Skip to content
Permalink
Browse files

Merge branch 'b-6.x'

  • Loading branch information...
robertblank committed Mar 25, 2019
2 parents 831316a + 4f548c0 commit a9a51aaa52d36c240be79bbc2556217bd18abbeb
Showing with 3,009 additions and 387 deletions.
  1. +11 −2 .travis.yml
  2. +25 −0 CHANGELOG.md
  3. +7 −1 source/Application/Controller/Admin/LoginController.php
  4. +16 −12 source/Application/Model/Article.php
  5. +2 −2 source/Application/Model/Review.php
  6. +381 −184 source/Application/Model/User.php
  7. +4 −4 source/Core/Autoload/UnifiedNameSpaceClassMap.php
  8. +2 −0 source/Core/Hasher.php
  9. +2 −0 source/Core/PasswordHasher.php
  10. +2 −0 source/Core/PasswordSaltGenerator.php
  11. +2 −0 source/Core/Sha512Hasher.php
  12. +12 −10 source/Core/UtilsServer.php
  13. +4 −6 source/Internal/Logger/Configuration/MonologConfiguration.php
  14. +72 −0 source/Internal/Password/Bridge/PasswordServiceBridge.php
  15. +42 −0 source/Internal/Password/Bridge/PasswordServiceBridgeInterface.php
  16. +15 −0 source/Internal/Password/Exception/PasswordHashException.php
  17. +15 −0 source/Internal/Password/Exception/PasswordPolicyException.php
  18. +15 −0 source/Internal/Password/Exception/UnavailablePasswordHashStrategy.php
  19. +50 −0 source/Internal/Password/Policy/PasswordPolicy.php
  20. +18 −0 source/Internal/Password/Policy/PasswordPolicyInterface.php
  21. +80 −0 source/Internal/Password/Service/PasswordHashService.php
  22. +37 −0 source/Internal/Password/Service/PasswordHashServiceInterface.php
  23. +45 −0 source/Internal/Password/Service/PasswordVerificationService.php
  24. +23 −0 source/Internal/Password/Service/PasswordVerificationServiceInterface.php
  25. +112 −0 source/Internal/Password/Strategy/AbstractPasswordHashStrategy.php
  26. +32 −0 source/Internal/Password/Strategy/PasswordHashArgon2IStrategy.php
  27. +32 −0 source/Internal/Password/Strategy/PasswordHashArgon2IdStrategy.php
  28. +76 −0 source/Internal/Password/Strategy/PasswordHashArgon2StrategyOptionsProvider.php
  29. +30 −0 source/Internal/Password/Strategy/PasswordHashBcryptStrategy.php
  30. +63 −0 source/Internal/Password/Strategy/PasswordHashBcryptStrategyOptionsProvider.php
  31. +70 −0 source/Internal/Password/Strategy/PasswordHashStrategiesArray.php
  32. +34 −0 source/Internal/Password/Strategy/PasswordHashStrategyInterface.php
  33. +18 −0 source/Internal/Password/Strategy/PasswordHashStrategyOptionsProviderInterface.php
  34. +43 −0 source/Internal/Password/services.yaml
  35. +41 −8 source/Internal/Utility/Context.php
  36. +26 −1 source/Internal/Utility/ContextInterface.php
  37. +1 −0 source/Internal/services.yaml
  38. +1 −1 source/Setup/Sql/initial_data.sql
  39. +5 −5 source/bootstrap.php
  40. +14 −0 source/config.inc.php.dist
  41. +12 −12 tests/Acceptance/Admin/testSql/demodata_PE_CE.sql
  42. +3 −3 tests/Acceptance/Frontend/MyAccountFrontendTest.php
  43. +5 −5 tests/Acceptance/Frontend/ProductInfoFrontendTest.php
  44. +12 −12 tests/Acceptance/Frontend/testSql/demodata_PE_CE.sql
  45. +12 −12 tests/Acceptance/International/testSql/demodata_PE_CE.sql
  46. +24 −22 tests/Integration/Application/Component/UserComponentTest.php
  47. +1 −1 tests/Integration/Internal/Logger/LoggerTest.php
  48. +232 −0 tests/Integration/Internal/Password/Bridge/PasswordServiceBridgeTest.php
  49. +36 −0 tests/Integration/Internal/Password/Service/PasswordVerificationServiceTest.php
  50. +44 −0 tests/Integration/Internal/Password/Strategy/PasswordHashArgon2iStrategyTest.php
  51. +44 −0 tests/Integration/Internal/Password/Strategy/PasswordHashArgon2idStrategyTest.php
  52. +44 −0 tests/Integration/Internal/Password/Strategy/PasswordHashBcryptStrategyTest.php
  53. +1 −0 tests/Integration/Price/PriceTest.php
  54. +19 −11 tests/Integration/User/LoginTest.php
  55. +3 −1 tests/Integration/User/UserTestCase.php
  56. +10 −6 tests/Unit/Application/Controller/Admin/LoginTest.php
  57. +48 −50 tests/Unit/Application/Model/UserTest.php
  58. +1 −1 tests/Unit/Core/InputValidatorTest.php
  59. +13 −11 tests/Unit/Core/SessionTest.php
  60. +3 −2 tests/Unit/Core/UtilsServerTest.php
  61. +42 −1 tests/Unit/Internal/ContextStub.php
  62. +1 −1 tests/Unit/Internal/Logger/Configuration/MonologConfigurationTest.php
  63. +329 −0 tests/Unit/Internal/Password/Service/PasswordHashServiceTest.php
  64. +66 −0 tests/Unit/Internal/Password/Service/PasswordPolicyTest.php
  65. +61 −0 tests/Unit/Internal/Password/Service/PasswordVerificationServiceTest.php
  66. +67 −0 tests/Unit/Internal/Password/Strategy/AbstractPasswordHashStrategyTest.php
  67. +109 −0 tests/Unit/Internal/Password/Strategy/PasswordHashArgon2IStrategyTest.php
  68. +81 −0 tests/Unit/Internal/Password/Strategy/PasswordHashArgon2IdStrategyTest.php
  69. +87 −0 tests/Unit/Internal/Password/Strategy/PasswordHashBcryptStrategyOptionsProviderTest.php
  70. +55 −0 tests/Unit/Internal/Password/Strategy/PasswordHashBcryptStrategyTest.php
  71. +64 −0 tests/Unit/Internal/Password/Strategy/PasswordHashStrategiesArrayTest.php
@@ -12,8 +12,17 @@ php:
matrix:
fast_finish: true

# TRAVIS_ERROR_LEVEL = E_ALL & ~E_DEPRECATED & ~E_NOTICE & ~E_STRICT
env: TRAVIS_ERROR_LEVEL=22519 OX_BASE_PATH="$TRAVIS_BUILD_DIR/source/" OXID_ESHOP_CS_THRESHOLD=14
# Numeric values of error reporting levels:
# 32767: E_ALL
# 30711: E_ALL & ~E_NOTICE & ~E_STRICT
# 24575: E_ALL & ~E_DEPRECATED
# 24567: E_ALL & ~E_DEPRECATED & ~E_NOTICE
# 22527: E_ALL & ~E_DEPRECATED & ~E_STRICT
# 22519: E_ALL & ~E_DEPRECATED & ~E_NOTICE & ~E_STRICT
#
# Keep TRAVIS_ERROR_LEVEL in sync with the value in vendor/oxid-esales/testing-library/base.php
#
env: TRAVIS_ERROR_LEVEL=32767 OX_BASE_PATH="$TRAVIS_BUILD_DIR/source/" OXID_ESHOP_CS_THRESHOLD=14

services: mysql

@@ -109,6 +109,16 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
- `\OxidEsales\EshopCommunity\Internal\Module\Setup\Event\BeforeModuleDeactivationEvent`
- `\OxidEsales\EshopCommunity\Internal\Module\Setup\Event\FinalizingModuleActivationEvent`
- `\OxidEsales\EshopCommunity\Internal\Module\Setup\Event\FinalizingModuleDeactivationEvent`
- Configuration options in `config.inc.php`
- `passwordHashingAlgorithm` with default value: PASSWORD_BCRYPT
- `passwordHashingBcryptCost` with default value: 10
- `passwordHashingArgon2MemoryCost` with default value: 1024;
- `passwordHashingArgon2TimeCost` with default value: 2;
- `passwordHashingArgon2Threads` with default value: 2;
- Interface:
- `\OxidEsales\EshopCommunity\Internal\Password\Bridge\PasswordServiceBridgeInterface`
- Constants
- `\OxidEsales\EshopCommunity\Application\Model\User::USER_COOKIE_SALT`
### Changed
- category_main form layout improvements [PR-585](https://github.com/OXID-eSales/oxideshop_ce/pull/585)
@@ -117,19 +127,34 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
- Make adding template blocks more fast andn reliable [PR-580](https://github.com/OXID-eSales/oxideshop_ce/pull/580)
- Support PHP 7.2
- Modules will not be disabled on class loading errors anymore, Error is just logged [PR-661](https://github.com/OXID-eSales/oxideshop_ce/pull/661)
- Backwards compatibility break: `\OxidEsales\EshopCommunity\Application\Model\User::_dbLogin` will only called until the user successfully logs in the
first time. Afterwards the password hash will have been recreated and a new authentication mechanism will be used. This
breaks backwards compatibility for modules, which directly override `_dbLogin` or one of the methods in the call stack.
### Removed
- Removed old not used blAutoSearchOnCat option from shop_config tab [PR-654](https://github.com/OXID-eSales/oxideshop_ce/pull/654)
- Removed unnecessary class imports [PR-667](https://github.com/OXID-eSales/oxideshop_ce/pull/667)
- Removed deprecated `\OxidEsales\EshopCommunity\Core\Email::$Version` use `\PHPMailer\PHPMailer\PHPMailer::VERSION` instead
- The value for the password salt will not be stored in the database column `oxuser.OXPASSSALT` anymore, but in the password hash itself
### Deprecated
- `\OxidEsales\EshopCommunity\Application\Model\User::_dbLogin` will no longer be needed and removed completely
- `\OxidEsales\EshopCommunity\Application\Model\User::_getLoginQuery` will no longer be needed and removed completely
- `\OxidEsales\EshopCommunity\Application\Model\User::_getLoginQueryHashedWithMD5` will no longer be needed and removed completely
- `\OxidEsales\EshopCommunity\Application\Model\User::encodePassword` will no longer be needed and removed completely. Use `PasswordServiceBridgeInterface` instead
- `\OxidEsales\EshopCommunity\Application\Model\User::formQueryPartForMD5Password` will no longer be needed and removed completely
- `\OxidEsales\EshopCommunity\Application\Model\User::formQueryPartForSha512Password` will no longer be needed and removed completely
- `\OxidEsales\EshopCommunity\Core\Base::setConfig`
- `\OxidEsales\EshopCommunity\Core\Base::getConfig`
- `\OxidEsales\EshopCommunity\Core\Email::$_oConfig`
- `\OxidEsales\EshopCommunity\Core\Email::setConfig`
- `\OxidEsales\EshopCommunity\Core\Email::getConfig`
- `blDoNotDisableModuleOnError` config option
- `\OxidEsales\EshopCommunity\Core\OpenSSLFunctionalityChecker` will no longer be needed and removed completely
- `\OxidEsales\EshopCommunity\Core\Hasher` will no longer be needed and removed completely
- `\OxidEsales\EshopCommunity\Core\PasswordHasher` will no longer be needed and removed completely. Use `PasswordServiceBridgeInterface` instead
- `\OxidEsales\EshopCommunity\Core\PasswordSaltGenerator` will no longer be needed and removed completely
- `\OxidEsales\EshopCommunity\Core\Sha512Hasher` will no longer be needed and removed completely
## [6.3.3] - Unreleased
@@ -6,6 +6,7 @@
namespace OxidEsales\EshopCommunity\Application\Controller\Admin;
use OxidEsales\Eshop\Core\Exception\UserException;
use OxidEsales\Eshop\Core\ShopVersion;
/**
@@ -101,13 +102,18 @@ public function checklogin()
/** @var \OxidEsales\Eshop\Application\Model\User $oUser */
$oUser = oxNew(\OxidEsales\Eshop\Application\Model\User::class);
$oUser->login($sUser, $sPass);
if ($oUser->oxuser__oxrights->value === 'user') {
throw oxNew(UserException::class, 'ERROR_MESSAGE_USER_NOVALIDLOGIN');
}
$iSubshop = (int) $oUser->oxuser__oxrights->value;
if ($iSubshop) {
\OxidEsales\Eshop\Core\Registry::getSession()->setVariable("shp", $iSubshop);
\OxidEsales\Eshop\Core\Registry::getSession()->setVariable('currentadminshop', $iSubshop);
\OxidEsales\Eshop\Core\Registry::getConfig()->setShopId($iSubshop);
}
} catch (\OxidEsales\Eshop\Core\Exception\UserException $oEx) {
} catch (UserException $oEx) {
$myUtilsView->addErrorToDisplay('LOGIN_ERROR');
$oStr = getStr();
$this->addTplParam('user', $oStr->htmlspecialchars($sUser));
@@ -7,13 +7,10 @@
namespace OxidEsales\EshopCommunity\Application\Model;
use Exception;
use oxDb;
use oxField;
use OxidEsales\Eshop\Core\Field;
use OxidEsales\Eshop\Core\Registry;
use oxList;
use oxPrice;
use oxRegistry;
use oxSeoEncoderArticle;
// defining supported link types
define('OXARTICLE_LINKTYPE_CATEGORY', 0);
@@ -1169,7 +1166,9 @@ public function hasSortingFieldsChanged()
$blChanged = false;
foreach ($aSortingFields as $sField) {
$sParameterName = 'oxarticles__' . $sField;
if ($this->$sParameterName->value !== $this->_aSortingFieldsOnLoad[$sParameterName]) {
$currentValueOfField = $this->$sParameterName instanceof Field ? $this->$sParameterName->value : '';
$valueOfFieldOnLoad = $this->_aSortingFieldsOnLoad[$sParameterName] ?? null;
if ($valueOfFieldOnLoad !== $currentValueOfField) {
$blChanged = true;
break;
}
@@ -2372,7 +2371,7 @@ public function onChange($action = null, $articleId = null, $parentArticleId = n
if (!isset($articleId)) {
$articleId = $this->oxarticles__oxid->value;
}
if ($this->oxarticles__oxparentid->value) {
if ($this->oxarticles__oxparentid && $this->oxarticles__oxparentid->value) {
$parentArticleId = $this->oxarticles__oxparentid->value;
}
}
@@ -2508,7 +2507,7 @@ public function getLongDescription()
if ($sDbValue != false) {
$this->_oLongDesc->setValue($sDbValue, \OxidEsales\Eshop\Core\Field::T_RAW);
} elseif ($this->oxarticles__oxparentid->value) {
} elseif ($this->oxarticles__oxparentid && $this->oxarticles__oxparentid->value) {
if (!$this->isAdmin() || $this->_blLoadParentData) {
$oParent = $this->getParentArticle();
if ($oParent) {
@@ -3126,7 +3125,7 @@ public function applyDiscountsForVariant($oPrice)
*/
public function getParentArticle()
{
if (($sParentId = $this->oxarticles__oxparentid->value)) {
if ($this->oxarticles__oxparentid && ($sParentId = $this->oxarticles__oxparentid->value)) {
$sIndex = $sParentId . "_" . $this->getLanguage();
if (!isset(self::$_aLoadedParents[$sIndex])) {
self::$_aLoadedParents[$sIndex] = oxNew(\OxidEsales\Eshop\Application\Model\Article::class);
@@ -3182,7 +3181,7 @@ public function getProductId()
*/
public function getParentId()
{
return $this->oxarticles__oxparentid->value;
return $this->oxarticles__oxparentid instanceof Field ? $this->oxarticles__oxparentid->value : '';
}
/**
@@ -3200,9 +3199,14 @@ public function isOrderArticle()
*
* @return bool
*/
public function isVariant()
public function isVariant(): bool
{
return (bool) (isset($this->oxarticles__oxparentid) ? $this->oxarticles__oxparentid->value : false);
$isVariant = false;
if (isset($this->oxarticles__oxparentid) && false !== $this->oxarticles__oxparentid) {
$isVariant = (bool) $this->oxarticles__oxparentid->value;
}
return $isVariant;
}
/**
@@ -4693,7 +4697,7 @@ protected function _setVarMinMaxPrice($sParentId)
WHERE ' . $this->getSqlActiveSnippet(true) . '
AND ( `oxarticles`.`oxparentid` = ' . $database->quote($sParentId) . ' )';
$aPrices = $database->getRow($sQ);
if (!is_null($aPrices['varminprice']) || !is_null($aPrices['varmaxprice'])) {
if (isset($aPrices['varminprice'], $aPrices['varmaxprice'])) {
$sQ = '
UPDATE `oxarticles`
SET
@@ -146,7 +146,7 @@ public function loadList($sType, $aIds, $blLoadEmpty = false, $iLoadInLang = nul
*/
public function getObjectType()
{
return $this->oxreviews__oxtype->value;
return is_object($this->oxreviews__oxtype) ? $this->oxreviews__oxtype->value : $this->oxreviews__oxtype;
}
/**
@@ -156,7 +156,7 @@ public function getObjectType()
*/
public function getObjectId()
{
return $this->oxreviews__oxobjectid->value;
return is_object($this->oxreviews__oxobjectid) ? $this->oxreviews__oxobjectid->value : $this->oxreviews__oxobjectid;
}
/**
Oops, something went wrong.

0 comments on commit a9a51aa

Please sign in to comment.
You can’t perform that action at this time.