[BUGFIX] Check default salting method first
[Packages/TYPO3.CMS.git] / typo3 / sysext / saltedpasswords / Classes / Salt / SaltFactory.php
index 43864a7..778ae3b 100644 (file)
@@ -50,14 +50,25 @@ class SaltFactory {
         * @return array
         */
        static public function getRegisteredSaltedHashingMethods() {
-               return array_merge(
-                       static::getDefaultSaltMethods(),
-                       (array) $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/saltedpasswords']['saltMethods']
-               );
+               $saltMethods = static::getDefaultSaltMethods();
+               if (isset($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/saltedpasswords']['saltMethods'])) {
+                       $configuredMethods = (array)$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/saltedpasswords']['saltMethods'];
+                       if (count($configuredMethods) > 0) {
+                               if (isset($configuredMethods[0])) {
+                                       // ensure the key of the array is not numeric, but a class name
+                                       foreach ($configuredMethods as $method) {
+                                               $saltMethods[$method] = $method;
+                                       }
+                               } else {
+                                       $saltMethods = array_merge($saltMethods, $configuredMethods);
+                               }
+                       }
+               }
+               return $saltMethods;
        }
 
        /**
-        * Returns an array with default salt methods.
+        * Returns an array with default salt method class names.
         *
         * @return array
         */
@@ -74,23 +85,23 @@ class SaltFactory {
         * Obtains a salting hashing method instance.
         *
         * This function will return an instance of a class that implements
-        * \TYPO3\CMS\Saltedpasswords\Salt\AbstractSalt
+        * \TYPO3\CMS\Saltedpasswords\Salt\SaltInterface
         *
         * Use parameter NULL to reset the factory!
         *
-        * @param string $saltedHash (optional) Salted hashed password to determine the type of used method from or NULL to reset the factory
-        * @param string $mode (optional) The TYPO3 mode (FE or BE) saltedpasswords shall be used for
-        * @return \TYPO3\CMS\Saltedpasswords\Salt\SaltInterface An instance of salting hashing method object
+        * @param string|NULL $saltedHash Salted hashed password to determine the type of used method from or NULL to reset to the default type
+        * @param string $mode The TYPO3 mode (FE or BE) saltedpasswords shall be used for
+        * @return SaltInterface An instance of salting hash method class
         */
        static public function getSaltingInstance($saltedHash = '', $mode = TYPO3_MODE) {
                // Creating new instance when
                // * no instance existing
                // * a salted hash given to determine salted hashing method from
                // * a NULL parameter given to reset instance back to default method
-               if (!is_object(self::$instance) || !empty($saltedHash) || is_NULL($saltedHash)) {
+               if (!is_object(self::$instance) || !empty($saltedHash) || $saltedHash === NULL) {
                        // Determine method by checking the given hash
                        if (!empty($saltedHash)) {
-                               $result = self::determineSaltingHashingMethod($saltedHash);
+                               $result = self::determineSaltingHashingMethod($saltedHash, $mode);
                                if (!$result) {
                                        self::$instance = NULL;
                                }
@@ -109,14 +120,20 @@ class SaltFactory {
         * Method implicitly sets the instance of the found method object in the class property when found.
         *
         * @param string $saltedHash
+        * @param string $mode (optional) The TYPO3 mode (FE or BE) saltedpasswords shall be used for
         * @return boolean TRUE, if salting hashing method has been found, otherwise FALSE
         */
-       static public function determineSaltingHashingMethod($saltedHash) {
-               $methodFound = FALSE;
+       static public function determineSaltingHashingMethod($saltedHash, $mode = TYPO3_MODE) {
                $registeredMethods = static::getRegisteredSaltedHashingMethods();
+               $defaultClassName = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::getDefaultSaltingHashingMethod($mode);
+               $defaultReference = $registeredMethods[$defaultClassName];
+               unset($registeredMethods[$defaultClassName]);
+               // place the default method first in the order
+               $registeredMethods = array($defaultClassName => $defaultReference) + $registeredMethods;
+               $methodFound = FALSE;
                foreach ($registeredMethods as $method) {
                        $objectInstance = \TYPO3\CMS\Core\Utility\GeneralUtility::getUserObj($method);
-                       if ($objectInstance instanceof \TYPO3\CMS\Saltedpasswords\Salt\SaltInterface) {
+                       if ($objectInstance instanceof SaltInterface) {
                                $methodFound = $objectInstance->isValidSaltedPW($saltedHash);
                                if ($methodFound) {
                                        self::$instance = $objectInstance;