Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/storage/PhabricatorAuthPassword.php
<?php | <?php | ||||
final class PhabricatorAuthPassword | final class PhabricatorAuthPassword | ||||
extends PhabricatorAuthDAO | extends PhabricatorAuthDAO | ||||
implements | implements | ||||
PhabricatorPolicyInterface, | PhabricatorPolicyInterface, | ||||
PhabricatorDestructibleInterface, | PhabricatorDestructibleInterface, | ||||
PhabricatorApplicationTransactionInterface { | PhabricatorApplicationTransactionInterface { | ||||
protected $objectPHID; | protected $objectPHID; | ||||
protected $passwordType; | protected $passwordType; | ||||
protected $passwordHash; | protected $passwordHash; | ||||
protected $passwordSalt; | protected $passwordSalt; | ||||
protected $isRevoked; | protected $isRevoked; | ||||
protected $legacyDigestFormat; | |||||
private $object = self::ATTACHABLE; | private $object = self::ATTACHABLE; | ||||
const PASSWORD_TYPE_ACCOUNT = 'account'; | const PASSWORD_TYPE_ACCOUNT = 'account'; | ||||
const PASSWORD_TYPE_VCS = 'vcs'; | const PASSWORD_TYPE_VCS = 'vcs'; | ||||
const PASSWORD_TYPE_TEST = 'test'; | const PASSWORD_TYPE_TEST = 'test'; | ||||
public static function initializeNewPassword( | public static function initializeNewPassword( | ||||
Show All 10 Lines | final class PhabricatorAuthPassword | ||||
protected function getConfiguration() { | protected function getConfiguration() { | ||||
return array( | return array( | ||||
self::CONFIG_AUX_PHID => true, | self::CONFIG_AUX_PHID => true, | ||||
self::CONFIG_COLUMN_SCHEMA => array( | self::CONFIG_COLUMN_SCHEMA => array( | ||||
'passwordType' => 'text64', | 'passwordType' => 'text64', | ||||
'passwordHash' => 'text128', | 'passwordHash' => 'text128', | ||||
'passwordSalt' => 'text64', | 'passwordSalt' => 'text64', | ||||
'isRevoked' => 'bool', | 'isRevoked' => 'bool', | ||||
'legacyDigestFormat' => 'text32?', | |||||
), | ), | ||||
self::CONFIG_KEY_SCHEMA => array( | self::CONFIG_KEY_SCHEMA => array( | ||||
'key_role' => array( | 'key_role' => array( | ||||
'columns' => array('objectPHID', 'passwordType'), | 'columns' => array('objectPHID', 'passwordType'), | ||||
), | ), | ||||
), | ), | ||||
) + parent::getConfiguration(); | ) + parent::getConfiguration(); | ||||
} | } | ||||
Show All 12 Lines | final class PhabricatorAuthPassword | ||||
} | } | ||||
public function getHasher() { | public function getHasher() { | ||||
$hash = $this->newPasswordEnvelope(); | $hash = $this->newPasswordEnvelope(); | ||||
return PhabricatorPasswordHasher::getHasherForHash($hash); | return PhabricatorPasswordHasher::getHasherForHash($hash); | ||||
} | } | ||||
public function canUpgrade() { | public function canUpgrade() { | ||||
// If this password uses a legacy digest format, we can upgrade it to the | |||||
// new digest format even if a better hasher isn't available. | |||||
if ($this->getLegacyDigestFormat() !== null) { | |||||
return true; | |||||
} | |||||
$hash = $this->newPasswordEnvelope(); | $hash = $this->newPasswordEnvelope(); | ||||
return PhabricatorPasswordHasher::canUpgradeHash($hash); | return PhabricatorPasswordHasher::canUpgradeHash($hash); | ||||
} | } | ||||
public function upgradePasswordHasher( | public function upgradePasswordHasher( | ||||
PhutilOpaqueEnvelope $envelope, | PhutilOpaqueEnvelope $envelope, | ||||
PhabricatorPasswordHashInterface $object) { | PhabricatorPasswordHashInterface $object) { | ||||
Show All 28 Lines | if (!strlen($password->openEnvelope())) { | ||||
throw new Exception( | throw new Exception( | ||||
pht('Attempting to set an empty password!')); | pht('Attempting to set an empty password!')); | ||||
} | } | ||||
// Generate (or regenerate) the salt first. | // Generate (or regenerate) the salt first. | ||||
$new_salt = Filesystem::readRandomCharacters(64); | $new_salt = Filesystem::readRandomCharacters(64); | ||||
$this->setPasswordSalt($new_salt); | $this->setPasswordSalt($new_salt); | ||||
// Clear any legacy digest format to force a modern digest. | |||||
$this->setLegacyDigestFormat(null); | |||||
$digest = $this->digestPassword($password, $object); | $digest = $this->digestPassword($password, $object); | ||||
$hash = $hasher->getPasswordHashForStorage($digest); | $hash = $hasher->getPasswordHashForStorage($digest); | ||||
$raw_hash = $hash->openEnvelope(); | $raw_hash = $hash->openEnvelope(); | ||||
return $this->setPasswordHash($raw_hash); | return $this->setPasswordHash($raw_hash); | ||||
} | } | ||||
public function comparePassword( | public function comparePassword( | ||||
▲ Show 20 Lines • Show All 104 Lines • Show Last 20 Lines |