Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/storage/PhabricatorAuthPassword.php
| <?php | <?php | ||||
| final class PhabricatorAuthPassword | final class PhabricatorAuthPassword | ||||
| extends PhabricatorAuthDAO | extends PhabricatorAuthDAO | ||||
| implements | implements | ||||
| PhabricatorPolicyInterface, | PhabricatorPolicyInterface, | ||||
| PhabricatorDestructibleInterface, | PhabricatorDestructibleInterface, | ||||
| PhabricatorApplicationTransactionInterface { | PhabricatorApplicationTransactionInterface { | ||||
| protected $objectPHID; | protected $objectPHID; | ||||
| protected $passwordType; | protected $passwordType; | ||||
| protected $passwordHash; | protected $passwordHash; | ||||
| protected $passwordSalt; | protected $passwordSalt; | ||||
| protected $isRevoked; | protected $isRevoked; | ||||
| protected $legacyDigestFormat; | |||||
| private $object = self::ATTACHABLE; | private $object = self::ATTACHABLE; | ||||
| const PASSWORD_TYPE_ACCOUNT = 'account'; | const PASSWORD_TYPE_ACCOUNT = 'account'; | ||||
| const PASSWORD_TYPE_VCS = 'vcs'; | const PASSWORD_TYPE_VCS = 'vcs'; | ||||
| const PASSWORD_TYPE_TEST = 'test'; | const PASSWORD_TYPE_TEST = 'test'; | ||||
| public static function initializeNewPassword( | public static function initializeNewPassword( | ||||
| Show All 10 Lines | final class PhabricatorAuthPassword | ||||
| protected function getConfiguration() { | protected function getConfiguration() { | ||||
| return array( | return array( | ||||
| self::CONFIG_AUX_PHID => true, | self::CONFIG_AUX_PHID => true, | ||||
| self::CONFIG_COLUMN_SCHEMA => array( | self::CONFIG_COLUMN_SCHEMA => array( | ||||
| 'passwordType' => 'text64', | 'passwordType' => 'text64', | ||||
| 'passwordHash' => 'text128', | 'passwordHash' => 'text128', | ||||
| 'passwordSalt' => 'text64', | 'passwordSalt' => 'text64', | ||||
| 'isRevoked' => 'bool', | 'isRevoked' => 'bool', | ||||
| 'legacyDigestFormat' => 'text32?', | |||||
| ), | ), | ||||
| self::CONFIG_KEY_SCHEMA => array( | self::CONFIG_KEY_SCHEMA => array( | ||||
| 'key_role' => array( | 'key_role' => array( | ||||
| 'columns' => array('objectPHID', 'passwordType'), | 'columns' => array('objectPHID', 'passwordType'), | ||||
| ), | ), | ||||
| ), | ), | ||||
| ) + parent::getConfiguration(); | ) + parent::getConfiguration(); | ||||
| } | } | ||||
| Show All 12 Lines | final class PhabricatorAuthPassword | ||||
| } | } | ||||
| public function getHasher() { | public function getHasher() { | ||||
| $hash = $this->newPasswordEnvelope(); | $hash = $this->newPasswordEnvelope(); | ||||
| return PhabricatorPasswordHasher::getHasherForHash($hash); | return PhabricatorPasswordHasher::getHasherForHash($hash); | ||||
| } | } | ||||
| public function canUpgrade() { | public function canUpgrade() { | ||||
| // If this password uses a legacy digest format, we can upgrade it to the | |||||
| // new digest format even if a better hasher isn't available. | |||||
| if ($this->getLegacyDigestFormat() !== null) { | |||||
| return true; | |||||
| } | |||||
| $hash = $this->newPasswordEnvelope(); | $hash = $this->newPasswordEnvelope(); | ||||
| return PhabricatorPasswordHasher::canUpgradeHash($hash); | return PhabricatorPasswordHasher::canUpgradeHash($hash); | ||||
| } | } | ||||
| public function upgradePasswordHasher( | public function upgradePasswordHasher( | ||||
| PhutilOpaqueEnvelope $envelope, | PhutilOpaqueEnvelope $envelope, | ||||
| PhabricatorPasswordHashInterface $object) { | PhabricatorPasswordHashInterface $object) { | ||||
| Show All 28 Lines | if (!strlen($password->openEnvelope())) { | ||||
| throw new Exception( | throw new Exception( | ||||
| pht('Attempting to set an empty password!')); | pht('Attempting to set an empty password!')); | ||||
| } | } | ||||
| // Generate (or regenerate) the salt first. | // Generate (or regenerate) the salt first. | ||||
| $new_salt = Filesystem::readRandomCharacters(64); | $new_salt = Filesystem::readRandomCharacters(64); | ||||
| $this->setPasswordSalt($new_salt); | $this->setPasswordSalt($new_salt); | ||||
| // Clear any legacy digest format to force a modern digest. | |||||
| $this->setLegacyDigestFormat(null); | |||||
| $digest = $this->digestPassword($password, $object); | $digest = $this->digestPassword($password, $object); | ||||
| $hash = $hasher->getPasswordHashForStorage($digest); | $hash = $hasher->getPasswordHashForStorage($digest); | ||||
| $raw_hash = $hash->openEnvelope(); | $raw_hash = $hash->openEnvelope(); | ||||
| return $this->setPasswordHash($raw_hash); | return $this->setPasswordHash($raw_hash); | ||||
| } | } | ||||
| public function comparePassword( | public function comparePassword( | ||||
| ▲ Show 20 Lines • Show All 104 Lines • Show Last 20 Lines | |||||