[FEATURE] Create BE-user in Install Tool with a salted password 76/22676/3
authorWouter Wolters <typo3@wouterwolters.nl>
Mon, 29 Jul 2013 22:31:23 +0000 (00:31 +0200)
committerNicole Cordes <typo3@cordes.co>
Wed, 31 Jul 2013 22:08:54 +0000 (00:08 +0200)
Introduce the possibility to salt the password when creating
a new Backend User in the Install Tool. When Saltedpasswords
is installed and backend usage is enabled the password will
be salted with saltedpasswords. Otherwise the md5 hashing method
is still used.

Change-Id: I30b2fab2c4158c878e849f061f0d464b501b62bc
Resolves: #31407
Releases: 6.2
Reviewed-on: https://review.typo3.org/22676
Reviewed-by: Nicole Cordes
Tested-by: Nicole Cordes
typo3/sysext/install/Classes/Controller/Action/Tool/ImportantActions.php

index 5fa57aa..a075ae9 100644 (file)
@@ -218,10 +218,21 @@ class ImportantActions extends Action\AbstractAction implements Action\ActionInt
                                $message->setTitle('Administrator user not created');
                                $message->setMessage('A user with username ' . $username . ' exists already.');
                        } else {
-                               // @TODO: Handle saltedpasswords in installer and store password salted in the first place
+                               if (
+                                       \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('saltedpasswords')
+                                       && \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled('BE')
+                               ) {
+                                       // Needed to initialize the "saltMethods", which are defined in ext_localconf.php
+                                       require(\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::extPath('saltedpasswords') . 'ext_localconf.php');
+                                       $saltFactory = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL, 'BE');
+                                       $hashedPassword = $saltFactory->getHashedPassword($password);
+                               } else {
+                                       $hashedPassword = md5($password);
+                               }
+
                                $adminUserFields = array(
                                        'username' => $username,
-                                       'password' => md5($password),
+                                       'password' => $hashedPassword,
                                        'admin' => 1,
                                        'tstamp' => $GLOBALS['EXEC_TIME'],
                                        'crdate' => $GLOBALS['EXEC_TIME']