Currently ->needsUpdate always returns true since it compares 0 as an
integer to "0" as a string strictly, which fails.
This means that on every successful login the user password hash is
newly generated and stored in the db, causing unnecessary writes to the
user table.
Also cast params['secret'] to int since that is read from the stored
password hash and thus will be a string and is already being implicitly
casted.
Bug: T366130
Change-Id: Icad0dcf15d5889f8cc7941a7ea7bf250ee30f47c
Currently EncryptPassword doesn't work, because it just uses ->verify()
from the Password class. That method does just regenerate the hash of
the password provided and then checks whether they match.
The problem is that in the case of Argon2 being the underlying hashing
algorithm the salt is not known and PHP is just going to generate a new
one while regenerating the hash (in order to compare it then) and thus
the hashes are not going to match making logins fail.
So instead lets just decrypt the stored password hash and then use the
corresponding ->verify() method from the underlying Password type.
Bug: T150647
Bug: T216682
Change-Id: I053aade9dcaf156a26f2f6bebd17773c4df30b9c
This is a well isolated area of code, without functions that are
likely to receive PHP's trademark "garbage in, garbage out" data
as parameters. Capitalize on this and require strict types there.
Change-Id: I9f1c172e737018d058ddc1700d8234832b58efa6
Replace it all with random_bytes(), leave
only MWCryptRand::generateHex() as a convenience helper.
Change-Id: Ic30376a90e66d8f00dab86e7e6466fb3a750b87d
* openssl_decrypt() expects the encrypted string you give it to be the
exact one that came out of openssl_encrypt(), it doesn't expect you to
pre-decode the base64 encoding. So don't do that.
* Use the same IV when re-encrypting the underlying hash for comparison.
* Check the return value of OpenSSL functions, and report meaningful
error messages, for sysadmin convenience and to avoid e.g. giving all
users the same hash if an invalid cipher method was chosen (which was
the previous behaviour).
* Fix EncryptedPassword::update(). Tested it with eval.php since there
doesn't seem to be any callers.
Change-Id: I3a39de152d0329f93d16aa4ed43faf08f665b8e2
Deprecated the old User::crypt, et. al password hashing
system and implemented an extensible password hashing
API.
The new Password class allows registering of child classes
and provides factory functions for creating new Password
objects. The built-in hash types are the old MediaWiki MD5
types, which are for backwards-compatibility only, and bcrypt.
Also included is support for wrapping existing hashes as well
as encrypting passwords with a configured encryption key.
Bug: 54948
Bug: 28419
Change-Id: I0a9c972931a0eff0cfb2619cef3ddffd03710285
