Check for Argon2 support before using constant PASSWORD_ARGON2X #1228
Conversation
|
The API in EmailAccounts.add() uses the setting So, most likely a hash-algorithm is/was set which became unavailable. |
|
Here's a more "systemwide"-safe solution: diff --git a/lib/Froxlor/Settings.php b/lib/Froxlor/Settings.php
index dad81814..056ed8ed 100644
--- a/lib/Froxlor/Settings.php
+++ b/lib/Froxlor/Settings.php
@@ -26,6 +26,7 @@
namespace Froxlor;
use Froxlor\Database\Database;
+use Froxlor\System\Crypt;
use PDO;
use PDOStatement;
@@ -159,7 +160,17 @@ class Settings
$result = null;
if (isset(self::$data[$sstr[0]][$sstr[1]])) {
$result = self::$data[$sstr[0]][$sstr[1]];
+
+ // if password-crypt-func is requested, check whether it's (still) available
+ if ($sstr[0] == 'system' && $sstr[1] == 'passwordcryptfunc') {
+ $available_hashes = Crypt::getAvailablePasswordHashes();
+ if (!array_key_exists($result, $available_hashes)) {
+ $result = PASSWORD_DEFAULT;
+ self::Set('system.passwordcryptfunc', $result);
+ }
+ }
}
+
return $result;
} |
|
The problem is that the PHP version used doesn't support Argon2. If Argon2 is unsupported the constants |
|
Yes, you're right. Totally missed that part - your fix seems exactly what is needed |
Description
Adding a new mail account on a system without PHP Argon2X support an exception will be triggered.
-> Check if Argon2X is supported in PHP (==constant is defined) before using it.
Type of change
How Has This Been Tested?
Adding a mail account on a system without PHP Argon2X support was possible after patch