Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[TASK] Add informational upgrade wizard for argon2i
This adds a dummy wizard to remind admins during upgrade to check the live system for argon2i support if the local instance uses it, or to select a different hash algorithm. Having this wizard gives this information to admins early in the upgrade phase, so they have time to check the live system or to select a different mechanism before too many passwords have been upgraded. Resolves: #86402 Releases: master Change-Id: I2b1f75ecf079dc2e29d2675dda558c79b67f77e0 Reviewed-on: https://review.typo3.org/58411 Tested-by: TYPO3com <no-reply@typo3.com> Reviewed-by: Susanne Moog <susanne.moog@typo3.org> Tested-by: Susanne Moog <susanne.moog@typo3.org> Reviewed-by: Frank Naegler <frank.naegler@typo3.org> Tested-by: Frank Naegler <frank.naegler@typo3.org>
- Loading branch information
Showing
5 changed files
with
220 additions
and
35 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
115 changes: 115 additions & 0 deletions
115
typo3/sysext/install/Classes/Updates/Argon2iPasswordHashes.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,115 @@ | ||
<?php | ||
declare(strict_types = 1); | ||
|
||
namespace TYPO3\CMS\Install\Updates; | ||
|
||
/* | ||
* This file is part of the TYPO3 CMS project. | ||
* | ||
* It is free software; you can redistribute it and/or modify it under | ||
* the terms of the GNU General Public License, either version 2 | ||
* of the License, or any later version. | ||
* | ||
* For the full copyright and license information, please read the | ||
* LICENSE.txt file that was distributed with this source code. | ||
* | ||
* The TYPO3 project - inspiring people to share! | ||
*/ | ||
|
||
use TYPO3\CMS\Core\Crypto\PasswordHashing\Argon2iPasswordHash; | ||
use TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashFactory; | ||
use TYPO3\CMS\Core\Utility\GeneralUtility; | ||
|
||
/** | ||
* Informational upgrade wizard to remind upgrading instances | ||
* may have to verify argon2i is available on the live servers | ||
*/ | ||
class Argon2iPasswordHashes implements UpgradeWizardInterface, ConfirmableInterface | ||
{ | ||
protected $confirmation; | ||
|
||
public function __construct() | ||
{ | ||
$this->confirmation = new Confirmation( | ||
'Please make sure to read the following carefully:', | ||
$this->getDescription(), | ||
false, | ||
'Yes, I understand!', | ||
'', | ||
true | ||
); | ||
} | ||
|
||
/** | ||
* @return string Unique identifier of this updater | ||
*/ | ||
public function getIdentifier(): string | ||
{ | ||
return 'argon2iPasswordHashes'; | ||
} | ||
|
||
/** | ||
* @return string Title of this updater | ||
*/ | ||
public function getTitle(): string | ||
{ | ||
return 'Reminder to verify live system supports argon2i'; | ||
} | ||
|
||
/** | ||
* @return string Longer description of this updater | ||
*/ | ||
public function getDescription(): string | ||
{ | ||
return 'TYPO3 uses the modern hash mechanism "argon2i" on this system. Existing passwords' | ||
. ' will be automatically upgraded to this mechanism upon user login. If this instance' | ||
. ' is later deployed to a different system, make sure the system does support argon2i' | ||
. ' too, otherwise logins will fail. If that is not possible, select a different hash' | ||
. ' algorithm in Setting > Presets > Password hashing settings and make sure no user' | ||
. ' has been upgraded yet. This upgrade wizard exists only to inform you, it does not' | ||
. ' change the system'; | ||
} | ||
|
||
/** | ||
* Checks whether updates are required. | ||
* | ||
* @return bool Whether an update is required (TRUE) or not (FALSE) | ||
*/ | ||
public function updateNecessary(): bool | ||
{ | ||
$passwordHashFactory = GeneralUtility::makeInstance(PasswordHashFactory::class); | ||
$feHash = $passwordHashFactory->getDefaultHashInstance('BE'); | ||
$beHash = $passwordHashFactory->getDefaultHashInstance('FE'); | ||
return $feHash instanceof Argon2iPasswordHash || $beHash instanceof Argon2iPasswordHash; | ||
} | ||
|
||
/** | ||
* @return string[] All new fields and tables must exist | ||
*/ | ||
public function getPrerequisites(): array | ||
{ | ||
return [ | ||
DatabaseUpdatedPrerequisite::class, | ||
]; | ||
} | ||
|
||
/** | ||
* This upgrade wizard has informational character only, it does not perform actions. | ||
* | ||
* @return bool Whether everything went smoothly or not | ||
*/ | ||
public function executeUpdate(): bool | ||
{ | ||
return true; | ||
} | ||
|
||
/** | ||
* Return a confirmation message instance | ||
* | ||
* @return \TYPO3\CMS\Install\Updates\Confirmation | ||
*/ | ||
public function getConfirmation(): Confirmation | ||
{ | ||
return $this->confirmation; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters