[TASK] Mitigate argon2i hash issues 02/58402/4
authorChristian Kuhn <lolli@schwarzbu.ch>
Wed, 26 Sep 2018 17:30:55 +0000 (19:30 +0200)
committerFrank Naegler <frank.naegler@typo3.org>
Thu, 27 Sep 2018 13:01:50 +0000 (15:01 +0200)
commitc7cb49521f7766c6023035e3add418b999428df5
tree492d2ab4d974f45e20176b1be9305c728a2e00f7
parent7e984cd146980684203749fed37b313aa969f8e2
[TASK] Mitigate argon2i hash issues

* Let the "stored hash uses not supported mechanism" bubble up.
  Instead of just a "login failed", an error is raised hinting
  that something is broken.
* Improve exception message #1533818591: If an upgrade or new
  installation has been performed on a system that does support
  argon2i, users are upgraded to this mechanism. If the instance
  is later deployed to a server that does not support argon2i, the
  hash comparison will fail.
* Improve exception message #1533822084: This one is usually only
  raised if a core upgrade from v8 to v9 has just been performed on
  an instance that does not support argon2i, and a backend login is
  executed before the install tool silent configuration upgrader
  configured the system properly.
* Wiki pages with more details:
  https://wiki.typo3.org/Exception/CMS/1533818591
  https://wiki.typo3.org/Exception/CMS/1533822084

Resolves: #86392
Releases: master
Change-Id: I51e4ee9a198b9b92feec43c37a8b6b9b41c1b6f9
Reviewed-on: https://review.typo3.org/58402
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Frank Naegler <frank.naegler@typo3.org>
Tested-by: Frank Naegler <frank.naegler@typo3.org>
typo3/sysext/core/Classes/Authentication/AuthenticationService.php
typo3/sysext/core/Classes/Crypto/PasswordHashing/PasswordHashFactory.php
typo3/sysext/core/Tests/Unit/Authentication/AuthenticationServiceTest.php
typo3/sysext/install/Classes/Authentication/AuthenticationService.php