[TASK] Add informational upgrade wizard for argon2i
[Packages/TYPO3.CMS.git] / typo3 / sysext / install / Classes / Updates / Argon2iPasswordHashes.php
1 <?php
2 declare(strict_types = 1);
3
4 namespace TYPO3\CMS\Install\Updates;
5
6 /*
7 * This file is part of the TYPO3 CMS project.
8 *
9 * It is free software; you can redistribute it and/or modify it under
10 * the terms of the GNU General Public License, either version 2
11 * of the License, or any later version.
12 *
13 * For the full copyright and license information, please read the
14 * LICENSE.txt file that was distributed with this source code.
15 *
16 * The TYPO3 project - inspiring people to share!
17 */
18
19 use TYPO3\CMS\Core\Crypto\PasswordHashing\Argon2iPasswordHash;
20 use TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashFactory;
21 use TYPO3\CMS\Core\Utility\GeneralUtility;
22
23 /**
24 * Informational upgrade wizard to remind upgrading instances
25 * may have to verify argon2i is available on the live servers
26 */
27 class Argon2iPasswordHashes implements UpgradeWizardInterface, ConfirmableInterface
28 {
29 protected $confirmation;
30
31 public function __construct()
32 {
33 $this->confirmation = new Confirmation(
34 'Please make sure to read the following carefully:',
35 $this->getDescription(),
36 false,
37 'Yes, I understand!',
38 '',
39 true
40 );
41 }
42
43 /**
44 * @return string Unique identifier of this updater
45 */
46 public function getIdentifier(): string
47 {
48 return 'argon2iPasswordHashes';
49 }
50
51 /**
52 * @return string Title of this updater
53 */
54 public function getTitle(): string
55 {
56 return 'Reminder to verify live system supports argon2i';
57 }
58
59 /**
60 * @return string Longer description of this updater
61 */
62 public function getDescription(): string
63 {
64 return 'TYPO3 uses the modern hash mechanism "argon2i" on this system. Existing passwords'
65 . ' will be automatically upgraded to this mechanism upon user login. If this instance'
66 . ' is later deployed to a different system, make sure the system does support argon2i'
67 . ' too, otherwise logins will fail. If that is not possible, select a different hash'
68 . ' algorithm in Setting > Presets > Password hashing settings and make sure no user'
69 . ' has been upgraded yet. This upgrade wizard exists only to inform you, it does not'
70 . ' change the system';
71 }
72
73 /**
74 * Checks whether updates are required.
75 *
76 * @return bool Whether an update is required (TRUE) or not (FALSE)
77 */
78 public function updateNecessary(): bool
79 {
80 $passwordHashFactory = GeneralUtility::makeInstance(PasswordHashFactory::class);
81 $feHash = $passwordHashFactory->getDefaultHashInstance('BE');
82 $beHash = $passwordHashFactory->getDefaultHashInstance('FE');
83 return $feHash instanceof Argon2iPasswordHash || $beHash instanceof Argon2iPasswordHash;
84 }
85
86 /**
87 * @return string[] All new fields and tables must exist
88 */
89 public function getPrerequisites(): array
90 {
91 return [
92 DatabaseUpdatedPrerequisite::class,
93 ];
94 }
95
96 /**
97 * This upgrade wizard has informational character only, it does not perform actions.
98 *
99 * @return bool Whether everything went smoothly or not
100 */
101 public function executeUpdate(): bool
102 {
103 return true;
104 }
105
106 /**
107 * Return a confirmation message instance
108 *
109 * @return \TYPO3\CMS\Install\Updates\Confirmation
110 */
111 public function getConfirmation(): Confirmation
112 {
113 return $this->confirmation;
114 }
115 }