webdevops · kitzberger · Jun 20, 2019 · Dec 15, 2019
diff --git a/src/app/CliTools/Console/Command/TYPO3/BeUserCommand.php b/src/app/CliTools/Console/Command/TYPO3/BeUserCommand.php
@@ -55,11 +55,10 @@ protected function configure()
                  InputArgument::OPTIONAL,
                  'Password'
              )
-             ->addOption(
-                 'plain',
-                 null,
-                 InputOption::VALUE_NONE,
-                 'Do not crypt password (non salted password)'
+             ->addArgument(
+                 'hash',
+                 InputArgument::OPTIONAL,
+                 'Choose the hashing algorithm for saving the password: md5, md5_salted, bcrypt, argon2i, argon2id'
              );
     }
 
@@ -103,18 +102,12 @@ public function execute(InputInterface $input, OutputInterface $output)
         $output->writeln('<p>Using pass: "' . htmlspecialchars($password) . '"</p>');
 
         // ##################
-        // Salting
+        // Password hashing
         // ##################
 
-        if ($input->getOption('plain')) {
-            // Standard md5
-            $password = Typo3Utility::generatePassword($password, Typo3Utility::PASSWORD_TYPE_MD5);
-            $this->output->writeln('<p>Generating plain (non salted) md5 password</p>');
-        } else {
-            // Salted md5
-            $password = Typo3Utility::generatePassword($password, Typo3Utility::PASSWORD_TYPE_MD5_SALTED);
-            $this->output->writeln('<p>Generating salted md5 password</p>');
-        }
+        $hash = $input->getArgument('hash');
+        list($password, $hash) = Typo3Utility::generatePassword($password, $hash);
+        $this->output->writeln('<p>Generating password with "' . htmlspecialchars($hash) . '" hashing algorithm</p>');
 
         // ##############
         // Loop through databases

diff --git a/src/app/CliTools/Utility/Typo3Utility.php b/src/app/CliTools/Utility/Typo3Utility.php
@@ -27,8 +27,11 @@
 class Typo3Utility
 {
 
-    const PASSWORD_TYPE_MD5_SALTED = 'md5_salted';
     const PASSWORD_TYPE_MD5        = 'md5';
+    const PASSWORD_TYPE_MD5_SALTED = 'md5_salted';
+    const PASSWORD_TYPE_BCRYPT     = 'bcrypt';
+    const PASSWORD_TYPE_ARGON2I    = 'argon2i';
+    const PASSWORD_TYPE_ARGON2ID   = 'argon2id';
 
     /**
      * Generate TYPO3 password
@@ -42,31 +45,47 @@ public static function generatePassword($password, $type = null)
     {
         $ret = null;
 
-        if ($type === null) {
-            $type = self::PASSWORD_TYPE_MD5_SALTED;
-        }
-
         switch ($type) {
 
-            // ##############
-            // Salted MD5
-            // ##############
+            case self::PASSWORD_TYPE_MD5:
+                $ret = md5($password);
+                break;
+
             case self::PASSWORD_TYPE_MD5_SALTED:
                 // Salted md5
                 $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
                 $salt  = '$1$' . substr(str_shuffle($chars), 0, 6) . '$';
                 $ret   = crypt($password, $salt);
                 break;
 
-            // ##############
-            // MD5
-            // ##############
-            case self::PASSWORD_TYPE_MD5:
-                $ret = md5($password);
+            case self::PASSWORD_TYPE_BCRYPT:
+                $ret = password_hash($password, PASSWORD_BCRYPT);
+                break;
+
+            case self::PASSWORD_TYPE_ARGON2I:
+                $ret = password_hash($password, PASSWORD_ARGON2I);
+                break;
+
+            case self::PASSWORD_TYPE_ARGON2ID:
+                $ret = password_hash($password, PASSWORD_ARGON2ID);
                 break;
+
+            default:
+                $possibleAlgorithms = [];
+                # Commented out since TYPO3 9.5 doesn't support argon2id yet
+                #defined('PASSWORD_ARGON2ID') && $possibleAlgorithms[PASSWORD_ARGON2ID] = self::PASSWORD_TYPE_ARGON2ID;
+                defined('PASSWORD_ARGON2I')  && $possibleAlgorithms[PASSWORD_ARGON2I]  = self::PASSWORD_TYPE_ARGON2I;
+                defined('PASSWORD_BCRYPT')   && $possibleAlgorithms[PASSWORD_BCRYPT]   = self::PASSWORD_TYPE_BCRYPT;
+
+                foreach ($possibleAlgorithms as $algorithm => $algorithmName) {
+                    $hash = password_hash($password, $algorithm);
+                    if ($hash !== false) {
+                        return [$hash, $algorithmName];
+                    }
+                }
         }
 
-        return $ret;
+        return [$ret, $type];
     }