Skip to content
Permalink
Browse files

OXDEV-1820 Update CHANGELOG.md

  • Loading branch information...
robertblank committed Mar 25, 2019
1 parent 432b430 commit 4f548c04b12e4e06f5da9ab5715a4056b05757ba
Showing with 17 additions and 11 deletions.
  1. +11 −5 CHANGELOG.md
  2. +6 −6 source/Core/UtilsServer.php
@@ -17,8 +17,6 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
- New methods:
- `OxidEsales\EshopCommunity\Core\Exception\ExceptionToDisplay::getValues` [PR-660](https://github.com/OXID-eSales/oxideshop_ce/pull/660)
- `OxidEsales\EshopCommunity\Application\Model\Article::getStock` [PR-640](https://github.com/OXID-eSales/oxideshop_ce/pull/640)
- `\OxidEsales\EshopCommunity\Application\Model\User::hashPassword` Replacement for user User::encodePassword
- `OxidEsales\EshopCommunity\Core\PasswordSaltGenerator::generateStrongSalt` generates a salt, which is suitable for cryptographic use
- Log a warnings for missused db method calls [PR-649](https://github.com/OXID-eSales/oxideshop_ce/pull/649)
- New blocks:
- `admin_module_sortlist` in `admin/tpl/module_sortlist.tpl` [PR-534](https://github.com/OXID-eSales/oxideshop_ce/pull/534)
@@ -45,7 +43,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
- `passwordHashingArgon2MemoryCost` with default value: 1024;
- `passwordHashingArgon2TimeCost` with default value: 2;
- `passwordHashingArgon2Threads` with default value: 2;

- Interface:
- `\OxidEsales\EshopCommunity\Internal\Password\Bridge\PasswordServiceBridgeInterface`
- Constants
- `\OxidEsales\EshopCommunity\Application\Model\User::USER_COOKIE_SALT`

### Changed
- category_main form layout improvements [PR-585](https://github.com/OXID-eSales/oxideshop_ce/pull/585)
@@ -54,16 +55,21 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
- Make adding template blocks more fast andn reliable [PR-580](https://github.com/OXID-eSales/oxideshop_ce/pull/580)
- Support PHP 7.2
- Modules will not be disabled on class loading errors anymore, Error is just logged [PR-661](https://github.com/OXID-eSales/oxideshop_ce/pull/661)
- Backwards compatibility break: `\OxidEsales\EshopCommunity\Application\Model\User::_dbLogin` will only called until the user successfully logs in the
first time. Afterwards the password hash will have been recreated and a new authentication mechanism will be used. This
breaks backwards compatibility for modules, which directly override `_dbLogin` or one of the methods in the call stack.

### Removed
- Removed old not used blAutoSearchOnCat option from shop_config tab [PR-654](https://github.com/OXID-eSales/oxideshop_ce/pull/654)
- Removed unnecessary class imports [PR-667](https://github.com/OXID-eSales/oxideshop_ce/pull/667)
- Removed deprecated `\OxidEsales\EshopCommunity\Core\Email::$Version` use `\PHPMailer\PHPMailer\PHPMailer::VERSION` instead
- The value for the password salt will not be stored in the database column `oxuser.OXPASSSALT` anymore, but in the password hash itself

### Deprecated
- `\OxidEsales\EshopCommunity\Application\Model\User::_dbLogin` will no longer be needed and removed completely
- `\OxidEsales\EshopCommunity\Application\Model\User::_getLoginQuery` will no longer be needed and removed completely
- `\OxidEsales\EshopCommunity\Application\Model\User::encodePassword` will no longer be needed and removed completely
- `\OxidEsales\EshopCommunity\Application\Model\User::_getLoginQueryHashedWithMD5` will no longer be needed and removed completely
- `\OxidEsales\EshopCommunity\Application\Model\User::encodePassword` will no longer be needed and removed completely. Use `PasswordServiceBridgeInterface` instead
- `\OxidEsales\EshopCommunity\Application\Model\User::formQueryPartForMD5Password` will no longer be needed and removed completely
- `\OxidEsales\EshopCommunity\Application\Model\User::formQueryPartForSha512Password` will no longer be needed and removed completely
- `\OxidEsales\EshopCommunity\Core\Base::setConfig`
@@ -74,7 +80,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
- `blDoNotDisableModuleOnError` config option
- `\OxidEsales\EshopCommunity\Core\OpenSSLFunctionalityChecker` will no longer be needed and removed completely
- `\OxidEsales\EshopCommunity\Core\Hasher` will no longer be needed and removed completely
- `\OxidEsales\EshopCommunity\Core\PasswordHasher` will no longer be needed and removed completely
- `\OxidEsales\EshopCommunity\Core\PasswordHasher` will no longer be needed and removed completely. Use `PasswordServiceBridgeInterface` instead
- `\OxidEsales\EshopCommunity\Core\PasswordSaltGenerator` will no longer be needed and removed completely
- `\OxidEsales\EshopCommunity\Core\Sha512Hasher` will no longer be needed and removed completely

@@ -278,13 +278,13 @@ public function getServerVar($sServVar = null)
/**
* Sets user info into cookie
*
* @param string $userName user name
* @param string $password password
* @param int $shopId shop ID (default null)
* @param integer $timeout timeout value (default 31536000)
* @param string $userName user name
* @param string $passwordHash password hash
* @param int $shopId shop ID (default null)
* @param integer $timeout timeout value (default 31536000)
* @param string $salt
*/
public function setUserCookie($userName, $password, $shopId = null, $timeout = 31536000, $salt = User::USER_COOKIE_SALT)
public function setUserCookie($userName, $passwordHash, $shopId = null, $timeout = 31536000, $salt = User::USER_COOKIE_SALT)
{
$myConfig = $this->getConfig();
$shopId = $shopId ?? $myConfig->getShopId();
@@ -295,7 +295,7 @@ public function setUserCookie($userName, $password, $shopId = null, $timeout = 3
$blSsl = false;
}
$this->_aUserCookie[$shopId] = $userName . '@@@' . crypt($password, $salt);
$this->_aUserCookie[$shopId] = $userName . '@@@' . crypt($passwordHash, $salt);
$this->setOxCookie('oxid_' . $shopId, $this->_aUserCookie[$shopId], \OxidEsales\Eshop\Core\Registry::getUtilsDate()->getTime() + $timeout, '/', null, true, $blSsl);
$this->setOxCookie('oxid_' . $shopId . '_autologin', '1', \OxidEsales\Eshop\Core\Registry::getUtilsDate()->getTime() + $timeout, '/', null, true, false);
}

0 comments on commit 4f548c0

Please sign in to comment.
You can’t perform that action at this time.