-
Christian Kuhn authored
With this change, the password hash code in salted passwords is reduced to the SaltFactory with two methods and the single hash classes that implement SaltInterface without further public methods. Everything else including the utility classes is deprecated. The change moves the LocalConfiguration.php config options around, adds a settings preset for hash mechanism selection, adds according silent upgrades, adds 'best available' hash mechanism selection at installation time and drops the last saltedpasswords ext_conf_template.txt option. Details: * Remove the password hash selection from saltedpasswords config namespace and put to TYPO3_CONF_VARS/BE/passwordHashing/className and TYPO3_CONF_VARS/FE/passwordHashing/className * Move available password hash registry from TYPO3_CONF_VARS/SC_OPTIONS/ext/saltedpasswords/saltMethods to TYPO3_CONF_VARS/SYS/availablePasswordHashAlgorithms * Add a setting preset to select one of argon2i (preferred), bcrypt, pbkdf2 or phpass (last fallback) * Use 'best matching preset' during installation to select a good salt mechanism by default * Silently upgrade existing password hash selection and upgrade to one of the four hash algorithms above * Allow algorithm specific options in TYPO3_CONF_VARS/BE/passwordHashing/options and TYPO3_CONF_VARS/FE/passwordHashing/options for admins who know what they are doing and need to fiddle with hash details. * Simplify and refactor the single password hash classes. Deprecate a huge list of methods along the way. Change-Id: I773e2ee27a121c9f0d5302695ebf4aa561170400 Resolves: #85804 Resolves: #83760 Releases: master Reviewed-on: https://review.typo3.org/57850 Tested-by:
TYPO3com <no-reply@typo3.com> Reviewed-by:
Benni Mack <benni@typo3.org> Tested-by:
Andreas Fernandez <a.fernandez@scripting-base.de> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Tested-by:
4b695b64
