Look for correct hashing to check if password is salted and set random password

0a9cd4f4 · Thomas Löffler · 483a0763 · 0a9cd4f4 · 0a9cd4f4
Commit 0a9cd4f4 authored Aug 04, 2019 by Thomas Löffler
--- a/extensions/t3o_ldap/Classes/Connectors/Ldap.php
+++ b/extensions/t3o_ldap/Classes/Connectors/Ldap.php
@@ -545,19 +545,17 @@ class Ldap implements \Psr\Log\LoggerAwareInterface
     * @param string $passwordString The password string
     * @return bool
     */
-    private function isSaltedPassword($passwordString)
+    private function isSaltedPassword(string $passwordString): bool
    {
-        $ret = false;
-        if ($passwordString !== '') {
-            $saltedHashingMethods = \TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashFactory::getRegisteredSaltedHashingMethods();
-            foreach ($saltedHashingMethods as $saltedHashingMethod) {
-                /** @var \TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface $method */
-                $method = GeneralUtility::makeInstance($saltedHashingMethod);
-                if ($method->isAvailable() && $method->isValidSaltedPW($passwordString)) {
-                    return true;
-                }
-            }
+        $isSalted = false;
+        try {
+            GeneralUtility::makeInstance(\TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashFactory::class)->get($passwordString, 'FE');
+            $isSalted = true;
+        } catch (\TYPO3\CMS\Core\Crypto\PasswordHashing\InvalidPasswordHashException $e) {
+
        }
+
+        return $isSalted;
    }

    /**

--- a/extensions/t3omy/Classes/Hooks/FeManagerHooks.php
+++ b/extensions/t3omy/Classes/Hooks/FeManagerHooks.php
@@ -173,6 +173,7 @@ class FeManagerHooks
        $plainTextPassword = '';
        if ($user->_isDirty('password') && $user->getPassword() !== '') {
            $plainTextPassword = $user->getPassword();
+            $user->setPassword($this->getRandomPassword());
            \In2code\Femanager\Utility\UserUtility::convertPassword($user, '');
        }
        $this->ldapUserCreateUpdateDelete->updateUser($user, true, $plainTextPassword);
@@ -222,6 +223,7 @@ class FeManagerHooks
            $objectManager = GeneralUtility::makeInstance(ObjectManager::class);
            $userRepository = $objectManager->get(\In2code\Femanager\Domain\Repository\UserRepository::class);
            $plainTextPassword = $user->getPassword();
+            $user->setPassword($this->getRandomPassword());
            \In2code\Femanager\Utility\UserUtility::hashPassword($user, '');
            $userRepository->add($user);
            $this->persistenceManager->persistAll();
@@ -328,6 +330,11 @@ class FeManagerHooks
        return true;
    }

+    private function getRandomPassword(): string
+    {
+        return GeneralUtility::makeInstance(\TYPO3\CMS\Core\Crypto\Random::class)->generateRandomHexString(20);
+    }
+
    /**
     * @return string
     */