Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

MDL-20934 'not cached' flag used in all auth plugins that do not need…

… the password
  • Loading branch information...
commit 9cd77bde8540671b29ba859bf787862b5c142f21 1 parent 68bbdf0
@skodak skodak authored
View
5 auth/cas/auth.php
@@ -60,6 +60,11 @@ function user_login ($username, $password) {
$this->connectCAS();
return phpCAS::isAuthenticated() && (trim(moodle_strtolower(phpCAS::getUser())) == $username);
}
+
+ function prevent_local_passwords() {
+ return true;
+ }
+
/**
* Returns true if this authentication plugin is 'internal'.
*
View
7 auth/db/auth.php
@@ -572,6 +572,13 @@ function validate_form(&$form, &$err) {
}
}
+ function prevent_local_passwords() {
+ if (!isset($this->config->passtype)) {
+ return false;
+ }
+ return ($this->config->passtype != 'internal');
+ }
+
/**
* Returns true if this authentication plugin is 'internal'.
*
View
4 auth/email/auth.php
@@ -132,6 +132,10 @@ function user_confirm($username, $confirmsecret) {
}
}
+ function prevent_local_passwords() {
+ return false;
+ }
+
/**
* Returns true if this authentication plugin is 'internal'.
*
View
4 auth/fc/auth.php
@@ -144,6 +144,10 @@ function iscreator($username) {
return false;
}
+ function prevent_local_passwords() {
+ return true;
+ }
+
/**
* Returns true if this authentication plugin is 'internal'.
*
View
4 auth/imap/auth.php
@@ -81,6 +81,10 @@ function user_login ($username, $password) {
return false; // No match
}
+ function prevent_local_passwords() {
+ return true;
+ }
+
/**
* Returns true if this authentication plugin is 'internal'.
*
View
4 auth/ldap/auth.php
@@ -1607,6 +1607,10 @@ function ldap_get_entries($conn, $searchresult) {
return ($fresult);
}
+ function prevent_local_passwords() {
+ return !empty($this->config->preventpassindb);
+ }
+
/**
* Returns true if this authentication plugin is 'internal'.
*
View
2  auth/ldap/config.html
@@ -16,7 +16,7 @@
if (!isset($config->opt_deref))
{ $config->opt_deref = LDAP_DEREF_NEVER; }
if (!isset($config->preventpassindb))
- { $config->preventpassindb = 0; }
+ { $config->preventpassindb = 1; }
if (!isset($config->bind_dn))
{$config->bind_dn = ''; }
if (!isset($config->bind_pw))
View
4 auth/manual/auth.php
@@ -62,6 +62,10 @@ function user_update_password($user, $newpassword) {
return update_internal_user_password($user, $newpassword);
}
+ function prevent_local_passwords() {
+ return false;
+ }
+
/**
* Returns true if this authentication plugin is 'internal'.
*
View
4 auth/mnet/auth.php
@@ -590,6 +590,10 @@ function update_enrolments($username, $courses) {
delete_records_select('mnet_enrol_assignments', $whereclause);
}
+ function prevent_local_passwords() {
+ return true;
+ }
+
/**
* Returns true if this authentication plugin is 'internal'.
*
View
4 auth/nntp/auth.php
@@ -64,6 +64,10 @@ function user_login ($username, $password) {
return false;
}
+ function prevent_local_passwords() {
+ return true;
+ }
+
/**
* Returns true if this authentication plugin is 'internal'.
*
View
5 auth/nologin/auth.php
@@ -46,6 +46,11 @@ function user_update_password($user, $newpassword) {
return false;
}
+ function prevent_local_passwords() {
+ // just in case, we do not want to loose the passwords
+ return false;
+ }
+
/**
* No external data sync.
*
View
4 auth/none/auth.php
@@ -62,6 +62,10 @@ function user_update_password($user, $newpassword) {
return update_internal_user_password($user, $newpassword);
}
+ function prevent_local_passwords() {
+ return false;
+ }
+
/**
* Returns true if this authentication plugin is 'internal'.
*
View
4 auth/pam/auth.php
@@ -77,6 +77,10 @@ function user_login ($username, $password) {
}
}
+ function prevent_local_passwords() {
+ return true;
+ }
+
/**
* Returns true if this authentication plugin is 'internal'.
*
View
4 auth/pop3/auth.php
@@ -81,6 +81,10 @@ function user_login($username, $password) {
return false; // No matches found
}
+ function prevent_local_passwords() {
+ return true;
+ }
+
/**
* Returns true if this authentication plugin is 'internal'.
*
View
4 auth/radius/auth.php
@@ -80,6 +80,10 @@ function user_login ($username, $password) {
$rauth->close();
}
+ function prevent_local_passwords() {
+ return true;
+ }
+
/**
* Returns true if this authentication plugin is 'internal'.
*
View
4 auth/shibboleth/auth.php
@@ -134,6 +134,10 @@ function get_attributes() {
return $moodleattributes;
}
+ function prevent_local_passwords() {
+ return true;
+ }
+
/**
* Returns true if this authentication plugin is 'internal'.
*
View
4 backup/restorelib.php
@@ -1702,7 +1702,7 @@ function restore_create_users($restore,$xml_file) {
if (!array_key_exists($user->auth, $authcache)) { // Not in cache
$userauth = new stdClass();
$authplugin = get_auth_plugin($user->auth);
- $userauth->preventpassindb = !empty($authplugin->config->preventpassindb);
+ $userauth->preventpassindb = $authplugin->prevent_local_passwords();
$userauth->isinternal = $authplugin->is_internal();
$userauth->canresetpwd = $authplugin->can_reset_password();
$authcache[$user->auth] = $userauth;
@@ -1710,7 +1710,7 @@ function restore_create_users($restore,$xml_file) {
$userauth = $authcache[$user->auth]; // Get from cache
}
- // Respect strange config in some (ldap) plugins. Isn't this a dupe of is_internal() ?
+ // Most external plugins do not store passwords locally
if (!empty($userauth->preventpassindb)) {
$user->password = 'not cached';
View
9 lib/authlib.php
@@ -108,6 +108,15 @@ function is_internal() {
}
/**
+ * Indicates if password hashes should be stored in local moodle database.
+ * @return bool true means md5 password hash stored in user table, false means flag 'not_cached' stored there instead
+ */
+ function prevent_local_passwords() {
+ // NOTE: this will be changed to true in 2.0
+ return false;
+ }
+
+ /**
* Updates the user's password. In previous versions of Moodle, the function
* auth_user_update_password accepted a username as the first parameter. The
* revised function expects a user object.
View
15 lib/db/upgrade.php
@@ -846,6 +846,21 @@ function xmldb_main_upgrade($oldversion=0) {
unset($adminusers);
}
+ if ($result && $oldversion < 2007021599.16) {
+ // NOTE: this is quite hacky, but anyway it should work fine in 1.9,
+ // in 2.0 we should always use plugin upgrade code for things like this
+
+ $authsavailable = get_list_of_plugins('auth');
+ foreach($authsavailable as $authname) {
+ if (!$auth = get_auth_plugin($authname)) {
+ continue;
+ }
+ if ($auth->prevent_local_passwords()) {
+ execute_sql("UPDATE {$CFG->prefix}user SET password='not cached' WHERE auth='$authname'");
+ }
+ }
+ }
+
return $result;
}
View
2  lib/moodlelib.php
@@ -2904,7 +2904,7 @@ function update_internal_user_password(&$user, $password) {
global $CFG;
$authplugin = get_auth_plugin($user->auth);
- if (!empty($authplugin->config->preventpassindb)) {
+ if ($authplugin->prevent_local_passwords()) {
$hashedpassword = 'not cached';
} else {
$hashedpassword = hash_internal_user_password($password);
View
2  version.php
@@ -6,7 +6,7 @@
// This is compared against the values stored in the database to determine
// whether upgrades should be performed (see lib/db/*.php)
- $version = 2007021599.15; // YYYYMMDD = date of the 1.8 branch (don't change)
+ $version = 2007021599.16; // YYYYMMDD = date of the 1.8 branch (don't change)
// 99 = we reached a .10 release! (don't change)
// .XX = release number 1.8.[10,11,12,..]
Please sign in to comment.
Something went wrong with that request. Please try again.