From: Moritz Bunkus Date: Tue, 21 Jun 2011 06:51:43 +0000 (+0200) Subject: Fall 'kein Hash-Algorithmus angegeben' bei alten Passwörtern richtig behandeln X-Git-Tag: release-2.7.0beta1~376 X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=d3d6cb31bbeec3a6eba3ff41990a2748303f5851;p=kivitendo-erp.git Fall 'kein Hash-Algorithmus angegeben' bei alten Passwörtern richtig behandeln --- diff --git a/SL/Auth.pm b/SL/Auth.pm index 76414e877..e01af9107 100644 --- a/SL/Auth.pm +++ b/SL/Auth.pm @@ -165,8 +165,12 @@ sub authenticate { sub store_credentials_in_session { my ($self, %params) = @_; - $params{password} = SL::Auth::Password->hash_if_unhashed(login => $params{login}, password => $params{password}) - unless $self->{authenticator}->requires_cleartext_password; + if (!$self->{authenticator}->requires_cleartext_password) { + $params{password} = SL::Auth::Password->hash_if_unhashed(login => $params{login}, + password => $params{password}, + look_up_algorithm => 1, + auth => $self); + } $self->set_session_value(login => $params{login}, password => $params{password}); } @@ -177,6 +181,19 @@ sub store_root_credentials_in_session { $self->set_session_value(rpw => SL::Auth::Password->hash_if_unhashed(login => 'root', password => $rpw)); } +sub get_stored_password { + my ($self, $login) = @_; + + my $dbh = $self->dbconnect; + + return undef unless $dbh; + + my $query = qq|SELECT password FROM auth."user" WHERE login = ?|; + my ($stored_password) = $dbh->selectrow_array($query, undef, $login); + + return $stored_password; +} + sub dbconnect { $main::lxdebug->enter_sub(2); diff --git a/SL/Auth/DB.pm b/SL/Auth/DB.pm index 66d23cd27..520e3e272 100644 --- a/SL/Auth/DB.pm +++ b/SL/Auth/DB.pm @@ -32,15 +32,7 @@ sub authenticate { my $login = shift; my $password = shift; - my $dbh = $self->{auth}->dbconnect(); - - if (!$dbh) { - $main::lxdebug->leave_sub(); - return ERR_BACKEND; - } - - my $query = qq|SELECT password FROM auth."user" WHERE login = ?|; - my ($stored_password) = $dbh->selectrow_array($query, undef, $login); + my $stored_password = $self->{auth}->get_stored_password($login); my ($algorithm, $algorithm2); diff --git a/SL/Auth/Password.pm b/SL/Auth/Password.pm index 5a17203c5..5f876cec3 100644 --- a/SL/Auth/Password.pm +++ b/SL/Auth/Password.pm @@ -40,7 +40,15 @@ sub hash_if_unhashed { my ($algorithm, $password) = $class->parse($params{password}, 'NONE'); - return $algorithm eq 'NONE' ? $class->hash(%params) : $params{password}; + return $params{password} unless $algorithm eq 'NONE'; + + if ($params{look_up_algorithm}) { + my $stored_password = $params{auth}->get_stored_password($params{login}); + my ($stored_algorithm) = $class->parse($stored_password); + $params{algorithm} = $stored_algorithm; + } + + return $class->hash(%params); } sub parse { diff --git a/sql/Pg-upgrade2-auth/password_hashing.sql b/sql/Pg-upgrade2-auth/password_hashing.sql new file mode 100644 index 000000000..c1db61363 --- /dev/null +++ b/sql/Pg-upgrade2-auth/password_hashing.sql @@ -0,0 +1,9 @@ +-- @tag: password_hashing +-- @description: Explicitely set a password hashing algorithm +-- @depends: +-- @charset: utf-8 +UPDATE auth."user" + SET password = '{CRYPT}' || password + WHERE NOT (password IS NULL) + AND (password <> '') + AND NOT (password LIKE '{%}%');