[TASK] Make password hash selection an install tool preset 50/57850/18
authorChristian Kuhn <lolli@schwarzbu.ch>
Thu, 9 Aug 2018 22:41:39 +0000 (00:41 +0200)
committerChristian Kuhn <lolli@schwarzbu.ch>
Sat, 11 Aug 2018 16:22:26 +0000 (18:22 +0200)
commit4b695b64b494378a2fa5d00776459adfba13f847
tree0798ee3a478fd9bed6c7dbb035a8249700373f41
parentfbfcf1fb63eae4a2a2190a413c89ff00d0c4b794
[TASK] Make password hash selection an install tool preset

With this change, the password hash code in salted passwords is
reduced to the SaltFactory with two methods and the single hash
classes that implement SaltInterface without further public
methods. Everything else including the utility classes is
deprecated.
The change moves the LocalConfiguration.php config options around,
adds a settings preset for hash mechanism selection, adds according
silent upgrades, adds 'best available' hash mechanism selection
at installation time and drops the last saltedpasswords
ext_conf_template.txt option.

Details:
* Remove the password hash selection from saltedpasswords config
  namespace and put to TYPO3_CONF_VARS/BE/passwordHashing/className
  and TYPO3_CONF_VARS/FE/passwordHashing/className
* Move available password hash registry from
  TYPO3_CONF_VARS/SC_OPTIONS/ext/saltedpasswords/saltMethods
  to TYPO3_CONF_VARS/SYS/availablePasswordHashAlgorithms
* Add a setting preset to select one of argon2i (preferred),
  bcrypt, pbkdf2 or phpass (last fallback)
* Use 'best matching preset' during installation to select a good
  salt mechanism by default
* Silently upgrade existing password hash selection and upgrade
  to one of the four hash algorithms above
* Allow algorithm specific options in
  TYPO3_CONF_VARS/BE/passwordHashing/options and
  TYPO3_CONF_VARS/FE/passwordHashing/options for admins who
  know what they are doing and need to fiddle with hash details.
* Simplify and refactor the single password hash classes. Deprecate
  a huge list of methods along the way.

Change-Id: I773e2ee27a121c9f0d5302695ebf4aa561170400
Resolves: #85804
Resolves: #83760
Releases: master
Reviewed-on: https://review.typo3.org/57850
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
61 files changed:
typo3/sysext/core/Classes/Authentication/AuthenticationService.php
typo3/sysext/core/Classes/DataHandling/DataHandler.php
typo3/sysext/core/Configuration/DefaultConfiguration.php
typo3/sysext/core/Configuration/DefaultConfigurationDescription.yaml
typo3/sysext/core/Documentation/Changelog/master/Deprecation-85804-SaltedPasswordHashClassDeprecations.rst [new file with mode: 0644]
typo3/sysext/core/Tests/Unit/Authentication/AuthenticationServiceTest.php
typo3/sysext/install/Classes/Authentication/AuthenticationService.php
typo3/sysext/install/Classes/Configuration/FeatureManager.php
typo3/sysext/install/Classes/Configuration/Image/ImageFeature.php
typo3/sysext/install/Classes/Configuration/PasswordHashing/Argon2iPreset.php [new file with mode: 0644]
typo3/sysext/install/Classes/Configuration/PasswordHashing/BcryptPreset.php [new file with mode: 0644]
typo3/sysext/install/Classes/Configuration/PasswordHashing/CustomPreset.php [new file with mode: 0644]
typo3/sysext/install/Classes/Configuration/PasswordHashing/PasswordHashingFeature.php [new file with mode: 0644]
typo3/sysext/install/Classes/Configuration/PasswordHashing/Pbkdf2Preset.php [new file with mode: 0644]
typo3/sysext/install/Classes/Configuration/PasswordHashing/PhpassPreset.php [new file with mode: 0644]
typo3/sysext/install/Classes/Controller/InstallerController.php
typo3/sysext/install/Classes/Report/SecurityStatusReport.php
typo3/sysext/install/Classes/Service/SilentConfigurationUpgradeService.php
typo3/sysext/install/Configuration/ExtensionScanner/Php/ArrayDimensionMatcher.php
typo3/sysext/install/Configuration/ExtensionScanner/Php/ClassConstantMatcher.php
typo3/sysext/install/Configuration/ExtensionScanner/Php/ClassNameMatcher.php
typo3/sysext/install/Configuration/ExtensionScanner/Php/InterfaceMethodChangedMatcher.php
typo3/sysext/install/Configuration/ExtensionScanner/Php/MethodArgumentDroppedMatcher.php
typo3/sysext/install/Configuration/ExtensionScanner/Php/MethodCallMatcher.php
typo3/sysext/install/Resources/Private/Partials/Settings/Presets/PasswordHashing.html [new file with mode: 0644]
typo3/sysext/install/Resources/Private/Partials/Settings/Presets/PasswordHashing/Argon2i.html [new file with mode: 0644]
typo3/sysext/install/Resources/Private/Partials/Settings/Presets/PasswordHashing/Bcrypt.html [new file with mode: 0644]
typo3/sysext/install/Resources/Private/Partials/Settings/Presets/PasswordHashing/Custom.html [new file with mode: 0644]
typo3/sysext/install/Resources/Private/Partials/Settings/Presets/PasswordHashing/Pbkdf2.html [new file with mode: 0644]
typo3/sysext/install/Resources/Private/Partials/Settings/Presets/PasswordHashing/Phpass.html [new file with mode: 0644]
typo3/sysext/install/Tests/Unit/Service/SilentConfigurationUpgradeServiceTest.php
typo3/sysext/reports/Classes/Report/Status/SecurityStatus.php
typo3/sysext/saltedpasswords/Classes/Salt/AbstractComposedSalt.php
typo3/sysext/saltedpasswords/Classes/Salt/Argon2iSalt.php
typo3/sysext/saltedpasswords/Classes/Salt/BcryptSalt.php
typo3/sysext/saltedpasswords/Classes/Salt/BlowfishSalt.php
typo3/sysext/saltedpasswords/Classes/Salt/ComposedSaltInterface.php
typo3/sysext/saltedpasswords/Classes/Salt/Md5Salt.php
typo3/sysext/saltedpasswords/Classes/Salt/Pbkdf2Salt.php
typo3/sysext/saltedpasswords/Classes/Salt/PhpassSalt.php
typo3/sysext/saltedpasswords/Classes/Salt/SaltFactory.php
typo3/sysext/saltedpasswords/Classes/Salt/SaltInterface.php
typo3/sysext/saltedpasswords/Classes/Utility/ExtensionManagerConfigurationUtility.php
typo3/sysext/saltedpasswords/Classes/Utility/SaltedPasswordsUtility.php
typo3/sysext/saltedpasswords/Tests/Unit/Salt/Argon2iSaltTest.php
typo3/sysext/saltedpasswords/Tests/Unit/Salt/BcryptSaltTest.php
typo3/sysext/saltedpasswords/Tests/Unit/Salt/BlowfishSaltTest.php
typo3/sysext/saltedpasswords/Tests/Unit/Salt/Fixtures/TestSalt.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Tests/Unit/Salt/Md5SaltTest.php
typo3/sysext/saltedpasswords/Tests/Unit/Salt/Pbkdf2SaltTest.php
typo3/sysext/saltedpasswords/Tests/Unit/Salt/PhpassSaltTest.php
typo3/sysext/saltedpasswords/Tests/Unit/Salt/SaltFactoryTest.php
typo3/sysext/saltedpasswords/Tests/UnitDeprecated/Salt/Argon2iSaltTest.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Tests/UnitDeprecated/Salt/BcryptSaltTest.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Tests/UnitDeprecated/Salt/BlowfishSaltTest.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Tests/UnitDeprecated/Salt/Md5SaltTest.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Tests/UnitDeprecated/Salt/Pbkdf2SaltTest.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Tests/UnitDeprecated/Salt/PhpassSaltTest.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Tests/UnitDeprecated/Salt/SaltFactoryTest.php
typo3/sysext/saltedpasswords/ext_conf_template.txt [deleted file]
typo3/sysext/setup/Classes/Controller/SetupModuleController.php