[FEATURE] Create BE-user in installation wizard with a salted password 38/22738/7
authorNicole Cordes <typo3@cordes.co>
Wed, 31 Jul 2013 21:55:33 +0000 (23:55 +0200)
committerWouter Wolters <typo3@wouterwolters.nl>
Tue, 27 Aug 2013 20:56:38 +0000 (22:56 +0200)
In the installation wizard (123 steps) the admin user is created with a
md5 hashed password. For security reason this should be changed to a
salted password. As this function is used in #31407 as well it was
refactored to the AbstractAction class.

Resolves: #50612
Releases: 6.2
Change-Id: Ide966eb1c1e05d2190f0d22446bc2b3e92643451
Reviewed-on: https://review.typo3.org/22738
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
Reviewed-by: Stefan Neufeind
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
typo3/sysext/install/Classes/Controller/Action/AbstractAction.php
typo3/sysext/install/Classes/Controller/Action/Step/DatabaseData.php
typo3/sysext/install/Classes/Controller/Action/Tool/ImportantActions.php

index 43e0254..bb3ef82 100644 (file)
@@ -215,5 +215,16 @@ abstract class AbstractAction {
                        ->initializeTypo3DbGlobal()
                        ->loadExtensionTables(FALSE);
        }
+
+       /**
+        * This function returns a salted hashed key.
+        *
+        * @param string $password
+        * @return string
+        */
+       protected function getHashedPassword($password) {
+               $saltFactory = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL, 'BE');
+               return $saltFactory->getHashedPassword($password);
+       }
 }
-?>
\ No newline at end of file
+?>
index f914d95..0124d4e 100644 (file)
@@ -67,11 +67,10 @@ class DatabaseData extends Action\AbstractAction implements StepInterface {
                $this->importDatabaseData();
 
                // Insert admin user
-               // Password is simple md5 here for now, will be updated by saltedpasswords on first login
-               // @TODO: Handle saltedpasswords in installer and store password salted in the first place
+               $hashedPassword = $this->getHashedPassword($password);
                $adminUserFields = array(
                        'username' => $username,
-                       'password' => md5($password),
+                       'password' => $hashedPassword,
                        'admin' => 1,
                        'tstamp' => $GLOBALS['EXEC_TIME'],
                        'crdate' => $GLOBALS['EXEC_TIME']
index ae6134a..fed62ff 100644 (file)
@@ -218,9 +218,7 @@ class ImportantActions extends Action\AbstractAction implements Action\ActionInt
                                $message->setTitle('Administrator user not created');
                                $message->setMessage('A user with username ' . $username . ' exists already.');
                        } else {
-                               $saltFactory = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL, 'BE');
-                               $hashedPassword = $saltFactory->getHashedPassword($password);
-
+                               $hashedPassword = $this->getHashedPassword($password);
                                $adminUserFields = array(
                                        'username' => $username,
                                        'password' => $hashedPassword,