• Christian Kuhn's avatar
    [TASK] Make password hash selection an install tool preset · 4b695b64
    Christian Kuhn authored
    With this change, the password hash code in salted passwords is
    reduced to the SaltFactory with two methods and the single hash
    classes that implement SaltInterface without further public
    methods. Everything else including the utility classes is
    The change moves the LocalConfiguration.php config options around,
    adds a settings preset for hash mechanism selection, adds according
    silent upgrades, adds 'best available' hash mechanism selection
    at installation time and drops the last saltedpasswords
    ext_conf_template.txt option.
    * Remove the password hash selection from saltedpasswords config
      namespace and put to TYPO3_CONF_VARS/BE/passwordHashing/className
      and TYPO3_CONF_VARS/FE/passwordHashing/className
    * Move available password hash registry from
      to TYPO3_CONF_VARS/SYS/availablePasswordHashAlgorithms
    * Add a setting preset to select one of argon2i (preferred),
      bcrypt, pbkdf2 or phpass (last fallback)
    * Use 'best matching preset' during installation to select a good
      salt mechanism by default
    * Silently upgrade existing password hash selection and upgrade
      to one of the four hash algorithms above
    * Allow algorithm specific options in
      TYPO3_CONF_VARS/BE/passwordHashing/options and
      TYPO3_CONF_VARS/FE/passwordHashing/options for admins who
      know what they are doing and need to fiddle with hash details.
    * Simplify and refactor the single password hash classes. Deprecate
      a huge list of methods along the way.
    Change-Id: I773e2ee27a121c9f0d5302695ebf4aa561170400
    Resolves: #85804
    Resolves: #83760
    Releases: master
    Reviewed-on: https://review.typo3.org/57850
    Tested-by: default avatarTYPO3com <no-reply@typo3.com>
    Reviewed-by: Benni Mack's avatarBenni Mack <benni@typo3.org>
    Tested-by: Benni Mack's avatarBenni Mack <benni@typo3.org>
    Reviewed-by: Andreas Fernandez's avatarAndreas Fernandez <a.fernandez@scripting-base.de>
    Tested-by: Andreas Fernandez's avatarAndreas Fernandez <a.fernandez@scripting-base.de>
    Reviewed-by: Christian Kuhn's avatarChristian Kuhn <lolli@schwarzbu.ch>
    Tested-by: Christian Kuhn's avatarChristian Kuhn <lolli@schwarzbu.ch>