mergre current develop

Author: mlojewski-me

CHANGELOG.md

@@ -4,6 +4,25 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## [Unreleased]
+### Added
+- Reverse active column option
+- Support for Nextcloud 16
+
+## [4.2.1] - 2018-12-22
+### Fixed
+- SQL error when same column names given in several tables
+
+## [4.2.0] - 2018-12-16
+### Added
+- Support for Nextcloud 15
+- Redmine, SHA-256, SHA-512 hash algorithms
+### Fixed
+- Loading user list when display name is null
+- Hide "password change form" when "Allow password change" not set
+### Changed
+- Append salt only when checked. Not by default
+
 ## [4.1.0] - 2018-10-28
 ### Added
 - Whirlpool hash algorithm
@@ -98,6 +117,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Changed
 - Supported version of ownCloud, Nextcloud: ownCloud 10, Nextcloud 12
 
+[Unreleased]: https://github.com/nextcloud/user_sql/compare/v4.2.1...develop
+[4.2.1]: https://github.com/nextcloud/user_sql/compare/v4.2.0...v4.2.1
+[4.2.0]: https://github.com/nextcloud/user_sql/compare/v4.1.0...v4.2.0
 [4.1.0]: https://github.com/nextcloud/user_sql/compare/v4.0.1...v4.1.0
 [4.0.1]: https://github.com/nextcloud/user_sql/compare/v4.0.0...v4.0.1
 [4.0.0]: https://github.com/nextcloud/user_sql/compare/v4.0.0-rc2...v4.0.0

README.md

@@ -50,6 +50,7 @@ Name | Description | Details
 **Allow display name change** | With this option enabled user can change its display name. The display name change is propagated to the database. | Optional.<br/>Default: false.<br/>Requires: user *Display name* column.
 **Allow password change** | Can user change its password. The password change is propagated to the database. See [Hash algorithms](#hash-algorithms). | Optional.<br/>Default: false.
 **Case-insensitive username** | Whether user query should be case-sensitive or case-insensitive. | Optional.<br/>Default: false.
+**Reverse active column** | Reverse value of active column in user table. | Optional.<br/>Default: false.
 **Use cache** | Use database query results cache. The cache can be cleared any time with the *Clear cache* button click. | Optional.<br/>Default: false.
 **Hash algorithm** | How users passwords are stored in the database. See [Hash algorithms](#hash-algorithms). | Mandatory.
 **Email sync** | Sync e-mail address with the Nextcloud.<br/>- *None* - Disables this feature. This is the default option.<br/>- *Synchronise only once* - Copy the e-mail address to the Nextcloud preferences if its not set.<br/>- *Nextcloud always wins* - Always copy the e-mail address to the database. This updates the user table.<br/>- *SQL always wins* - Always copy the e-mail address to the Nextcloud preferences. | Optional.<br/>Default: *None*.<br/>Requires: user *Email* column.
@@ -73,7 +74,8 @@ Name | Description | Details
 **Active** | Flag indicating if user can log in. | Optional.<br/>Default: true.
 **Provide avatar** | Flag indicating if user can change its avatar. | Optional.<br/>Default: false.
 **Salt** | Salt which is appended to password when checking or changing the password. | Optional.
-**Prepend salt** | Prepend a salt to the password instead of appending it. | Optional.<br/>Default: false.
+**Append salt** | Append a salt to the password. | Optional.<br/>Default: false.
+**Prepend salt** | Prepend a salt to the password. | Optional.<br/>Default: false.
 
 #### Group table
 
@@ -119,7 +121,8 @@ CREATE TABLE sql_user
   home           TEXT        NULL,
   password       TEXT        NOT NULL,
   active         TINYINT(1)  NOT NULL DEFAULT '1',
-  provide_avatar BOOLEAN     NOT NULL DEFAULT FALSE
+  provide_avatar BOOLEAN     NOT NULL DEFAULT FALSE,
+  salt           TEXT        NULL
 );
 
 CREATE TABLE sql_group
@@ -195,15 +198,22 @@ Drupal 7 | See [phpass](http://www.openwall.com/phpass/). | $S$DC7eCpJQ3SUQtW4Bp
 Joomla MD5 Encryption | Generates 32 chars salt. | 14d21b49b0f13e2acba962b6b0039edd:haJK0yTvBXTNMh76xwEw5RYEVpJsN8us
 MD5 | No salt supported. | 5f4dcc3b5aa765d61d8327deb882cf99
 Portable PHP password | See [phpass](http://www.openwall.com/phpass/). | $P$BxrwraqNTi4as0EI.IpiA/K.muk9ke/
-SHA1 | No salt supported. | 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
-SHA512 Whirlpool | No salt supported. | a96b16ebb691dbe968b0d66d0d924cff5cf5de5e0885181d00761d87f295b2bf3d3c66187c050fc01c196ff3acaa48d3561ffd170413346e934a32280d632f2e
+Redmine | Requires salt. Salt value for hash in the next column is 'salt'. | 48b75edeffd8e413341d7734f0f3391e7a5da994 
+SHA-1 | No salt supported. | 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
+SHA-256 | No salt supported. | 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8
+SHA-512 | No salt supported. | b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86
+SHA-512 Whirlpool | No salt supported. | a96b16ebb691dbe968b0d66d0d924cff5cf5de5e0885181d00761d87f295b2bf3d3c66187c050fc01c196ff3acaa48d3561ffd170413346e934a32280d632f2e
 SSHA256 | Generates 32 chars salt. | {SSHA256}+WxTB3JxprNteeovsuSYtgI+UkVPA9lfwGoYkz3Ff7hjd1FSdmlTMkNsSExyR21KM3NvNTZ5V0p4WXJMUjFzUg==
 SSHA512 | Generates 32 chars salt. | {SSHA512}It+v1kAEUBbhMJYJ2swAtz+RLE6ispv/FB6G/ALhK/YWwEmrloY+0jzrWIfmu+rWUXp8u0Tg4jLXypC5oXAW00IyYnRVdEZJbE9wak96bkNRVWFCYmlJNWxrdTA0QmhL
 WoltLab Community Framework 2.x | Double salted bcrypt. | $2a$08$XEQDKNU/Vbootwxv5Gp7gujxFX/RUFsZLvQPYM435Dd3/p17fto02
 Whirlpool | | 74dfc2b27acfa364da55f93a5caee29ccad3557247eda238831b3e9bd931b01d77fe994e4f12b9d4cfa92a124461d2065197d8cf7f33fc88566da2db2a4d6eae
 
 ## Development
 
+#### Testing environment
+
+There is a [vagrant](https://github.com/mlojewski-me/user_sql-vagrant) box which you can use at development stage.
+
 #### New database driver support
 
 Add a new class in the `OCA\UserSQL\Platform` namespace which extends the `AbstractPlatform` class.

appinfo/info.xml

@@ -8,7 +8,7 @@
         Retrieve the users and groups info. Allow the users to change their passwords.
         Sync the users' email addresses with the addresses stored by Nextcloud.
     </description>
-    <version>4.1.0</version>
+    <version>4.3.0-dev</version>
     <licence>agpl</licence>
     <author>Marcin Łojewski</author>
     <author>Andreas Böhler</author>
@@ -22,7 +22,7 @@
     <category>auth</category>
     <dependencies>
         <php min-version="7.0"/>
-        <nextcloud min-version="14" max-version="14"/>
+        <nextcloud min-version="14" max-version="16"/>
     </dependencies>
     <settings>
         <admin>\OCA\UserSQL\Settings\Admin</admin>

lib/Backend/UserBackend.php

@@ -21,6 +21,7 @@
 
 namespace OCA\UserSQL\Backend;
 
+use OC\User\Backend;
 use OCA\UserSQL\Action\EmailSync;
 use OCA\UserSQL\Action\IUserAction;
 use OCA\UserSQL\Action\QuotaSync;
@@ -263,6 +264,10 @@ public function getDisplayName($uid): string
             return false;
         }
 
+        if (is_null($user->name)) {
+            return false;
+        }
+
         $name = $user->name;
         $this->logger->debug(
             "Returning getDisplayName($uid): $name",
@@ -302,7 +307,7 @@ public function checkPassword(string $uid, string $password)
         $password = $this->addSalt($user, $password);
 
         $isCorrect = $passwordAlgorithm->checkPassword(
-            $password, $user->password
+            $password, $user->password, $user->salt
         );
 
         if ($user->active == false) {
@@ -361,9 +366,9 @@ private function getPasswordAlgorithm()
     private function addSalt(User $user, string $password): string
     {
         if ($user->salt !== null) {
-            if (empty($this->properties[Opt::PREPEND_SALT])) {
+            if (!empty($this->properties[Opt::APPEND_SALT])) {
                 return $password . $user->salt;
-            } else {
+            } elseif (!empty($this->properties[Opt::PREPEND_SALT])) {
                 return $user->salt . $password;
             }
         }
@@ -389,7 +394,9 @@ public function getDisplayNames($search = "", $limit = null, $offset = null)
 
         $names = [];
         foreach ($users as $user) {
-            $names[$user] = $user->name;
+            if (!is_null($user->name)) {
+                $names[$user] = $user->name;
+            }
         }
 
         $this->logger->debug(
@@ -636,4 +643,16 @@ public function deleteUser($uid)
     {
         return false;
     }
+
+    /**
+     * @inheritdoc
+     */
+    public function implementsActions($actions): bool
+    {
+        if ($actions & Backend::SET_PASSWORD) {
+            return !empty($this->properties[Opt::PASSWORD_CHANGE]);
+        }
+
+        return parent::implementsActions($actions);
+    }
 }

lib/Constant/Opt.php

@@ -28,6 +28,7 @@
  */
 final class Opt
 {
+    const APPEND_SALT = "opt.append_salt";
     const CASE_INSENSITIVE_USERNAME = "opt.case_insensitive_username";
     const CRYPTO_CLASS = "opt.crypto_class";
     const EMAIL_SYNC = "opt.email_sync";
@@ -37,5 +38,6 @@ final class Opt
     const PASSWORD_CHANGE = "opt.password_change";
     const PREPEND_SALT = "opt.prepend_salt";
     const QUOTA_SYNC = "opt.quota_sync";
+    const REVERSE_ACTIVE = "opt.reverse_active";
     const USE_CACHE = "opt.use_cache";
 }

lib/Crypto/AbstractAlgorithm.php

@@ -65,15 +65,15 @@ protected abstract function getAlgorithmName();
     /**
      * @inheritdoc
      */
-    public function checkPassword($password, $dbHash)
+    public function checkPassword($password, $dbHash, $salt = null)
     {
-        return hash_equals($dbHash, $this->getPasswordHash($password));
+        return hash_equals($dbHash, $this->getPasswordHash($password, $salt));
     }
 
     /**
      * @inheritdoc
      */
-    public abstract function getPasswordHash($password);
+    public abstract function getPasswordHash($password, $salt = null);
 
     /**
      * @inheritdoc

lib/Crypto/AbstractCrypt.php

@@ -38,15 +38,15 @@ abstract class AbstractCrypt extends AbstractAlgorithm
     /**
      * @inheritdoc
      */
-    public function checkPassword($password, $dbHash)
+    public function checkPassword($password, $dbHash, $salt = null)
     {
         return hash_equals($dbHash, crypt($password, $dbHash));
     }
 
     /**
      * @inheritdoc
      */
-    public function getPasswordHash($password)
+    public function getPasswordHash($password, $salt = null)
     {
         return crypt($password, $this->getSalt());
     }

lib/Crypto/Cleartext.php

@@ -43,7 +43,7 @@ public function __construct(IL10N $localization)
     /**
      * @inheritdoc
      */
-    public function getPasswordHash($password)
+    public function getPasswordHash($password, $salt = null)
     {
         return $password;
     }

lib/Crypto/CourierMD5.php

@@ -43,7 +43,7 @@ public function __construct(IL10N $localization)
     /**
      * @inheritdoc
      */
-    public function getPasswordHash($password)
+    public function getPasswordHash($password, $salt = null)
     {
         return '{MD5}' . Utils::hexToBase64(md5($password));
     }

lib/Crypto/CourierMD5Raw.php

@@ -43,7 +43,7 @@ public function __construct(IL10N $localization)
     /**
      * @inheritdoc
      */
-    public function getPasswordHash($password)
+    public function getPasswordHash($password, $salt = null)
     {
         return '{MD5RAW}' . md5($password);
     }