issue#77 Add support for remine password hashes

Author: mlojewski-me

CHANGELOG.md

@@ -7,10 +7,12 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ## [Unreleased]
 ### Added
 - Support for Nextcloud 15
-- SHA-256, SHA-512 hash algorithm
+- Redmine, SHA-256, SHA-512 hash algorithms
 ### Fixed
 - Loading user list when display name is null
 - Hide "password change form" when "Allow password change" not set
+### Changed
+- Append salt only when checked. Not by default
 
 ## [4.1.0] - 2018-10-28
 ### Added

README.md

@@ -73,7 +73,8 @@ Name | Description | Details
 **Active** | Flag indicating if user can log in. | Optional.<br/>Default: true.
 **Provide avatar** | Flag indicating if user can change its avatar. | Optional.<br/>Default: false.
 **Salt** | Salt which is appended to password when checking or changing the password. | Optional.
-**Prepend salt** | Prepend a salt to the password instead of appending it. | Optional.<br/>Default: false.
+**Append salt** | Append a salt to the password. | Optional.<br/>Default: false.
+**Prepend salt** | Prepend a salt to the password. | Optional.<br/>Default: false.
 
 #### Group table
 
@@ -196,6 +197,7 @@ Drupal 7 | See [phpass](http://www.openwall.com/phpass/). | $S$DC7eCpJQ3SUQtW4Bp
 Joomla MD5 Encryption | Generates 32 chars salt. | 14d21b49b0f13e2acba962b6b0039edd:haJK0yTvBXTNMh76xwEw5RYEVpJsN8us
 MD5 | No salt supported. | 5f4dcc3b5aa765d61d8327deb882cf99
 Portable PHP password | See [phpass](http://www.openwall.com/phpass/). | $P$BxrwraqNTi4as0EI.IpiA/K.muk9ke/
+Redmine | Requires salt. Salt value for hash in the next column is 'salt'. | 48b75edeffd8e413341d7734f0f3391e7a5da994 
 SHA-1 | No salt supported. | 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
 SHA-256 | No salt supported. | 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8
 SHA-512 | No salt supported. | b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86

lib/Backend/UserBackend.php

@@ -307,7 +307,7 @@ public function checkPassword(string $uid, string $password)
         $password = $this->addSalt($user, $password);
 
         $isCorrect = $passwordAlgorithm->checkPassword(
-            $password, $user->password
+            $password, $user->password, $user->salt
         );
 
         if ($user->active == false) {
@@ -366,9 +366,9 @@ private function getPasswordAlgorithm()
     private function addSalt(User $user, string $password): string
     {
         if ($user->salt !== null) {
-            if (empty($this->properties[Opt::PREPEND_SALT])) {
+            if (!empty($this->properties[Opt::APPEND_SALT])) {
                 return $password . $user->salt;
-            } else {
+            } elseif (!empty($this->properties[Opt::PREPEND_SALT])) {
                 return $user->salt . $password;
             }
         }

lib/Constant/Opt.php

@@ -28,6 +28,7 @@
  */
 final class Opt
 {
+    const APPEND_SALT = "opt.append_salt";
     const CASE_INSENSITIVE_USERNAME = "opt.case_insensitive_username";
     const CRYPTO_CLASS = "opt.crypto_class";
     const EMAIL_SYNC = "opt.email_sync";

lib/Crypto/Redmine.php

@@ -0,0 +1,50 @@
+<?php
+/**
+ * Nextcloud - user_sql
+ *
+ * @copyright 2018 Marcin Łojewski <dev@mlojewski.me>
+ * @author    Marcin Łojewski <dev@mlojewski.me>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace OCA\UserSQL\Crypto;
+
+/**
+ * Redmine MD5 hash implementation.
+ *
+ * @author Marcin Łojewski <dev@mlojewski.me>
+ */
+class Redmine extends AbstractAlgorithm
+{
+    /**
+     * @inheritdoc
+     */
+    public function getPasswordHash($password, $salt = null)
+    {
+        if (is_null($salt)) {
+            return false;
+        }
+
+        return sha1($salt . sha1($password));
+    }
+
+    /**
+     * @inheritdoc
+     */
+    protected function getAlgorithmName()
+    {
+        return "Redmine";
+    }
+}

templates/admin.php

@@ -153,6 +153,7 @@ function print_select_options(
                 print_text_input($l, "db-table-user-column-active", "Active", $_["db.table.user.column.active"]);
                 print_text_input($l, "db-table-user-column-avatar", "Provide avatar", $_["db.table.user.column.avatar"]);
                 print_text_input($l, "db-table-user-column-salt", "Salt", $_["db.table.user.column.salt"]);
+                print_checkbox_input($l, "opt-append_salt", "Append salt", $_["opt.append_salt"]);
                 print_checkbox_input($l, "opt-prepend_salt", "Prepend salt", $_["opt.prepend_salt"]); ?>
             </fieldset>
         </div>

tests/Crypto/PhpassTest.php

@@ -27,7 +27,7 @@
 use Test\TestCase;
 
 /**
- * Unit tests for class <code>PhpassTest</code>.
+ * Unit tests for class <code>Phpass</code>.
  *
  * @author Marcin Łojewski <dev@mlojewski.me>
  */

tests/Crypto/RedmineTest.php

@@ -0,0 +1,61 @@
+<?php
+/**
+ * Nextcloud - user_sql
+ *
+ * @copyright 2018 Marcin Łojewski <dev@mlojewski.me>
+ * @author    Marcin Łojewski <dev@mlojewski.me>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace Tests\UserSQL\Crypto;
+
+use OCA\UserSQL\Crypto\IPasswordAlgorithm;
+use OCA\UserSQL\Crypto\Redmine;
+use OCP\IL10N;
+use Test\TestCase;
+
+/**
+ * Unit tests for class <code>Redmine</code>.
+ *
+ * @author Marcin Łojewski <dev@mlojewski.me>
+ */
+class RedmineTest extends TestCase
+{
+    /**
+     * @var IPasswordAlgorithm
+     */
+    private $crypto;
+
+    public function testCheckPassword()
+    {
+        $this->assertTrue(
+            $this->crypto->checkPassword(
+                "password", "48b75edeffd8e413341d7734f0f3391e7a5da994", "salt"
+            )
+        );
+    }
+
+    public function testPasswordHash()
+    {
+        $hash = $this->crypto->getPasswordHash("password", "salt");
+        $this->assertTrue($this->crypto->checkPassword("password", $hash, "salt"));
+    }
+
+    protected function setUp()
+    {
+        parent::setUp();
+        $this->crypto = new Redmine($this->createMock(IL10N::class));
+    }
+}