gnu-social/modules/AuthCrypt/AuthCryptModule.php

<?php
// This file is part of GNU social - https://www.gnu.org/software/social
//
// GNU social is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// GNU social is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with GNU social.  If not, see <http://www.gnu.org/licenses/>.

/**
 * Module to use crypt() for user password hashes
 *
 * @category  Module
 * @package   GNUsocial
 * @author    Mikael Nordfeldth <mmn@hethane.se>
 * @copyright 2012 StatusNet, Inc.
 * @copyright 2013 Free Software Foundation, Inc http://www.fsf.org
 * @license   https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
 */

defined('GNUSOCIAL') || die;

class AuthCryptModule extends AuthenticationModule
{
    const MODULE_VERSION = '2.0.0';
    protected $statusnet = true;     // if true, also check StatusNet style password hash
    protected $overwrite = true;     // if true, password change means overwrite with crypt()
    protected $argon     = false;    // Use Argon if supported.

    public $provider_name = 'crypt'; // not actually used

    // FUNCTIONALITY

    public function checkPassword($username, $password)
    {
        $username = Nickname::normalize($username);

        $user = User::getKV('nickname', $username);
        if (!($user instanceof User)) {
            return false;
        }

        // crypt understands what the salt part of $user->password is
        if ($user->password === crypt($password, $user->password)) {
            // and update password hash entry to password_hash() compatible
            if ($this->overwrite) {
                $this->changePassword($user->nickname, null, $password);
            }
            return $user;
        }

        // If we check StatusNet hash, for backwards compatibility and migration
        if ($this->statusnet && $user->password === md5($password . $user->id)) {
            // and update password hash entry to crypt() compatible
            if ($this->overwrite) {
                $this->changePassword($user->nickname, null, $password);
            }
            return $user;
        }

        // Timing safe password verification on supported PHP versions
        if (password_verify($password, $user->password)) {
            return $user;
        }

        return false;
    }

    // $oldpassword is already verified when calling this function... shouldn't this be private?!
    public function changePassword($username, $oldpassword, $newpassword)
    {
        $username = Nickname::normalize($username);

        if (!$this->overwrite) {
            return false;
        }

        $user = User::getKV('nickname', $username);
        if (empty($user)) {
            return false;
        }
        $original = clone $user;

        $user->password = $this->hashPassword($newpassword, $user->getProfile());

        return $user->validate() === true && $user->update($original);
    }

    public function hashPassword($password, ?Profile $profile = null)
    {
        $algorithm = PASSWORD_DEFAULT;
        $options = ['cost' => 12];

        if ($this->argon) {
            $algorithm = PASSWORD_ARGON2I;
            $options = [
                'memory_cost' => PASSWORD_ARGON2_DEFAULT_MEMORY_COST,
                'time_cost' => PASSWORD_ARGON2_DEFAULT_TIME_COST,
                'threads' => PASSWORD_ARGON2_DEFAULT_THREADS,
            ];
        }
        // Use the modern password hashing algorithm
        // http://php.net/manual/en/function.password-hash.php
        // Uses PASSWORD_BCRYPT by default, with PASSWORD_ARGON2I being the next possible default in future versions
        return password_hash($password, $algorithm, $options);
    }

    // EVENTS

    public function onStartChangePassword(Profile $target, $oldpassword, $newpassword)
    {
        if (!$this->checkPassword($target->getNickname(), $oldpassword)) {
            // if we ARE in overwrite mode, test password with common_check_user
            if (!$this->overwrite || !common_check_user($target->getNickname(), $oldpassword)) {
                // either we're not in overwrite mode, or the password was incorrect
                return !$this->authoritative;
            }
            // oldpassword was apparently ok
        }
        $changed = $this->changePassword($target->getNickname(), $oldpassword, $newpassword);

        return !$changed && empty($this->authoritative);
    }

    public function onStartCheckPassword($nickname, $password, &$authenticatedUser)
    {
        $authenticatedUser = $this->checkPassword($nickname, $password);
        // if we failed, only return false to stop plugin execution if we're authoritative
        return !($authenticatedUser instanceof User) && empty($this->authoritative);
    }

    public function onStartHashPassword(&$hashed, $password, ?Profile $profile = null)
    {
        $hashed = $this->hashPassword($password, $profile);
        return false;
    }

    public function onCheckSchema()
    {
        // we only use the User database, so default AuthenticationModule stuff can be ignored
        return true;
    }

    public function onUserDeleteRelated($user, &$tables)
    {
        // not using User_username table, so no need to add it here.
        return true;
    }

    public function onModuleVersion(array &$versions): bool
    {
        $versions[] = [
            'name' => 'AuthCrypt',
            'version' => self::MODULE_VERSION,
            'author' => 'Mikael Nordfeldth',
            'homepage' => GNUSOCIAL_ENGINE_REPO_URL . 'tree/master/plugins/AuthCrypt',
            'rawdescription' => // TRANS: Module description.
                _m('Authentication and password hashing with crypt()')
        ];
        return true;
    }
}
new plugin to check, store and migrate password hashes to crypt() 2012-08-08 14:51:54 +02:00			`<?php`
[AuthCrypt] Update README and fix formatting 2020-07-25 17:42:46 +01:00			`// This file is part of GNU social - https://www.gnu.org/software/social`
			`//`
			`// GNU social is free software: you can redistribute it and/or modify`
			`// it under the terms of the GNU Affero General Public License as published by`
			`// the Free Software Foundation, either version 3 of the License, or`
			`// (at your option) any later version.`
			`//`
			`// GNU social is distributed in the hope that it will be useful,`
			`// but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`// GNU Affero General Public License for more details.`
			`//`
			`// You should have received a copy of the GNU Affero General Public License`
			`// along with GNU social. If not, see <http://www.gnu.org/licenses/>.`

new plugin to check, store and migrate password hashes to crypt() 2012-08-08 14:51:54 +02:00			`/**`
[CORE] Plugin API now extends a new Module API 2019-08-12 15:03:30 +01:00			`* Module to use crypt() for user password hashes`
new plugin to check, store and migrate password hashes to crypt() 2012-08-08 14:51:54 +02:00			`*`
[CORE] Plugin API now extends a new Module API 2019-08-12 15:03:30 +01:00			`* @category Module`
AuthCrypt now tidied up and enabled by default. 2013-10-17 16:32:53 +02:00			`* @package GNUsocial`
new plugin to check, store and migrate password hashes to crypt() 2012-08-08 14:51:54 +02:00			`* @author Mikael Nordfeldth <mmn@hethane.se>`
			`* @copyright 2012 StatusNet, Inc.`
AuthCrypt now tidied up and enabled by default. 2013-10-17 16:32:53 +02:00			`* @copyright 2013 Free Software Foundation, Inc http://www.fsf.org`
[AuthCrypt] Update README and fix formatting 2020-07-25 17:42:46 +01:00			`* @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later`
new plugin to check, store and migrate password hashes to crypt() 2012-08-08 14:51:54 +02:00			`*/`

[AuthCrypt] Update README and fix formatting 2020-07-25 17:42:46 +01:00			`defined('GNUSOCIAL') \|\| die;`
new plugin to check, store and migrate password hashes to crypt() 2012-08-08 14:51:54 +02:00
[CORE] Plugin API now extends a new Module API 2019-08-12 15:03:30 +01:00			`class AuthCryptModule extends AuthenticationModule`
new plugin to check, store and migrate password hashes to crypt() 2012-08-08 14:51:54 +02:00			`{`
[MODULES] Fix VERSION constant to MODULE_VERSION in various modules 2019-10-30 23:52:14 +00:00			`const MODULE_VERSION = '2.0.0';`
[AuthCrypt] Update README and fix formatting 2020-07-25 17:42:46 +01:00			`protected $statusnet = true; // if true, also check StatusNet style password hash`
			`protected $overwrite = true; // if true, password change means overwrite with crypt()`
			`protected $argon = false; // Use Argon if supported.`
AuthCrypt now tidied up and enabled by default. 2013-10-17 16:32:53 +02:00
[AuthCrypt] Update README and fix formatting 2020-07-25 17:42:46 +01:00			`public $provider_name = 'crypt'; // not actually used`
new plugin to check, store and migrate password hashes to crypt() 2012-08-08 14:51:54 +02:00
[AuthCrypt] Update README and fix formatting 2020-07-25 17:42:46 +01:00			`// FUNCTIONALITY`
new plugin to check, store and migrate password hashes to crypt() 2012-08-08 14:51:54 +02:00
[AuthCrypt] Update README and fix formatting 2020-07-25 17:42:46 +01:00			`public function checkPassword($username, $password)`
AuthCrypt now tidied up and enabled by default. 2013-10-17 16:32:53 +02:00			`{`
Normalize username on AuthCrypt login Because users login with mixed casing and whatnot. 2015-02-26 00:45:17 +01:00			`$username = Nickname::normalize($username);`

AuthCrypt now tidied up and enabled by default. 2013-10-17 16:32:53 +02:00			`$user = User::getKV('nickname', $username);`
			`if (!($user instanceof User)) {`
			`return false;`
			`}`
new plugin to check, store and migrate password hashes to crypt() 2012-08-08 14:51:54 +02:00
Generate better salt for crypt() 2013-10-21 13:16:03 +02:00			`// crypt understands what the salt part of $user->password is`
AuthCrypt now tidied up and enabled by default. 2013-10-17 16:32:53 +02:00			`if ($user->password === crypt($password, $user->password)) {`
[CORE] Update AuthCryptPlugin Added password_hash() (bcrypt) support with fallback to crypt() for older PHP versions. 2018-03-11 19:28:24 -06:00			`// and update password hash entry to password_hash() compatible`
[CORE] Remove function_exists() calls and add up default bcrypt cost to 12. 2018-03-18 21:21:03 -06:00			`if ($this->overwrite) {`
[CORE] Update AuthCryptPlugin Added password_hash() (bcrypt) support with fallback to crypt() for older PHP versions. 2018-03-11 19:28:24 -06:00			`$this->changePassword($user->nickname, null, $password);`
			`}`
new plugin to check, store and migrate password hashes to crypt() 2012-08-08 14:51:54 +02:00			`return $user;`
			`}`
AuthCrypt now tidied up and enabled by default. 2013-10-17 16:32:53 +02:00
			`// If we check StatusNet hash, for backwards compatibility and migration`
			`if ($this->statusnet && $user->password === md5($password . $user->id)) {`
			`// and update password hash entry to crypt() compatible`
[CORE] Remove function_exists() calls and add up default bcrypt cost to 12. 2018-03-18 21:21:03 -06:00			`if ($this->overwrite) {`
AuthCrypt now tidied up and enabled by default. 2013-10-17 16:32:53 +02:00			`$this->changePassword($user->nickname, null, $password);`
			`}`
new plugin to check, store and migrate password hashes to crypt() 2012-08-08 14:51:54 +02:00			`return $user;`
			`}`

[CORE] Remove function_exists() calls and add up default bcrypt cost to 12. 2018-03-18 21:21:03 -06:00			`// Timing safe password verification on supported PHP versions`
			`if (password_verify($password, $user->password)) {`
			`return $user;`
			`}`

new plugin to check, store and migrate password hashes to crypt() 2012-08-08 14:51:54 +02:00			`return false;`
			`}`

			`// $oldpassword is already verified when calling this function... shouldn't this be private?!`
[AuthCrypt] Update README and fix formatting 2020-07-25 17:42:46 +01:00			`public function changePassword($username, $oldpassword, $newpassword)`
AuthCrypt now tidied up and enabled by default. 2013-10-17 16:32:53 +02:00			`{`
Normalize username on AuthCrypt login Because users login with mixed casing and whatnot. 2015-02-26 00:45:17 +01:00			`$username = Nickname::normalize($username);`

[AuthCrypt] Update README and fix formatting 2020-07-25 17:42:46 +01:00			`if (!$this->overwrite) {`
new plugin to check, store and migrate password hashes to crypt() 2012-08-08 14:51:54 +02:00			`return false;`
			`}`

The overloaded DB_DataObject function staticGet is now called getKV I used this hacky sed-command (run it from your GNU Social root, or change the first grep's path to where it actually lies) to do a rough fix on all ::staticGet calls and rename them to ::getKV sed -i -s -e '/DataObject::staticGet/I!s/::staticGet/::getKV/Ig' $(grep -R ::staticGet `pwd`/* \| grep -v -e '^extlib' \| grep -v DataObject:: \|grep -v "function staticGet"\|cut -d: -f1 \|sort \|uniq) If you're applying this, remember to change the Managed_DataObject and Memcached_DataObject function definitions of staticGet to getKV! This might of course take some getting used to, or modification fo StatusNet plugins, but the result is that all the static calls (to staticGet) are now properly made without breaking PHP Strict Standards. Standards are there to be followed (and they caused some very bad confusion when used with get_called_class) Reasonably any plugin or code that tests for the definition of 'GNUSOCIAL' or similar will take this change into consideration. 2013-08-18 13:04:58 +02:00			`$user = User::getKV('nickname', $username);`
new plugin to check, store and migrate password hashes to crypt() 2012-08-08 14:51:54 +02:00			`if (empty($user)) {`
			`return false;`
			`}`
[AuthCrypt] Update README and fix formatting 2020-07-25 17:42:46 +01:00			`$original = clone $user;`
new plugin to check, store and migrate password hashes to crypt() 2012-08-08 14:51:54 +02:00
AuthCrypt now tidied up and enabled by default. 2013-10-17 16:32:53 +02:00			`$user->password = $this->hashPassword($newpassword, $user->getProfile());`
new plugin to check, store and migrate password hashes to crypt() 2012-08-08 14:51:54 +02:00
[AuthCrypt] Update README and fix formatting 2020-07-25 17:42:46 +01:00			`return $user->validate() === true && $user->update($original);`
new plugin to check, store and migrate password hashes to crypt() 2012-08-08 14:51:54 +02:00			`}`

[AuthCrypt] Update README and fix formatting 2020-07-25 17:42:46 +01:00			`public function hashPassword($password, ?Profile $profile = null)`
AuthCrypt now tidied up and enabled by default. 2013-10-17 16:32:53 +02:00			`{`
[CORE] Remove function_exists() calls and add up default bcrypt cost to 12. 2018-03-18 21:21:03 -06:00			`$algorithm = PASSWORD_DEFAULT;`
			`$options = ['cost' => 12];`

[AuthCrypt] Update README and fix formatting 2020-07-25 17:42:46 +01:00			`if ($this->argon) {`
[CORE] Remove function_exists() calls and add up default bcrypt cost to 12. 2018-03-18 21:21:03 -06:00			`$algorithm = PASSWORD_ARGON2I;`
			`$options = [`
			`'memory_cost' => PASSWORD_ARGON2_DEFAULT_MEMORY_COST,`
			`'time_cost' => PASSWORD_ARGON2_DEFAULT_TIME_COST,`
[AuthCrypt] Update README and fix formatting 2020-07-25 17:42:46 +01:00			`'threads' => PASSWORD_ARGON2_DEFAULT_THREADS,`
[CORE] Remove function_exists() calls and add up default bcrypt cost to 12. 2018-03-18 21:21:03 -06:00			`];`
[CORE] Update AuthCryptPlugin Added password_hash() (bcrypt) support with fallback to crypt() for older PHP versions. 2018-03-11 19:28:24 -06:00			`}`
[CORE] Remove function_exists() calls and add up default bcrypt cost to 12. 2018-03-18 21:21:03 -06:00			`// Use the modern password hashing algorithm`
			`// http://php.net/manual/en/function.password-hash.php`
			`// Uses PASSWORD_BCRYPT by default, with PASSWORD_ARGON2I being the next possible default in future versions`
			`return password_hash($password, $algorithm, $options);`
AuthCrypt now tidied up and enabled by default. 2013-10-17 16:32:53 +02:00			`}`

[AuthCrypt] Update README and fix formatting 2020-07-25 17:42:46 +01:00			`// EVENTS`
new plugin to check, store and migrate password hashes to crypt() 2012-08-08 14:51:54 +02:00
PasswordsettingsAction aligned with FormAction Also made some changes in the password "munging" function call common_munge_password to accept a profile instead of user ID (which was only there because stoneage StatusNet used the ID to generate a not-very-random salt, but nowadays we primarily use AuthCrypt plugin). 2015-07-17 01:47:43 +02:00			`public function onStartChangePassword(Profile $target, $oldpassword, $newpassword)`
AuthCrypt now tidied up and enabled by default. 2013-10-17 16:32:53 +02:00			`{`
PasswordsettingsAction aligned with FormAction Also made some changes in the password "munging" function call common_munge_password to accept a profile instead of user ID (which was only there because stoneage StatusNet used the ID to generate a not-very-random salt, but nowadays we primarily use AuthCrypt plugin). 2015-07-17 01:47:43 +02:00			`if (!$this->checkPassword($target->getNickname(), $oldpassword)) {`
new plugin to check, store and migrate password hashes to crypt() 2012-08-08 14:51:54 +02:00			`// if we ARE in overwrite mode, test password with common_check_user`
PasswordsettingsAction aligned with FormAction Also made some changes in the password "munging" function call common_munge_password to accept a profile instead of user ID (which was only there because stoneage StatusNet used the ID to generate a not-very-random salt, but nowadays we primarily use AuthCrypt plugin). 2015-07-17 01:47:43 +02:00			`if (!$this->overwrite \|\| !common_check_user($target->getNickname(), $oldpassword)) {`
new plugin to check, store and migrate password hashes to crypt() 2012-08-08 14:51:54 +02:00			`// either we're not in overwrite mode, or the password was incorrect`
			`return !$this->authoritative;`
			`}`
			`// oldpassword was apparently ok`
			`}`
PasswordsettingsAction aligned with FormAction Also made some changes in the password "munging" function call common_munge_password to accept a profile instead of user ID (which was only there because stoneage StatusNet used the ID to generate a not-very-random salt, but nowadays we primarily use AuthCrypt plugin). 2015-07-17 01:47:43 +02:00			`$changed = $this->changePassword($target->getNickname(), $oldpassword, $newpassword);`
new plugin to check, store and migrate password hashes to crypt() 2012-08-08 14:51:54 +02:00
[AuthCrypt] Update README and fix formatting 2020-07-25 17:42:46 +01:00			`return !$changed && empty($this->authoritative);`
new plugin to check, store and migrate password hashes to crypt() 2012-08-08 14:51:54 +02:00			`}`

AuthCrypt now tidied up and enabled by default. 2013-10-17 16:32:53 +02:00			`public function onStartCheckPassword($nickname, $password, &$authenticatedUser)`
			`{`
new plugin to check, store and migrate password hashes to crypt() 2012-08-08 14:51:54 +02:00			`$authenticatedUser = $this->checkPassword($nickname, $password);`
AuthCrypt now tidied up and enabled by default. 2013-10-17 16:32:53 +02:00			`// if we failed, only return false to stop plugin execution if we're authoritative`
[AuthCrypt] Update README and fix formatting 2020-07-25 17:42:46 +01:00			`return !($authenticatedUser instanceof User) && empty($this->authoritative);`
new plugin to check, store and migrate password hashes to crypt() 2012-08-08 14:51:54 +02:00			`}`

[AuthCrypt] Update README and fix formatting 2020-07-25 17:42:46 +01:00			`public function onStartHashPassword(&$hashed, $password, ?Profile $profile = null)`
AuthCrypt now tidied up and enabled by default. 2013-10-17 16:32:53 +02:00			`{`
			`$hashed = $this->hashPassword($password, $profile);`
			`return false;`
			`}`

			`public function onCheckSchema()`
			`{`
[CORE] Plugin API now extends a new Module API 2019-08-12 15:03:30 +01:00			`// we only use the User database, so default AuthenticationModule stuff can be ignored`
new plugin to check, store and migrate password hashes to crypt() 2012-08-08 14:51:54 +02:00			`return true;`
			`}`

AuthCrypt now tidied up and enabled by default. 2013-10-17 16:32:53 +02:00			`public function onUserDeleteRelated($user, &$tables)`
			`{`
new plugin to check, store and migrate password hashes to crypt() 2012-08-08 14:51:54 +02:00			`// not using User_username table, so no need to add it here.`
			`return true;`
			`}`

[CORE] Plugin API now extends a new Module API 2019-08-12 15:03:30 +01:00			`public function onModuleVersion(array &$versions): bool`
new plugin to check, store and migrate password hashes to crypt() 2012-08-08 14:51:54 +02:00			`{`
[AuthCrypt] Update README and fix formatting 2020-07-25 17:42:46 +01:00			`$versions[] = [`
			`'name' => 'AuthCrypt',`
			`'version' => self::MODULE_VERSION,`
			`'author' => 'Mikael Nordfeldth',`
			`'homepage' => GNUSOCIAL_ENGINE_REPO_URL . 'tree/master/plugins/AuthCrypt',`
			`'rawdescription' => // TRANS: Module description.`
			`_m('Authentication and password hashing with crypt()')`
			`];`
new plugin to check, store and migrate password hashes to crypt() 2012-08-08 14:51:54 +02:00			`return true;`
			`}`
[CORE] Fix 'Array and string offset access syntax with curly braces is deprecated' in AuthCryptModule and DirectionDetectorPlugin 2020-05-04 10:42:13 +00:00			`}`