diff --git a/src/app/CliTools/Console/Command/TYPO3/BeUserCommand.php b/src/app/CliTools/Console/Command/TYPO3/BeUserCommand.php index 4e045c3..d23c0a1 100644 --- a/src/app/CliTools/Console/Command/TYPO3/BeUserCommand.php +++ b/src/app/CliTools/Console/Command/TYPO3/BeUserCommand.php @@ -55,11 +55,10 @@ protected function configure() InputArgument::OPTIONAL, 'Password' ) - ->addOption( - 'plain', - null, - InputOption::VALUE_NONE, - 'Do not crypt password (non salted password)' + ->addArgument( + 'hash', + InputArgument::OPTIONAL, + 'Choose the hashing algorithm for saving the password: md5, md5_salted, bcrypt, argon2i, argon2id' ); } @@ -103,18 +102,12 @@ public function execute(InputInterface $input, OutputInterface $output) $output->writeln('

Using pass: "' . htmlspecialchars($password) . '"

'); // ################## - // Salting + // Password hashing // ################## - if ($input->getOption('plain')) { - // Standard md5 - $password = Typo3Utility::generatePassword($password, Typo3Utility::PASSWORD_TYPE_MD5); - $this->output->writeln('

Generating plain (non salted) md5 password

'); - } else { - // Salted md5 - $password = Typo3Utility::generatePassword($password, Typo3Utility::PASSWORD_TYPE_MD5_SALTED); - $this->output->writeln('

Generating salted md5 password

'); - } + $hash = $input->getArgument('hash'); + list($password, $hash) = Typo3Utility::generatePassword($password, $hash); + $this->output->writeln('

Generating password with "' . htmlspecialchars($hash) . '" hashing algorithm

'); // ############## // Loop through databases diff --git a/src/app/CliTools/Utility/Typo3Utility.php b/src/app/CliTools/Utility/Typo3Utility.php index 7e5da74..b964599 100644 --- a/src/app/CliTools/Utility/Typo3Utility.php +++ b/src/app/CliTools/Utility/Typo3Utility.php @@ -27,8 +27,11 @@ class Typo3Utility { - const PASSWORD_TYPE_MD5_SALTED = 'md5_salted'; const PASSWORD_TYPE_MD5 = 'md5'; + const PASSWORD_TYPE_MD5_SALTED = 'md5_salted'; + const PASSWORD_TYPE_BCRYPT = 'bcrypt'; + const PASSWORD_TYPE_ARGON2I = 'argon2i'; + const PASSWORD_TYPE_ARGON2ID = 'argon2id'; /** * Generate TYPO3 password @@ -42,15 +45,12 @@ public static function generatePassword($password, $type = null) { $ret = null; - if ($type === null) { - $type = self::PASSWORD_TYPE_MD5_SALTED; - } - switch ($type) { - // ############## - // Salted MD5 - // ############## + case self::PASSWORD_TYPE_MD5: + $ret = md5($password); + break; + case self::PASSWORD_TYPE_MD5_SALTED: // Salted md5 $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; @@ -58,15 +58,34 @@ public static function generatePassword($password, $type = null) $ret = crypt($password, $salt); break; - // ############## - // MD5 - // ############## - case self::PASSWORD_TYPE_MD5: - $ret = md5($password); + case self::PASSWORD_TYPE_BCRYPT: + $ret = password_hash($password, PASSWORD_BCRYPT); + break; + + case self::PASSWORD_TYPE_ARGON2I: + $ret = password_hash($password, PASSWORD_ARGON2I); + break; + + case self::PASSWORD_TYPE_ARGON2ID: + $ret = password_hash($password, PASSWORD_ARGON2ID); break; + + default: + $possibleAlgorithms = []; + # Commented out since TYPO3 9.5 doesn't support argon2id yet + #defined('PASSWORD_ARGON2ID') && $possibleAlgorithms[PASSWORD_ARGON2ID] = self::PASSWORD_TYPE_ARGON2ID; + defined('PASSWORD_ARGON2I') && $possibleAlgorithms[PASSWORD_ARGON2I] = self::PASSWORD_TYPE_ARGON2I; + defined('PASSWORD_BCRYPT') && $possibleAlgorithms[PASSWORD_BCRYPT] = self::PASSWORD_TYPE_BCRYPT; + + foreach ($possibleAlgorithms as $algorithm => $algorithmName) { + $hash = password_hash($password, $algorithm); + if ($hash !== false) { + return [$hash, $algorithmName]; + } + } } - return $ret; + return [$ret, $type]; }