Pull requests Activity

Revert "Remove SQL column legacy_password"

Browse source 
This reverts commit 82f1f2f00e.
This commit is contained in:
Alexandre Alapetite 2018-04-15 10:51:22 +02:00
parent e860cdf6a8
commit 991a3d959e
5 changed files with 12 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
database.sql
View file

@ -1019,6 +1019,7 @@ CREATE TABLE IF NOT EXISTS `user` (
`guid` varchar(64) NOT NULL DEFAULT '' COMMENT '', `guid` varchar(64) NOT NULL DEFAULT '' COMMENT '',
`username` varchar(255) NOT NULL DEFAULT '' COMMENT '', `username` varchar(255) NOT NULL DEFAULT '' COMMENT '',
`password` varchar(255) NOT NULL DEFAULT '' COMMENT '', `password` varchar(255) NOT NULL DEFAULT '' COMMENT '',
`legacy_password` boolean NOT NULL DEFAULT '0' COMMENT 'Is the password hash double-hashed?',
`nickname` varchar(255) NOT NULL DEFAULT '' COMMENT '', `nickname` varchar(255) NOT NULL DEFAULT '' COMMENT '',
`email` varchar(255) NOT NULL DEFAULT '' COMMENT '', `email` varchar(255) NOT NULL DEFAULT '' COMMENT '',
`openid` varchar(255) NOT NULL DEFAULT '' COMMENT '', `openid` varchar(255) NOT NULL DEFAULT '' COMMENT '',

1
src/Database/DBStructure.php
View file

@ -1726,6 +1726,7 @@ class DBStructure
"guid" => ["type" => "varchar(64)", "not null" => "1", "default" => "", "comment" => ""], "guid" => ["type" => "varchar(64)", "not null" => "1", "default" => "", "comment" => ""],
"username" => ["type" => "varchar(255)", "not null" => "1", "default" => "", "comment" => ""], "username" => ["type" => "varchar(255)", "not null" => "1", "default" => "", "comment" => ""],
"password" => ["type" => "varchar(255)", "not null" => "1", "default" => "", "comment" => ""], "password" => ["type" => "varchar(255)", "not null" => "1", "default" => "", "comment" => ""],
"legacy_password" => ["type" => "boolean", "not null" => "1", "default" => "0", "comment" => "Is the password hash double-hashed?"],
"nickname" => ["type" => "varchar(255)", "not null" => "1", "default" => "", "comment" => ""], "nickname" => ["type" => "varchar(255)", "not null" => "1", "default" => "", "comment" => ""],
"email" => ["type" => "varchar(255)", "not null" => "1", "default" => "", "comment" => ""], "email" => ["type" => "varchar(255)", "not null" => "1", "default" => "", "comment" => ""],
"openid" => ["type" => "varchar(255)", "not null" => "1", "default" => "", "comment" => ""], "openid" => ["type" => "varchar(255)", "not null" => "1", "default" => "", "comment" => ""],

6
src/Model/User.php
View file

@ -170,12 +170,13 @@ class User
if (!isset($user['uid']) if (!isset($user['uid'])
|| !isset($user['password']) || !isset($user['password'])
|| !isset($user['legacy_password'])
) { ) {
throw new Exception(L10n::t('Not enough information to authenticate')); throw new Exception(L10n::t('Not enough information to authenticate'));
} }
} elseif (is_int($user_info) || is_string($user_info)) { } elseif (is_int($user_info) || is_string($user_info)) {
if (is_int($user_info)) { if (is_int($user_info)) {
$user = dba::selectFirst('user', ['uid', 'password'], $user = dba::selectFirst('user', ['uid', 'password', 'legacy_password'],
[ [
'uid' => $user_info, 'uid' => $user_info,
'blocked' => 0, 'blocked' => 0,
@ -185,7 +186,7 @@ class User
] ]
); );
} else { } else {
$user = dba::fetch_first('SELECT `uid`, `password` $user = dba::fetch_first('SELECT `uid`, `password`, `legacy_password`
FROM `user` FROM `user`
WHERE (`email` = ? OR `username` = ? OR `nickname` = ?) WHERE (`email` = ? OR `username` = ? OR `nickname` = ?)
AND `blocked` = 0 AND `blocked` = 0
@ -276,6 +277,7 @@ class User
'password' => $pasword_hashed, 'password' => $pasword_hashed,
'pwdreset' => null, 'pwdreset' => null,
'pwdreset_time' => null, 'pwdreset_time' => null,
'legacy_password' => false
]; ];
return dba::update('user', $fields, ['uid' => $uid]); return dba::update('user', $fields, ['uid' => $uid]);
} }

2
src/Util/ExAuth.php
View file

@ -226,7 +226,7 @@ class ExAuth
if ($a->get_hostname() == $aCommand[2]) { if ($a->get_hostname() == $aCommand[2]) {
$this->writeLog(LOG_INFO, 'internal auth for ' . $sUser . '@' . $aCommand[2]); $this->writeLog(LOG_INFO, 'internal auth for ' . $sUser . '@' . $aCommand[2]);
$aUser = dba::selectFirst('user', ['uid', 'password'], ['nickname' => $sUser]); $aUser = dba::selectFirst('user', ['uid', 'password', 'legacy_password'], ['nickname' => $sUser]);
if (DBM::is_result($aUser)) { if (DBM::is_result($aUser)) {
$uid = $aUser['uid']; $uid = $aUser['uid'];
$success = User::authenticate($aUser, $aCommand[3]); $success = User::authenticate($aUser, $aCommand[3]);

7
update.php
View file

@ -149,9 +149,12 @@ function update_1203() {
} }
function update_1244() { function update_1244() {
// Sets legacy_password for all legacy hashes
dba::update('user', ['legacy_password' => true], ['SUBSTR(password, 1, 4) != "$2y$"']);
// All legacy hashes are re-hashed using the new secure hashing function // All legacy hashes are re-hashed using the new secure hashing function
$stmt = dba::select('user', ['uid', 'password'], ['password NOT LIKE "$%"']); $stmt = dba::select('user', ['uid', 'password'], ['legacy_password' => true]);
while ($user = dba::fetch($stmt)) { while($user = dba::fetch($stmt)) {
dba::update('user', ['password' => User::hashPassword($user['password'])], ['uid' => $user['uid']]); dba::update('user', ['password' => User::hashPassword($user['password'])], ['uid' => $user['uid']]);
} }