1. 07 May, 2022 1 commit
  2. 15 Apr, 2020 1 commit
  3. 14 Apr, 2020 1 commit
  4. 13 Apr, 2020 1 commit
  5. 19 Dec, 2018 1 commit
    • Christian Kuhn's avatar
      [!!!][TASK] Remove deprecated code from core Crypto/PasswordHashing · 028d3420
      Christian Kuhn authored and Anja Leichsenring's avatar Anja Leichsenring committed
      Removed classes:
      TYPO3\CMS\Core\Crypto\PasswordHashing\AbstractComposedSalt
      
      Removed interfaces:
      TYPO3\CMS\Core\Crypto\PasswordHashing\ComposedPasswordHashInterface
      TYPO3\CMS\Core\Crypto\PasswordHashing\ExtensionManagerConfigurationUtility
      TYPO3\CMS\Core\Crypto\PasswordHashing\SaltedPasswordService
      TYPO3\CMS\Core\Crypto\PasswordHashing\SaltedPasswordsUtility
      
      Removed class aliases:
      TYPO3\CMS\Saltedpasswords\Salt\AbstractSalt
      TYPO3\CMS\Saltedpasswords\Salt\AbstractComposedSalt
      TYPO3\CMS\Saltedpasswords\Salt\Argon2iSalt
      TYPO3\CMS\Saltedpasswords\Salt\BcryptSalt
      TYPO3\CMS\Saltedpasswords\Salt\BlowfishSalt
      TYPO3\CMS\Saltedpasswords\Salt\ComposedSaltInterface
      TYPO3\CMS\Saltedpasswords\Salt\Md5Salt
      TYPO3\CMS\Saltedpasswords\Salt\SaltFactory
      TYPO3\CMS\Saltedpasswords\Salt\SaltInterface
      TYPO3\CMS\Saltedpasswords\Salt\Pbkdf2Salt
      TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt
      TYPO3\CMS\Saltedpasswords\SaltedPasswordsService
      TYPO3\CMS\Saltedpasswords\Utility\ExensionManagerConfigurationUtility
      TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility
      
      Removed methods:
      TYPO3\CMS\Core\Crypto\PasswordHashing\Argon2iPasswordHash->getOptions()
      TYPO3\CMS\Core\Crypto\PasswordHashing\Argon2iPasswordHash->setOptions()
      TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash->getOptions()
      TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash->setOptions()
      TYPO3\CMS\Core\Crypto\PasswordHashing\BlowfishSalt->getHashCount()
      TYPO3\CMS\Core\Crypto\PasswordHashing\BlowfishSalt->getMaxHashCount()
      TYPO3\CMS\Core\Crypto\PasswordHashing\BlowfishSalt->getMinHashCount()
      TYPO3\CMS\Core\Crypto\PasswordHashing\BlowfishSalt->getSaltLength()
      TYPO3\CMS\Core\Crypto\PasswordHashing\BlowfishSalt->getSetting()
      TYPO3\CMS\Core\Crypto\PasswordHashing\BlowfishSalt->setHashCount()
      TYPO3\CMS\Core\Crypto\PasswordHashing\BlowfishSalt->setMaxHashCount()
      TYPO3\CMS\Core\Crypto\PasswordHashing\BlowfishSalt->setMinHashCount()
      TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash->getSetting()
      TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash->getSaltLength()
      TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash->getHashCount()
      TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash->getMaxHashCount()
      TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash->getMinHashCount()
      TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash->getSaltLength()
      TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash->getSetting()
      TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash->setHashCount()
      TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash->setMaxHashCount()
      TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash->setMinHashCount()
      TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash->getHashCount()
      TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash->getMaxHashCount()
      TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash->getMinHashCount()
      TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash->getSaltLength()
      TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash->getSetting()
      TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash->setHashCount()
      TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash->setMaxHashCount()
      TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash->setMinHashCount()
      
      Protected methods:
      TYPO3\CMS\Core\Crypto\PasswordHashing\BlowfishPasswordHash->isValidSalt()
      TYPO3\CMS\Core\Crypto\PasswordHashing\BlowfishPasswordHash->base64Encode()
      TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash->isValidSalt()
      TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash->base64Encode()
      TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash->isValidSalt()
      TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash->base64Encode()
      TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash->base64Decode()
      TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash->isValidSalt()
      TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash->base64Encode()
      
      Removed static methods:
      TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashFactory::determineSaltingHashingMethod()
      TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashFactory::getSaltingInstance()
      TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashFactory::setPreferredHashingMethod()
      
      Second method argument dropped:
      TYPO3\CMS\Core\Crypto\PasswordHashing\BlowfishPasswordHash->getHashedPassword()
      TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash->getHashedPassword()
      TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash->getHashedPassword()
      TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash->getHashedPassword()
      
      Ignored options:
      $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/saltedpasswords']['saltMethods']
      
      Dropped constants:
      TYPO3\CMS\Core\Crypto\PasswordHashing\BlowfishPasswordHash::ITOA64
      TYPO3\CMS\Core\Crypto\PasswordHashing\BlowfishPasswordHash::HASH_COUNT
      TYPO3\CMS\Core\Crypto\PasswordHashing\BlowfishPasswordHash::MAX_HASH_COUNT
      TYPO3\CMS\Core\Crypto\PasswordHashing\BlowfishPasswordHash::MIN_HASH_COUNT
      TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash::ITOA64
      TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::ITOA64
      TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::HASH_COUNT
      TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::MAX_HASH_COUNT
      TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::MIN_HASH_COUNT
      TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::ITOA64
      TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::HASH_COUNT
      TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::MAX_HASH_COUNT
      TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::MIN_HASH_COUNT
      
      Removed language file aliases:
      EXT:saltedpasswords/Resources/Private/Language/locallang.xlf
      EXT:saltedpasswords/Resources/Private/Language/locallang_em.xlf
      
      Change-Id: Ia6a18209f104ca1abc6981508fb8b640ef2eb1a3
      Resolves: #87203
      Releases: master
      Reviewed-on: https://review.typo3.org/59197
      
      Reviewed-by: Benni Mack's avatarBenni Mack <benni@typo3.org>
      Tested-by: Benni Mack's avatarBenni Mack <benni@typo3.org>
      Tested-by: default avatarTYPO3com <no-reply@typo3.com>
      Reviewed-by: Anja Leichsenring's avatarAnja Leichsenring <aleichsenring@ab-softlab.de>
      Tested-by: Anja Leichsenring's avatarAnja Leichsenring <aleichsenring@ab-softlab.de>
      028d3420
  6. 30 Sep, 2018 1 commit
  7. 14 Aug, 2018 1 commit
  8. 11 Aug, 2018 1 commit
    • Christian Kuhn's avatar
      [TASK] Make password hash selection an install tool preset · 4b695b64
      Christian Kuhn authored
      With this change, the password hash code in salted passwords is
      reduced to the SaltFactory with two methods and the single hash
      classes that implement SaltInterface without further public
      methods. Everything else including the utility classes is
      deprecated.
      The change moves the LocalConfiguration.php config options around,
      adds a settings preset for hash mechanism selection, adds according
      silent upgrades, adds 'best available' hash mechanism selection
      at installation time and drops the last saltedpasswords
      ext_conf_template.txt option.
      
      Details:
      * Remove the password hash selection from saltedpasswords config
        namespace and put to TYPO3_CONF_VARS/BE/passwordHashing/className
        and TYPO3_CONF_VARS/FE/passwordHashing/className
      * Move available password hash registry from
        TYPO3_CONF_VARS/SC_OPTIONS/ext/saltedpasswords/saltMethods
        to TYPO3_CONF_VARS/SYS/availablePasswordHashAlgorithms
      * Add a setting preset to select one of argon2i (preferred),
        bcrypt, pbkdf2 or phpass (last fallback)
      * Use 'best matching preset' during installation to select a good
        salt mechanism by default
      * Silently upgrade existing password hash selection and upgrade
        to one of the four hash algorithms above
      * Allow algorithm specific options in
        TYPO3_CONF_VARS/BE/passwordHashing/options and
        TYPO3_CONF_VARS/FE/passwordHashing/options for admins who
        know what they are doing and need to fiddle with hash details.
      * Simplify and refactor the single password hash classes. Deprecate
        a huge list of methods along the way.
      
      Change-Id: I773e2ee27a121c9f0d5302695ebf4aa561170400
      Resolves: #85804
      Resolves: #83760
      Releases: master
      Reviewed-on: https://review.typo3.org/57850
      
      Tested-by: default avatarTYPO3com <no-reply@typo3.com>
      Reviewed-by: Benni Mack's avatarBenni Mack <benni@typo3.org>
      Tested-by: Benni Mack's avatarBenni Mack <benni@typo3.org>
      Reviewed-by: Andreas Fernandez's avatarAndreas Fernandez <a.fernandez@scripting-base.de>
      Tested-by: Andreas Fernandez's avatarAndreas Fernandez <a.fernandez@scripting-base.de>
      Reviewed-by: Christian Kuhn's avatarChristian Kuhn <lolli@schwarzbu.ch>
      Tested-by: Christian Kuhn's avatarChristian Kuhn <lolli@schwarzbu.ch>
      4b695b64
  9. 11 May, 2018 1 commit