[BUGFIX] Ensure salted passwords are written to DB 09/36409/2
authorMarkus Klein <klein.t3@reelworx.at>
Sun, 21 Dec 2014 13:43:45 +0000 (14:43 +0100)
committerBenjamin Mack <benni@typo3.org>
Fri, 30 Jan 2015 11:32:44 +0000 (12:32 +0100)
Ensure that salted passwords are written to DB also when importing
data from t3d files.

Resolves: #61506
Releases: master, 6.2
Change-Id: Ia3ec443def54dcc98d12784da17e7abb6243c8f9
Reviewed-on: http://review.typo3.org/36409
Reviewed-by: Benjamin Mack <benni@typo3.org>
Tested-by: Benjamin Mack <benni@typo3.org>
typo3/sysext/core/Classes/DataHandling/DataHandler.php
typo3/sysext/saltedpasswords/Classes/Evaluation/Evaluator.php
typo3/sysext/saltedpasswords/Tests/Unit/Evaluation/EvaluatorTest.php

index b10c076..a21f352 100644 (file)
@@ -2460,7 +2460,7 @@ class DataHandler {
                                        break;
                                case 'required':
                                        if (!$value) {
-                                               $set = 0;
+                                               $set = FALSE;
                                        }
                                        break;
                                default:
index d083f42..d56983b 100644 (file)
@@ -47,14 +47,12 @@ class Evaluator {
         *
         * @param mixed $value The value that has to be checked.
         * @param string $is_in Is-In String
-        * @param integer $set Determines if the field can be set (value correct) or not, e.g. if input is required but the value is empty, then $set should be set to FALSE. (PASSED BY REFERENCE!)
-        * @return The new value of the field
-        * @todo Define visibility
+        * @param bool $set Determines if the field can be set (value correct) or not, e.g. if input is required but the value is empty, then $set should be set to FALSE. (PASSED BY REFERENCE!)
+        * @return string The new value of the field
         */
        public function evaluateFieldValue($value, $is_in, &$set) {
                $isEnabled = $this->mode ? \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled($this->mode) : \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled();
                if ($isEnabled) {
-                       $set = FALSE;
                        $isMD5 = preg_match('/[0-9abcdef]{32,32}/', $value);
                        $isDeprecatedSaltedHash = \TYPO3\CMS\Core\Utility\GeneralUtility::inList('C$,M$', substr($value, 0, 2));
                        /** @var $objInstanceSaltedPW \TYPO3\CMS\Saltedpasswords\Salt\SaltInterface */
index 9b9ea84..1375f9f 100644 (file)
@@ -14,6 +14,9 @@ namespace TYPO3\CMS\Saltedpasswords\Tests\Unit\Evaluation;
  * The TYPO3 project - inspiring people to share!
  */
 
+use TYPO3\CMS\Core\Utility\GeneralUtility;
+use TYPO3\CMS\Saltedpasswords\Evaluation\Evaluator;
+
 /**
  * Testcase for SaltedPasswordsUtility
  *
@@ -22,12 +25,15 @@ namespace TYPO3\CMS\Saltedpasswords\Tests\Unit\Evaluation;
 class EvaluatorTest extends \TYPO3\CMS\Core\Tests\UnitTestCase {
 
        /**
-        * @var \TYPO3\CMS\Saltedpasswords\Evaluation\Evaluator
+        * @var Evaluator
         */
-       protected $fixture;
+       protected $subject;
 
+       /**
+        * Set up the a test
+        */
        public function setUp() {
-               $this->fixture = $this->getMock('TYPO3\\CMS\\Saltedpasswords\\Evaluation\\Evaluator', array('dummy'));
+               $this->subject = $this->getMock('TYPO3\\CMS\\Saltedpasswords\\Evaluation\\Evaluator', array('dummy'));
 
                // Make sure SaltedPasswordsUtility::isUsageEnabled() returns TRUE
                unset($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords']);
@@ -40,10 +46,10 @@ class EvaluatorTest extends \TYPO3\CMS\Core\Tests\UnitTestCase {
        public function passwordIsTurnedIntoSaltedString() {
                $isSet = NULL;
                $originalPassword = 'password';
-               $saltedPassword = $this->fixture->evaluateFieldValue($originalPassword, '', $isSet);
+               $saltedPassword = $this->subject->evaluateFieldValue($originalPassword, '', $isSet);
                $this->assertTrue($isSet);
                $this->assertNotEquals($originalPassword, $saltedPassword);
-               $this->assertTrue(\TYPO3\CMS\Core\Utility\GeneralUtility::inList('$1$,$2$,$2a,$P$', substr($saltedPassword, 0, 3)));
+               $this->assertTrue(GeneralUtility::inList('$1$,$2$,$2a,$P$', substr($saltedPassword, 0, 3)));
        }
 
        /**
@@ -52,10 +58,10 @@ class EvaluatorTest extends \TYPO3\CMS\Core\Tests\UnitTestCase {
        public function md5HashIsUpdatedToTemporarySaltedString() {
                $isSet = NULL;
                $originalPassword = '5f4dcc3b5aa765d61d8327deb882cf99';
-               $saltedPassword = $this->fixture->evaluateFieldValue($originalPassword, '', $isSet);
+               $saltedPassword = $this->subject->evaluateFieldValue($originalPassword, '', $isSet);
                $this->assertTrue($isSet);
                $this->assertNotEquals($originalPassword, $saltedPassword);
-               $this->assertTrue(\TYPO3\CMS\Core\Utility\GeneralUtility::isFirstPartOfStr($saltedPassword, 'M$'));
+               $this->assertTrue(GeneralUtility::isFirstPartOfStr($saltedPassword, 'M$'));
        }
 
        /**
@@ -64,8 +70,8 @@ class EvaluatorTest extends \TYPO3\CMS\Core\Tests\UnitTestCase {
        public function temporarySaltedStringIsNotTouched() {
                $isSet = NULL;
                $originalPassword = 'M$P$CibIRipvLfaPlaaeH8ifu9g21BrPjp.';
-               $saltedPassword = $this->fixture->evaluateFieldValue($originalPassword, '', $isSet);
-               $this->assertFalse($isSet);
+               $saltedPassword = $this->subject->evaluateFieldValue($originalPassword, '', $isSet);
+               $this->assertSame(NULL, $isSet);
                $this->assertSame($originalPassword, $saltedPassword);
        }
 }