SaltedPasswordsUtility.php

Go to the documentation of this file.

<?php
namespace TYPO3\CMS\Saltedpasswords\Utility;

/*
 * This file is part of the TYPO3 CMS project.
 *
 * It is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License, either version 2
 * of the License, or any later version.
 *
 * For the full copyright and license information, please read the
 * LICENSE.txt file that was distributed with this source code.
 *
 * The TYPO3 project - inspiring people to share!
 */

use TYPO3\CMS\Core\Database\ConnectionPool;
use TYPO3\CMS\Core\Utility\GeneralUtility;

class SaltedPasswordsUtility
{
    const EXTKEY = 'saltedpasswords';

    public static function getNumberOfBackendUsersWithInsecurePassword()
    {
        $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('be_users');
        $queryBuilder->getRestrictions()->removeAll();

        $userCount = $queryBuilder
            ->count('*')
            ->from('be_users')
            ->where(
                $queryBuilder->expr()->neq('password', $queryBuilder->createNamedParameter('', \PDO::PARAM_STR)),
                $queryBuilder->expr()->notLike('password', $queryBuilder->createNamedParameter('$%', \PDO::PARAM_STR)),
                $queryBuilder->expr()->notLike('password', $queryBuilder->createNamedParameter('M$%', \PDO::PARAM_STR))
            )
            ->execute()
            ->fetchColumn();

        return $userCount;
    }

    public static function returnExtConf($mode = TYPO3_MODE)
    {
        $currentConfiguration = self::returnExtConfDefaults();
        if (isset($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords'])) {
            $extensionConfiguration = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords'], ['allowed_classes' => false]);
            // Merge default configuration with modified configuration:
            if (isset($extensionConfiguration[$mode . '.'])) {
                $currentConfiguration = array_merge($currentConfiguration, $extensionConfiguration[$mode . '.']);
            }
        }
        return $currentConfiguration;
    }

    public function feloginForgotPasswordHook(array &$params, \TYPO3\CMS\Felogin\Controller\FrontendLoginController $pObj)
    {
        if (self::isUsageEnabled('FE')) {
            $objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance();
            $params['newPassword'] = $objInstanceSaltedPW->getHashedPassword($params['newPassword']);
        }
    }

    public static function returnExtConfDefaults()
    {
        return [
            'onlyAuthService' => '0',
            'forceSalted' => '0',
            'updatePasswd' => '1',
            'saltedPWHashingMethod' => \TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::class,
            'enabled' => '1'
        ];
    }

    public static function getDefaultSaltingHashingMethod($mode = TYPO3_MODE)
    {
        $extConf = self::returnExtConf($mode);
        $classNameToUse = \TYPO3\CMS\Saltedpasswords\Salt\Md5Salt::class;
        if (in_array($extConf['saltedPWHashingMethod'], array_keys(\TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getRegisteredSaltedHashingMethods()))) {
            $classNameToUse = $extConf['saltedPWHashingMethod'];
        }
        return $classNameToUse;
    }

    public static function isUsageEnabled($mode = TYPO3_MODE)
    {
        // Login Security Level Recognition
        $extConf = self::returnExtConf($mode);
        $securityLevel = trim($GLOBALS['TYPO3_CONF_VARS'][$mode]['loginSecurityLevel']) ?: 'normal';
        if ($mode === 'BE') {
            return true;
        }
        if ($mode === 'FE' && $extConf['enabled']) {
            return $securityLevel === 'normal' || $securityLevel === 'rsa';
        }
        return false;
    }
}