From fd8fb1225d3da750c465f972758c98a9741607b5 Mon Sep 17 00:00:00 2001 From: mark_story Date: Fri, 21 Jan 2011 16:22:29 -0500 Subject: [PATCH] Removing automatic password hashing from AuthComponent. Its a frustrating feature that often befuddles new users, and can be plain annoying sometimes. Moving hashing into FormAuthenticate. Updating tests. --- cake/libs/controller/components/auth.php | 27 +------------- .../components/auth/form_authenticate.php | 12 ++++++- .../libs/controller/components/auth.test.php | 36 ------------------- .../auth/form_authenticate.test.php | 10 +++--- 4 files changed, 17 insertions(+), 68 deletions(-) diff --git a/cake/libs/controller/components/auth.php b/cake/libs/controller/components/auth.php index 5a477cae441..fb878472f42 100644 --- a/cake/libs/controller/components/auth.php +++ b/cake/libs/controller/components/auth.php @@ -308,8 +308,7 @@ public function startup($controller) { return false; } $request = $controller->request; - - $this->request->data = $controller->request->data = $this->hashPasswords($request->data); + $url = ''; if (isset($request->query['url'])) { @@ -717,30 +716,6 @@ public function constructAuthenticate() { return $this->_authenticateObjects; } -/** - * Hash any passwords found in $data using $userModel and $fields['password'] - * - * @param array $data Set of data to look for passwords - * @return array Data with passwords hashed - * @link http://book.cakephp.org/view/1259/hashPasswords - */ - public function hashPasswords($data) { - if (is_object($this->authenticate) && method_exists($this->authenticate, 'hashPasswords')) { - return $this->authenticate->hashPasswords($data); - } - - if (is_array($data)) { - $model = $this->getModel(); - - if(isset($data[$model->alias])) { - if (isset($data[$model->alias][$this->fields['username']]) && isset($data[$model->alias][$this->fields['password']])) { - $data[$model->alias][$this->fields['password']] = $this->password($data[$model->alias][$this->fields['password']]); - } - } - } - return $data; - } - /** * Hash a password with the application's salt value (as defined with Configure::write('Security.salt'); * diff --git a/cake/libs/controller/components/auth/form_authenticate.php b/cake/libs/controller/components/auth/form_authenticate.php index d536499b521..f0d9f862c52 100644 --- a/cake/libs/controller/components/auth/form_authenticate.php +++ b/cake/libs/controller/components/auth/form_authenticate.php @@ -86,7 +86,7 @@ public function authenticate(CakeRequest $request) { } $conditions = array( $model . '.' . $fields['username'] => $request->data[$model][$fields['username']], - $model . '.' . $fields['password'] => $request->data[$model][$fields['password']], + $model . '.' . $fields['password'] => $this->hash($request->data[$model][$fields['password']]), ); if (!empty($this->settings['scope'])) { $conditions = array_merge($conditions, $this->settings['scope']); @@ -101,4 +101,14 @@ public function authenticate(CakeRequest $request) { unset($result[$model][$fields['password']]); return $result[$model]; } + +/** + * Hash the supplied password using the configured hashing method. + * + * @param string $password The password to hash. + * @return string Hashed string + */ + public function hash($password) { + return Security::hash($password, null, true); + } } \ No newline at end of file diff --git a/cake/tests/cases/libs/controller/components/auth.test.php b/cake/tests/cases/libs/controller/components/auth.test.php index 7783c5d29db..4180256f961 100644 --- a/cake/tests/cases/libs/controller/components/auth.test.php +++ b/cake/tests/cases/libs/controller/components/auth.test.php @@ -1089,42 +1089,6 @@ function testNoRedirectOn404() { $this->assertTrue($result, 'Auth redirected a missing action %s'); } -/** - * test Hashing of passwords - * - * @return void - */ - function testHashPasswords() { - $this->Controller->Auth->userModel = 'AuthUser'; - - $data['AuthUser']['password'] = 'superSecret'; - $data['AuthUser']['username'] = 'superman@dailyplanet.com'; - $return = $this->Controller->Auth->hashPasswords($data); - $expected = $data; - $expected['AuthUser']['password'] = Security::hash($expected['AuthUser']['password'], null, true); - $this->assertEqual($return, $expected); - - $data['Wrong']['password'] = 'superSecret'; - $data['Wrong']['username'] = 'superman@dailyplanet.com'; - $data['AuthUser']['password'] = 'IcantTellYou'; - $return = $this->Controller->Auth->hashPasswords($data); - $expected = $data; - $expected['AuthUser']['password'] = Security::hash($expected['AuthUser']['password'], null, true); - $this->assertEqual($return, $expected); - - $xml = array( - 'User' => array( - 'username' => 'batman@batcave.com', - 'password' => 'bruceWayne', - ) - ); - $data = new Xml($xml); - $return = $this->Controller->Auth->hashPasswords($data); - $expected = $data; - $this->assertEqual($return, $expected); - } - - /** * testAdminRoute method * diff --git a/cake/tests/cases/libs/controller/components/auth/form_authenticate.test.php b/cake/tests/cases/libs/controller/components/auth/form_authenticate.test.php index 0c5e36a184e..de4600e6d08 100644 --- a/cake/tests/cases/libs/controller/components/auth/form_authenticate.test.php +++ b/cake/tests/cases/libs/controller/components/auth/form_authenticate.test.php @@ -41,8 +41,8 @@ function setUp() { 'fields' => array('username' => 'user', 'password' => 'password'), 'userModel' => 'User' )); - $this->password = Security::hash('password', null, true); - ClassRegistry::init('User')->updateAll(array('password' => '"' . $this->password . '"')); + $password = Security::hash('password', null, true); + ClassRegistry::init('User')->updateAll(array('password' => '"' . $password . '"')); } /** @@ -116,7 +116,7 @@ function testAuthenticateSuccess() { $request = new CakeRequest('posts/index', false); $request->data = array('User' => array( 'user' => 'mariano', - 'password' => $this->password + 'password' => 'password' )); $result = $this->auth->authenticate($request); $expected = array( @@ -138,7 +138,7 @@ function testAuthenticateScopeFail() { $request = new CakeRequest('posts/index', false); $request->data = array('User' => array( 'user' => 'mariano', - 'password' => $this->password + 'password' => 'password' )); $this->assertFalse($this->auth->authenticate($request)); @@ -168,7 +168,7 @@ function testPluginModel() { $request = new CakeRequest('posts/index', false); $request->data = array('TestPluginAuthUser' => array( 'username' => 'gwoo', - 'password' => Security::hash('cake', null, true) + 'password' => 'cake' )); $result = $this->auth->authenticate($request);