Merge branch 'release/v4.1.0'

Author: mlojewski-me

CHANGELOG.md

@@ -4,7 +4,18 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
-## [4.0.1] - 2018-08-11
+## [4.1.0] - 2018-10-28
+### Added
+- Whirlpool hash algorithm
+- 'Prepend salt' toggle
+- Drupal 7 hash algorithm
+- 'Case-insensitive username' option
+### Fixed
+- Error when 'Display name' not set
+- Encoding of iteration for 'Extended DES (Crypt)'
+- 'Trying to get property of non-object' warning
+
+## [4.0.1] - 2018-08-16
 ### Fixed
 - Leftover lines break the admin page
 
@@ -87,6 +98,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Changed
 - Supported version of ownCloud, Nextcloud: ownCloud 10, Nextcloud 12
 
+[4.1.0]: https://github.com/nextcloud/user_sql/compare/v4.0.1...v4.1.0
 [4.0.1]: https://github.com/nextcloud/user_sql/compare/v4.0.0...v4.0.1
 [4.0.0]: https://github.com/nextcloud/user_sql/compare/v4.0.0-rc2...v4.0.0
 [4.0.0-rc2]: https://github.com/nextcloud/user_sql/compare/v4.0.0-rc1...v4.0.0-rc2

README.md

@@ -49,6 +49,7 @@ Name | Description | Details
 --- | --- | ---
 **Allow display name change** | With this option enabled user can change its display name. The display name change is propagated to the database. | Optional.<br/>Default: false.<br/>Requires: user *Display name* column.
 **Allow password change** | Can user change its password. The password change is propagated to the database. See [Hash algorithms](#hash-algorithms). | Optional.<br/>Default: false.
+**Case-insensitive username** | Whether user query should be case-sensitive or case-insensitive. | Optional.<br/>Default: false.
 **Use cache** | Use database query results cache. The cache can be cleared any time with the *Clear cache* button click. | Optional.<br/>Default: false.
 **Hash algorithm** | How users passwords are stored in the database. See [Hash algorithms](#hash-algorithms). | Mandatory.
 **Email sync** | Sync e-mail address with the Nextcloud.<br/>- *None* - Disables this feature. This is the default option.<br/>- *Synchronise only once* - Copy the e-mail address to the Nextcloud preferences if its not set.<br/>- *Nextcloud always wins* - Always copy the e-mail address to the database. This updates the user table.<br/>- *SQL always wins* - Always copy the e-mail address to the Nextcloud preferences. | Optional.<br/>Default: *None*.<br/>Requires: user *Email* column.
@@ -72,6 +73,7 @@ Name | Description | Details
 **Active** | Flag indicating if user can log in. | Optional.<br/>Default: true.
 **Provide avatar** | Flag indicating if user can change its avatar. | Optional.<br/>Default: false.
 **Salt** | Salt which is appended to password when checking or changing the password. | Optional.
+**Prepend salt** | Prepend a salt to the password instead of appending it. | Optional.<br/>Default: false.
 
 #### Group table
 
@@ -184,11 +186,12 @@ Courier base64-encoded SHA256 | No salt supported. | {SHA256}XohImNooBHFR0OVvjcY
 Unix (Crypt) | See [crypt](http://php.net/manual/en/function.crypt.php). | $2y$10$5rsN1fmoSkaRy9bqhozAXOr0mn0QiVIfd2L04Bbk1Go9MjdvotwBq
 Argon2 (Crypt) | Requires PHP >= 7.2.<br/>Uses default parameters. See [password_hash](http://php.net/manual/en/function.password-hash.php). | $argon2i$v=19$m=1024,t=2,p=2$NnpSNlRNLlZobnJHUDh0Sw$oW5E1cfdPzLWfkTvQFUyzTR00R0aLwEdYwldcqW6Pmo
 Blowfish (Crypt) | Uses default parameters. See [password_hash](http://php.net/manual/en/function.password-hash.php). | $2y$10$5rsN1fmoSkaRy9bqhozAXOr0mn0QiVIfd2L04Bbk1Go9MjdvotwBq
-Extended DES (Crypt) | | ..UZoIyj/Hy/c
+Extended DES (Crypt) | | cDRpdxPmHpzS.
 MD5 (Crypt) | | $1$RzaFbNcU$u9adfTY/Q6za6nu0Ogrl1/
 SHA256 (Crypt) | Generates hash with 5000 rounds. | $5$rounds=5000$VIYD0iHkg7uY9SRc$v2XLS/9dvfFN84mzGvW9wxnVt9Xd/urXaaTkpW8EwD1
 SHA512 (Crypt) | Generates hash with 5000 rounds. | $6$rounds=5000$yH.Q0OL4qbCOUJ3q$Xry5EVFva3wKnfo8/ktrugmBd8tcl34NK6rXInv1HhmdSUNLEm0La9JnA57rqwQ.9/Bz513MD4tvmmISLUIHs/
 Standard DES (Crypt) | | yTBnb7ab/N072
+Drupal 7 | See [phpass](http://www.openwall.com/phpass/). | $S$DC7eCpJQ3SUQtW4Bp.vKb2rpeaffi4iqk9OpYwJyEoSMsezn67Sl
 Joomla MD5 Encryption | Generates 32 chars salt. | 14d21b49b0f13e2acba962b6b0039edd:haJK0yTvBXTNMh76xwEw5RYEVpJsN8us
 MD5 | No salt supported. | 5f4dcc3b5aa765d61d8327deb882cf99
 Portable PHP password | See [phpass](http://www.openwall.com/phpass/). | $P$BxrwraqNTi4as0EI.IpiA/K.muk9ke/
@@ -197,6 +200,7 @@ SHA512 Whirlpool | No salt supported. | a96b16ebb691dbe968b0d66d0d924cff5cf5de5e
 SSHA256 | Generates 32 chars salt. | {SSHA256}+WxTB3JxprNteeovsuSYtgI+UkVPA9lfwGoYkz3Ff7hjd1FSdmlTMkNsSExyR21KM3NvNTZ5V0p4WXJMUjFzUg==
 SSHA512 | Generates 32 chars salt. | {SSHA512}It+v1kAEUBbhMJYJ2swAtz+RLE6ispv/FB6G/ALhK/YWwEmrloY+0jzrWIfmu+rWUXp8u0Tg4jLXypC5oXAW00IyYnRVdEZJbE9wak96bkNRVWFCYmlJNWxrdTA0QmhL
 WoltLab Community Framework 2.x | Double salted bcrypt. | $2a$08$XEQDKNU/Vbootwxv5Gp7gujxFX/RUFsZLvQPYM435Dd3/p17fto02
+Whirlpool | | 74dfc2b27acfa364da55f93a5caee29ccad3557247eda238831b3e9bd931b01d77fe994e4f12b9d4cfa92a124461d2065197d8cf7f33fc88566da2db2a4d6eae
 
 ## Development
 

appinfo/info.xml

@@ -8,7 +8,7 @@
         Retrieve the users and groups info. Allow the users to change their passwords.
         Sync the users' email addresses with the addresses stored by Nextcloud.
     </description>
-    <version>4.0.1</version>
+    <version>4.1.0</version>
     <licence>agpl</licence>
     <author>Marcin Łojewski</author>
     <author>Andreas Böhler</author>

img/screenshot.png

@@ -111,7 +111,7 @@ public function doAction(User $user)
                 }
 
                 $user->email = $ncMail;
-                $result = $this->userRepository->save($user);
+                $result = $this->userRepository->save($user, UserRepository::EMAIL_FIELD);
             }
 
             break;

lib/Action/EmailSync.php

@@ -111,7 +111,7 @@ public function doAction(User $user)
                 }
 
                 $user->quota = $ncQuota;
-                $result = $this->userRepository->save($user);
+                $result = $this->userRepository->save($user, UserRepository::QUOTA_FIELD);
             }
 
             break;

lib/Action/QuotaSync.php

@@ -403,10 +403,6 @@ public function getGroupDetails(string $gid): array
             "Entering getGroupDetails($gid)", ["app" => $this->appName]
         );
 
-        if (empty($this->properties[DB::GROUP_NAME_COLUMN])) {
-            return [];
-        }
-
         $group = $this->getGroup($gid);
 
         if (!($group instanceof Group)) {

lib/Backend/GroupBackend.php

@@ -292,14 +292,14 @@ public function checkPassword(string $uid, string $password)
             return false;
         }
 
-        $user = $this->userRepository->findByUid($uid);
-        if (!($user instanceof User)) {
+        $caseSensitive = empty($this->properties[Opt::CASE_INSENSITIVE_USERNAME]);
+        $user = $this->userRepository->findByUid($uid, $caseSensitive);
+        if (!($user instanceof User) || ($caseSensitive && $user->uid !== $uid)) {
             return false;
         }
 
-        if ($user->salt !== null) {
-            $password .= $user->salt;
-        }
+        $uid = $user->uid;
+        $password = $this->addSalt($user, $password);
 
         $isCorrect = $passwordAlgorithm->checkPassword(
             $password, $user->password
@@ -350,6 +350,27 @@ private function getPasswordAlgorithm()
         return $passwordAlgorithm;
     }
 
+    /**
+     * Append or prepend salt from external column if available.
+     *
+     * @param User   $user     The user instance.
+     * @param string $password The password.
+     *
+     * @return string Salted password.
+     */
+    private function addSalt(User $user, string $password): string
+    {
+        if ($user->salt !== null) {
+            if (empty($this->properties[Opt::PREPEND_SALT])) {
+                return $password . $user->salt;
+            } else {
+                return $user->salt . $password;
+            }
+        }
+
+        return $password;
+    }
+
     /**
      * @inheritdoc
      */
@@ -368,7 +389,7 @@ public function getDisplayNames($search = "", $limit = null, $offset = null)
 
         $names = [];
         foreach ($users as $user) {
-            $names[$user->uid] = $user->name;
+            $names[$user] = $user->name;
         }
 
         $this->logger->debug(
@@ -457,17 +478,15 @@ public function setPassword(string $uid, string $password): bool
             return false;
         }
 
-        if ($user->salt !== null) {
-            $password .= $user->salt;
-        }
+        $password = $this->addSalt($user, $password);
 
         $passwordHash = $passwordAlgorithm->getPasswordHash($password);
         if ($passwordHash === false) {
             return false;
         }
 
         $user->password = $passwordHash;
-        $result = $this->userRepository->save($user);
+        $result = $this->userRepository->save($user, UserRepository::PASSWORD_FIELD);
 
         if ($result === true) {
             $this->logger->info(
@@ -571,7 +590,7 @@ public function setDisplayName(string $uid, string $displayName): bool
         }
 
         $user->name = $displayName;
-        $result = $this->userRepository->save($user);
+        $result = $this->userRepository->save($user, UserRepository::DISPLAY_NAME_FIELD);
 
         if ($result === true) {
             $this->logger->info(

lib/Backend/UserBackend.php

@@ -28,12 +28,14 @@
  */
 final class Opt
 {
+    const CASE_INSENSITIVE_USERNAME = "opt.case_insensitive_username";
     const CRYPTO_CLASS = "opt.crypto_class";
     const EMAIL_SYNC = "opt.email_sync";
     const HOME_LOCATION = "opt.home_location";
     const HOME_MODE = "opt.home_mode";
     const NAME_CHANGE = "opt.name_change";
     const PASSWORD_CHANGE = "opt.password_change";
+    const PREPEND_SALT = "opt.prepend_salt";
     const QUOTA_SYNC = "opt.quota_sync";
     const USE_CACHE = "opt.use_cache";
 }

lib/Constant/Opt.php

@@ -35,9 +35,13 @@ final class Query
     const FIND_GROUP_USERS = "find_group_users";
     const FIND_GROUPS = "find_groups";
     const FIND_USER = "find_user";
+    const FIND_USER_CASE_INSENSITIVE = "find_user_case_insensitive";
     const FIND_USER_GROUPS = "find_user_groups";
     const FIND_USERS = "find_users";
-    const SAVE_USER = "save_user";
+    const UPDATE_DISPLAY_NAME = "update_display_name";
+    const UPDATE_EMAIL = "update_email";
+    const UPDATE_PASSWORD = "update_password";
+    const UPDATE_QUOTA = "update_quota";
 
     const EMAIL_PARAM = "email";
     const GID_PARAM = "gid";