Commit 4b695b64 authored by Christian Kuhn's avatar Christian Kuhn
Browse files

[TASK] Make password hash selection an install tool preset

With this change, the password hash code in salted passwords is
reduced to the SaltFactory with two methods and the single hash
classes that implement SaltInterface without further public
methods. Everything else including the utility classes is
deprecated.
The change moves the LocalConfiguration.php config options around,
adds a settings preset for hash mechanism selection, adds according
silent upgrades, adds 'best available' hash mechanism selection
at installation time and drops the last saltedpasswords
ext_conf_template.txt option.

Details:
* Remove the password hash selection from saltedpasswords config
  namespace and put to TYPO3_CONF_VARS/BE/passwordHashing/className
  and TYPO3_CONF_VARS/FE/passwordHashing/className
* Move available password hash registry from
  TYPO3_CONF_VARS/SC_OPTIONS/ext/saltedpasswords/saltMethods
  to TYPO3_CONF_VARS/SYS/availablePasswordHashAlgorithms
* Add a setting preset to select one of argon2i (preferred),
  bcrypt, pbkdf2 or phpass (last fallback)
* Use 'best matching preset' during installation to select a good
  salt mechanism by default
* Silently upgrade existing password hash selection and upgrade
  to one of the four hash algorithms above
* Allow algorithm specific options in
  TYPO3_CONF_VARS/BE/passwordHashing/options and
  TYPO3_CONF_VARS/FE/passwordHashing/options for admins who
  know what they are doing and need to fiddle with hash details.
* Simplify and refactor the single password hash classes. Deprecate
  a huge list of methods along the way.

Change-Id: I773e2ee27a121c9f0d5302695ebf4aa561170400
Resolves: #85804
Resolves: #83760
Releases: master
Reviewed-on: https://review.typo3.org/57850


Tested-by: default avatarTYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack's avatarBenni Mack <benni@typo3.org>
Tested-by: Benni Mack's avatarBenni Mack <benni@typo3.org>
Reviewed-by: Andreas Fernandez's avatarAndreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Andreas Fernandez's avatarAndreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Christian Kuhn's avatarChristian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn's avatarChristian Kuhn <lolli@schwarzbu.ch>
parent fbfcf1fb
......@@ -122,7 +122,7 @@ class AuthenticationService extends AbstractAuthenticationService
// Get a hashed password instance for the hash stored in db of this user
try {
$hashInstance = $saltFactory->get($passwordHashInDatabase);
$hashInstance = $saltFactory->get($passwordHashInDatabase, TYPO3_MODE);
} catch (InvalidSaltException $e) {
// This can be refactored if the 'else' part below is gone in v10: Log and return 100 here
$hashInstance = null;
......@@ -158,7 +158,7 @@ class AuthenticationService extends AbstractAuthenticationService
// upgraded to a salted md5 using the old salted passwords scheduler task.
// See if a salt instance is returned if we cut off the M, so Md5Salt kicks in
try {
$hashInstance = $saltFactory->get(substr($passwordHashInDatabase, 1));
$hashInstance = $saltFactory->get(substr($passwordHashInDatabase, 1), TYPO3_MODE);
$isSaltedPassword = true;
$isValidPassword = $hashInstance->checkPassword(md5($submittedPassword), substr($passwordHashInDatabase, 1));
if ($isValidPassword) {
......
......@@ -2960,16 +2960,13 @@ class DataHandler implements LoggerAwareInterface
$isDeprecatedSaltedHash = $hashMethod === 'M$';
$tempValue = $isDeprecatedSaltedHash ? substr($value, 1) : $value;
$hashFactory = GeneralUtility::makeInstance(SaltFactory::class);
$mode = $table === 'fe_users' ? 'FE' : 'BE';
try {
$hashFactory->get($tempValue);
$hashFactory->get($tempValue, $mode);
} catch (InvalidSaltException $e) {
// We got no salted password instance, incoming value must be a new plaintext password
// Get an instance of the current configured salted password strategy and hash the value
if ($table === 'fe_users') {
$newHashInstance = $hashFactory->getDefaultHashInstance('FE');
} else {
$newHashInstance = $hashFactory->getDefaultHashInstance('BE');
}
$newHashInstance = $hashFactory->getDefaultHashInstance($mode);
$value = $newHashInstance->getHashedPassword($value);
}
break;
......
......@@ -104,6 +104,14 @@ return [
'reverseProxyPrefix' => '',
'reverseProxySSL' => '',
'reverseProxyPrefixSSL' => '',
'availablePasswordHashAlgorithms' => [
\TYPO3\CMS\Saltedpasswords\Salt\Argon2iSalt::class,
\TYPO3\CMS\Saltedpasswords\Salt\BcryptSalt::class,
\TYPO3\CMS\Saltedpasswords\Salt\Pbkdf2Salt::class,
\TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::class,
\TYPO3\CMS\Saltedpasswords\Salt\BlowfishSalt::class,
\TYPO3\CMS\Saltedpasswords\Salt\Md5Salt::class,
],
'caching' => [
'cacheConfigurations' => [
// The cache_core cache is is for core php code only and must
......@@ -1214,6 +1222,10 @@ return [
'Headers' => ['clickJackingProtection' => 'X-Frame-Options: SAMEORIGIN']
]
],
'passwordHashing' => [
'className' => \TYPO3\CMS\Saltedpasswords\Salt\Argon2iSalt::class,
'options' => [],
],
],
'FE' => [ // Configuration for the TypoScript frontend (FE). Nothing here relates to the administration backend!
'addAllowedPaths' => '',
......@@ -1270,6 +1282,10 @@ return [
'record' => \TYPO3\CMS\Frontend\Typolink\DatabaseRecordLinkBuilder::class,
'unknown' => \TYPO3\CMS\Frontend\Typolink\LegacyLinkBuilder::class,
],
'passwordHashing' => [
'className' => \TYPO3\CMS\Saltedpasswords\Salt\Argon2iSalt::class,
'options' => [],
],
],
'MAIL' => [ // Mail configurations to tune how \TYPO3\CMS\Core\Mail\ classes will send their mails.
'transport' => 'mail',
......
......@@ -218,6 +218,9 @@ SYS:
unifiedPageTranslationHandling:
type: bool
description: 'If activated, TCA configuration for pages_language_overlay will never be loaded, and the database table "pages_language_overlay" will not be created.'
availablePasswordHashAlgorithms:
type: array
description: 'A list of available password hash mechanisms. Extensions may register additional mechanisms here. This is usually not extended in LocalConfiguration.php.'
EXT:
type: container
description: 'Extension Installation'
......@@ -351,6 +354,19 @@ BE:
debug:
type: bool
description: 'If enabled, the loginrefresh is disabled and pageRenderer is set to debug mode. Furthermore the fieldname is appended to the label of fields. Use this to debug the backend only!'
passwordHashing:
type: container
items:
className:
type: dropdown
allowedValues:
'TYPO3\CMS\Saltedpasswords\Salt\Argon2iSalt': 'Good password hash mechanism. Used by default if available.'
'TYPO3\CMS\Saltedpasswords\Salt\BcryptSalt': 'Good password hash mechanism.'
'TYPO3\CMS\Saltedpasswords\Salt\Pbkdf2Salt': 'Fallback hash mechanism if argon and bcrypt are not available.'
'TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt': 'Fallback hash mechanism if none of the above are avalaible.'
options:
type: array
description: 'Special settings for specific hashes.'
FE:
type: container
description: 'Frontend'
......@@ -478,6 +494,19 @@ FE:
Allows to automatically include a version number (timestamp of the file) to referred CSS and JS filenames
on the rendered page. This will make browsers and proxies reload the files if they change (thus avoiding caching issues).
<strong>IMPORTANT</strong>: ''embed'' requires extra <code>.htaccess</code> rules to work (please refer to the <code>_.htaccess</code> file shipped with TYPO3)'
passwordHashing:
type: container
items:
className:
type: dropdown
allowedValues:
'TYPO3\CMS\Saltedpasswords\Salt\Argon2iSalt': 'Good password hash mechanism. Used by default if available.'
'TYPO3\CMS\Saltedpasswords\Salt\BcryptSalt': 'Good password hash mechanism.'
'TYPO3\CMS\Saltedpasswords\Salt\Pbkdf2Salt': 'Fallback hash mechanism if argon and bcrypt are not available.'
'TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt': 'Fallback hash mechanism if none of the above are avalaible.'
options:
type: array
description: 'Special settings for specific hashes.'
MAIL:
type: container
description: 'Mail'
......
.. include:: ../../Includes.txt
=============================================================
Deprecation: #85804 - Salted password hash class deprecations
=============================================================
See :issue:`85804`
Description
===========
Selecting the hash algorithm used to store frontend and backend user hashes is
now a "preset" and can be changed using "Admin tools" -> "Settings" -> "Configuration Presets".
Existing settings are updated automatically when upgrading from an older TYPO3 version to
core version v9. The detail list below is only interesting for instances that need to
run custom hash mechanisms.
The password hash mechanism used for backend user passwords has been moved from
:php:`$GLOBALS['TYPO3_CONF_VARS']['EXTENSIONS']['saltedpasswords']['BE']['saltedPWHashingMethod']
to :php:`$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordHashing']['className']. Options for a specific
hash algorithms can be defined using :php:`$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordHashing']['options'].
The password hash mechanism used for frontend user passwords has been moved from
:php:`$GLOBALS['TYPO3_CONF_VARS']['EXTENSIONS']['saltedpasswords']['FE']['saltedPWHashingMethod']
to :php:`$GLOBALS['TYPO3_CONF_VARS']['FE']['passwordHashing']['className']. Options for a specific
hash algorithms can be defined using :php:`$GLOBALS['TYPO3_CONF_VARS']['FE']['passwordHashing']['options'].
Custom password hash algorithms should now be registered in
:php:`$GLOBALS['TYPO3_CONF_VARS']['SYS']['availablePasswordHashAlgorithms']`, using
:php:`$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/saltedpasswords']['saltMethods']` has been deprecated.
These interfaces and classes have been deprecated and should not be implemented any longer:
* :php:`TYPO3\CMS\Saltedpasswords\Salt\ComposedSaltInterface`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\AbstractComposedSalt`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\Utility\ExtensionManagerConfigurationUtility`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\Utility\SaltedPasswordsUtility`
An interface has been changed:
* :php:`TYPO3\CMS\Saltedpasswords\Salt\SaltInterface->getHashedPassword(string $password)` - The
second argument has been dropped. Classes implementing the interface should remove the second argument.
These methods have been deprecated:
* :php:`TYPO3\CMS\Saltedpasswords\Salt\Argon2iSalt->getOptions()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\Argon2iSalt->setOptions()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\BcryptSalt->getOptions()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\BcryptSalt->setOptions()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\BlowfishSalt->getHashCount()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\BlowfishSalt->getMaxHashCount()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\BlowfishSalt->getMinHashCount()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\BlowfishSalt->getSaltLength()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\BlowfishSalt->getSetting()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\BlowfishSalt->setHashCount()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\BlowfishSalt->setMaxHashCount()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\BlowfishSalt->setMinHashCount()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\Md5Salt->getSetting()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\Md5Salt->getSaltLength()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\Pbkdf2Salt->getHashCount()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\Pbkdf2Salt->getMaxHashCount()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\Pbkdf2Salt->getMinHashCount()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\Pbkdf2Salt->getSaltLength()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\Pbkdf2Salt->getSetting()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\Pbkdf2Salt->setHashCount()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\Pbkdf2Salt->setMaxHashCount()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\Pbkdf2Salt->setMinHashCount()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt->getHashCount()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt->getMaxHashCount()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt->getMinHashCount()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt->getSaltLength()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt->getSetting()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt->setHashCount()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt->setMaxHashCount()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt->setMinHashCount()`
These methods changed their signature:
* :php:`TYPO3\CMS\Saltedpasswords\Salt\BlowfishSalt->getHashedPassword()` - Second argument deprecated
* :php:`TYPO3\CMS\Saltedpasswords\Salt\Md5Salt->getHashedPassword()` - Second argument deprecated
* :php:`TYPO3\CMS\Saltedpasswords\Salt\Pbkdf2Salt->getHashedPassword()` - Second argument deprecated
* :php:`TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt->getHashedPassword()` - Second argument deprecated
These methods changed their visibility from public to protected:
* :php:`TYPO3\CMS\Saltedpasswords\Salt\BlowfishSalt->isValidSalt()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\BlowfishSalt->base64Encode()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\Md5Salt->isValidSalt()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\Md5Salt->base64Encode()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\Pbkdf2Salt->isValidSalt()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\Pbkdf2Salt->base64Encode()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\Pbkdf2Salt->base64Decode()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt->isValidSalt()`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt->base64Encode()`
These class constants have been deprecated and will be removed in v10:
* :php:`TYPO3\CMS\Saltedpasswords\Salt\BlowfishSalt::ITOA64`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\BlowfishSalt::HASH_COUNT`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\BlowfishSalt::MAX_HASH_COUNT`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\BlowfishSalt::MIN_HASH_COUNT`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\Md5Salt::ITOA64`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\Pbkdf2Salt::ITOA64`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\Pbkdf2Salt::HASH_COUNT`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\Pbkdf2Salt::MAX_HASH_COUNT`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\Pbkdf2Salt::MIN_HASH_COUNT`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::ITOA64`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::HASH_COUNT`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::MAX_HASH_COUNT`
* :php:`TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::MIN_HASH_COUNT`
Impact
======
Using functionality from the above list will log deprecation log entries.
Affected Installations
======================
Almost all TYPO3 instances are not directly affected by the changes outlined above. A configuration
upgrade is in place to move from old to new settings when calling the install tool the first time
after upgrade without further user interaction.
If in rare cases an existing TYPO3 instances runs custom salt mechanisms, the extension scanner
will find affected code places that should be adapted.
Migration
=========
If the extension scanner finds affected code, adapt the method calls, class constant usages and interface usages.
.. index:: PHP-API, FullyScanned, ext:saltedpasswords
\ No newline at end of file
......@@ -192,8 +192,8 @@ class AuthenticationServiceTest extends UnitTestCase
$pObjProphecy->reveal()
);
$dbUser = [
// an phpass hash of 'myPassword'
'password' => '$P$C/2Vr3ywuuPo5C7cs75YBnVhgBWpMP1',
// an argon2i hash of 'myPassword'
'password' => '$argon2i$v=19$m=16384,t=16,p=2$Ty9zOFVWdDBVQmlWTldVbg$kiVbkrYeTvgNg84i97WZBMQszmza66IohBxUtOnzRvU',
'lockToDomain' => ''
];
$this->assertSame(200, $subject->authUser($dbUser));
......@@ -225,8 +225,8 @@ class AuthenticationServiceTest extends UnitTestCase
$pObjProphecy->reveal()
);
$dbUser = [
// an phpass hash of 'myPassword'
'password' => '$P$C/2Vr3ywuuPo5C7cs75YBnVhgBWpMP1',
// an argon2i hash of 'myPassword'
'password' => '$argon2i$v=19$m=16384,t=16,p=2$Ty9zOFVWdDBVQmlWTldVbg$kiVbkrYeTvgNg84i97WZBMQszmza66IohBxUtOnzRvU',
'username' => 'lolli',
'lockToDomain' => 'not.example.com'
];
......
......@@ -53,7 +53,7 @@ class AuthenticationService
$installToolPassword = $GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'];
$hashFactory = GeneralUtility::makeInstance(SaltFactory::class);
try {
$hashInstance = $hashFactory->get($installToolPassword);
$hashInstance = $hashFactory->get($installToolPassword, 'BE');
$validPassword = $hashInstance->checkPassword($password, $installToolPassword);
} catch (InvalidSaltException $e) {
// Given hash in global configuration is not a valid salted password
......
......@@ -18,6 +18,7 @@ use TYPO3\CMS\Core\Utility\GeneralUtility;
use TYPO3\CMS\Install\Configuration\Context\ContextFeature;
use TYPO3\CMS\Install\Configuration\Image\ImageFeature;
use TYPO3\CMS\Install\Configuration\Mail\MailFeature;
use TYPO3\CMS\Install\Configuration\PasswordHashing\PasswordHashingFeature;
/**
* Instantiate and configure all known features and presets
......@@ -31,6 +32,7 @@ class FeatureManager
ContextFeature::class,
ImageFeature::class,
MailFeature::class,
PasswordHashingFeature::class,
];
/**
......
......@@ -36,7 +36,7 @@ class ImageFeature extends Configuration\AbstractFeature implements Configuratio
];
/**
* Image feature can be feeded with an additional path to search for executables,
* Image feature can be fed with an additional path to search for executables,
* this getter returns the given input string (for Fluid)
*
* @return string
......
<?php
declare(strict_types = 1);
namespace TYPO3\CMS\Install\Configuration\PasswordHashing;
/*
* This file is part of the TYPO3 CMS project.
*
* It is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License, either version 2
* of the License, or any later version.
*
* For the full copyright and license information, please read the
* LICENSE.txt file that was distributed with this source code.
*
* The TYPO3 project - inspiring people to share!
*/
use TYPO3\CMS\Core\Utility\GeneralUtility;
use TYPO3\CMS\Install\Configuration\AbstractPreset;
use TYPO3\CMS\Saltedpasswords\Salt\Argon2iSalt;
/**
* Preset for password hashing method "argon2i"
*/
class Argon2iPreset extends AbstractPreset
{
/**
* @var string Name of preset
*/
protected $name = 'Argon2i';
/**
* @var int Priority of preset
*/
protected $priority = 70;
/**
* @var array Configuration values handled by this preset
*/
protected $configurationValues = [
'BE/passwordHashing/className' => Argon2iSalt::class,
'BE/passwordHashing/options' => [],
'FE/passwordHashing/className' => Argon2iSalt::class,
'FE/passwordHashing/options' => [],
];
/**
* Find out if Argon2i is available on this system
*
* @return bool
*/
public function isAvailable()
{
return GeneralUtility::makeInstance(Argon2iSalt::class)->isAvailable();
}
}
<?php
declare(strict_types = 1);
namespace TYPO3\CMS\Install\Configuration\PasswordHashing;
/*
* This file is part of the TYPO3 CMS project.
*
* It is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License, either version 2
* of the License, or any later version.
*
* For the full copyright and license information, please read the
* LICENSE.txt file that was distributed with this source code.
*
* The TYPO3 project - inspiring people to share!
*/
use TYPO3\CMS\Core\Utility\GeneralUtility;
use TYPO3\CMS\Install\Configuration\AbstractPreset;
use TYPO3\CMS\Saltedpasswords\Salt\BcryptSalt;
/**
* Preset for password hashing method "bcrypt"
*/
class BcryptPreset extends AbstractPreset
{
/**
* @var string Name of preset
*/
protected $name = 'Bcrypt';
/**
* @var int Priority of preset
*/
protected $priority = 60;
/**
* @var array Configuration values handled by this preset
*/
protected $configurationValues = [
'BE/passwordHashing/className' => BcryptSalt::class,
'BE/passwordHashing/options' => [],
'FE/passwordHashing/className' => BcryptSalt::class,
'FE/passwordHashing/options' => [],
];
/**
* Find out if bcrypt is available on this system
*
* @return bool
*/
public function isAvailable()
{
return GeneralUtility::makeInstance(BcryptSalt::class)->isAvailable();
}
}
<?php
declare(strict_types = 1);
namespace TYPO3\CMS\Install\Configuration\PasswordHashing;
/*
* This file is part of the TYPO3 CMS project.
*
* It is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License, either version 2
* of the License, or any later version.
*
* For the full copyright and license information, please read the
* LICENSE.txt file that was distributed with this source code.
*
* The TYPO3 project - inspiring people to share!
*/
use TYPO3\CMS\Install\Configuration\AbstractCustomPreset;
use TYPO3\CMS\Install\Configuration\CustomPresetInterface;
/**
* Preset used if custom password hashing configuration has been applied.
* Note this custom preset does not allow manipulation via gui, this has to be done manually.
* This preset only find out if it is active and shows the current values.
*/
class CustomPreset extends AbstractCustomPreset implements CustomPresetInterface
{
/**
* Get configuration values is used in fluid to show configuration options.
* They are fetched from LocalConfiguration / DefaultConfiguration.
*
* @return array Current custom configuration values
*/
public function getConfigurationValues()
{
$configurationValues = [];
$configurationValues['BE/passwordHashing/className'] =
$this->configurationManager->getConfigurationValueByPath('BE/passwordHashing/className');
$options = (array)$this->configurationManager->getConfigurationValueByPath('BE/passwordHashing/options');
foreach ($options as $optionName => $optionValue) {
$configurationValues['BE/passwordHashing/options/' . $optionName] = $optionValue;
}
$configurationValues['FE/passwordHashing/className'] =
$this->configurationManager->getConfigurationValueByPath('FE/passwordHashing/className');
$options = (array)$this->configurationManager->getConfigurationValueByPath('FE/passwordHashing/options');
foreach ($options as $optionName => $optionValue) {
$configurationValues['FE/passwordHashing/options/' . $optionName] = $optionValue;
}
return $configurationValues;
}
}
<?php
declare(strict_types = 1);
namespace TYPO3\CMS\Install\Configuration\PasswordHashing;
/*
* This file is part of the TYPO3 CMS project.
*
* It is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License, either version 2
* of the License, or any later version.
*
* For the full copyright and license information, please read the
* LICENSE.txt file that was distributed with this source code.
*
* The TYPO3 project - inspiring people to share!
*/
use TYPO3\CMS\Install\Configuration\AbstractFeature;
use TYPO3\CMS\Install\Configuration\FeatureInterface;
/**
* Password hashing feature detects password hashing capabilities of the system
*/
class PasswordHashingFeature extends AbstractFeature implements FeatureInterface
{
/**
* @var string Name of feature
*/
protected $name = 'PasswordHashing';
/**
* @var array List of preset classes
*/
protected $presetRegistry = [
Argon2iPreset::class,
BcryptPreset::class,
Pbkdf2Preset::class,
PhpassPreset::class,
CustomPreset::class,
];
}
<?php
declare(strict_types = 1);
namespace TYPO3\CMS\Install\Configuration\PasswordHashing;
/*
* This file is part of the TYPO3 CMS project.
*
* It is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License, either version 2
* of the License, or any later version.
*
* For the full copyright and license information, please read the
* LICENSE.txt file that was distributed with this source code.
*
* The TYPO3 project - inspiring people to share!
*/
use TYPO3\CMS\Core\Utility\GeneralUtility;
use TYPO3\CMS\Install\Configuration\AbstractPreset;
use TYPO3\CMS\Saltedpasswords\Salt\Pbkdf2Salt;
/**
* Preset for password hashing method "PBKDF2"
*/
class Pbkdf2Preset extends AbstractPreset
{
/**
* @var string Name of preset
*/
protected $name = 'Pbkdf2';
/**
* @var int Priority of preset
*/
protected $priority = 50;
/**
* @var array Configuration values handled by this preset
*/
protected $configurationValues = [
'BE/passwordHashing/className' => Pbkdf2Salt::class,
'BE/passwordHashing/options' => [],
'FE/passwordHashing/className' => Pbkdf2Salt::class,
'FE/passwordHashing/options' => [],
];