Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wiki.techinc.nl/includes/auth
History
Max Semenik 7a7976ba7a Password: replace equals() with verify() 
So far, our key derivation code assumed that it has control over
the salt used by the derivation routines, however I want to add Argon2
support and it doesn't work this way: password_hash() generates the
salt itself, and the only way to verify a password is by using
password_verify(). Current way the things are done doesn't support it
because it relies on the result of password hashing with parameters we
provide to be deterministic.

Therefore, I'm deprecating Password::equals(), as well as whole concept
of comparing Password objects - it's used only in tests anyway. It's
getting replaced with verify() that only accepts password strings.
Uses of old function are fixed with exception of a few calls in tests
that will be addressed in my Argon2 patch.

Change-Id: I2b2be9a422ee0f773490eac316ad81505c3f8571
2019-01-24 13:40:40 -08:00
..
AbstractAuthenticationProvider.php Change @inheritdoc to @inheritDoc 2017-08-11 16:49:52 +02:00
AbstractPasswordPrimaryAuthenticationProvider.php Add force option to password policy 2019-01-02 12:38:11 -08:00
AbstractPreAuthenticationProvider.php Add $options parameter for testUserForCreation() 2016-06-20 11:27:07 -04:00
AbstractPrimaryAuthenticationProvider.php Change @inheritdoc to @inheritDoc 2017-08-11 16:49:52 +02:00
AbstractSecondaryAuthenticationProvider.php Change @inheritdoc to @inheritDoc 2017-08-11 16:49:52 +02:00
AuthenticationProvider.php Expand SessionManager / AuthManager documentation 2016-08-30 18:54:30 +00:00
AuthenticationRequest.php Bypass login page if no user input is required. 2016-11-22 14:10:20 +00:00
AuthenticationResponse.php Fix PhanTypeMismatchDeclaredParam 2018-07-07 00:34:30 +00:00
AuthManager.php createAndPromote: use AuthManager::autoCreateUser 2019-01-08 20:45:12 +00:00
AuthManagerAuthPlugin.php Use PHP 7 '??' operator instead of if-then-else 2018-10-21 21:46:46 +02:00
AuthManagerAuthPluginUser.php Split AuthManagerAuthPluginUser into a separate file 2018-08-28 15:22:49 -07:00
AuthPluginPrimaryAuthenticationProvider.php build: Updating mediawiki/mediawiki-codesniffer to 16.0.0 2018-02-17 13:29:13 +01:00
ButtonAuthenticationRequest.php Replace call_user_func_array(), part 2 2018-06-07 20:19:26 -07:00
CheckBlocksSecondaryAuthenticationProvider.php CheckBlocksSecondaryAuthenticationProvider: Avoid user language during auto-creation 2017-10-05 14:50:44 -04:00
ConfirmLinkAuthenticationRequest.php
ConfirmLinkSecondaryAuthenticationProvider.php AuthManager: Don't invalidate BotPasswords if a password reset email is sent 2018-07-17 16:25:28 -04:00
CreatedAccountAuthenticationRequest.php auth: Follow up on e907d4328d 2018-11-26 20:38:36 +00:00
CreateFromLoginAuthenticationRequest.php Use short type bool/int in param documentation 2017-08-20 13:20:59 +02:00
CreationReasonAuthenticationRequest.php Fix required field calculation in AuthenticationRequest 2016-05-30 11:57:58 +00:00
EmailNotificationSecondaryAuthenticationProvider.php rdbms: rename onTransactionIdle() to onTransactionCommitOrIdle() 2018-05-09 21:07:06 +00:00
LegacyHookPreAuthenticationProvider.php Hard-deprecate LegacyHookPreAuthenticationProvider class 2018-10-22 12:14:19 -07:00
LocalPasswordPrimaryAuthenticationProvider.php Password: replace equals() with verify() 2019-01-24 13:40:40 -08:00
PasswordAuthenticationRequest.php AuthManager: Allow for flagging fields as "sensitive" 2016-08-18 19:36:29 +00:00
PasswordDomainAuthenticationRequest.php AuthManager phpdoc cleanup 2016-09-26 13:59:41 -07:00
PreAuthenticationProvider.php Expand SessionManager / AuthManager documentation 2016-08-30 18:54:30 +00:00
PrimaryAuthenticationProvider.php Change @inheritdoc to @inheritDoc 2017-08-11 16:49:52 +02:00
RememberMeAuthenticationRequest.php Bypass login page if no user input is required. 2016-11-22 14:10:20 +00:00
ResetPasswordSecondaryAuthenticationProvider.php Use PHP 7 '??' operator instead of '?:' with 'isset()' where convenient 2018-05-30 18:06:13 -07:00
SecondaryAuthenticationProvider.php Expand SessionManager / AuthManager documentation 2016-08-30 18:54:30 +00:00
TemporaryPasswordAuthenticationRequest.php Merge "Get ConfigFactory & MainConfig from MediaWikiServices" 2016-11-24 18:08:36 +00:00
TemporaryPasswordPrimaryAuthenticationProvider.php Password: replace equals() with verify() 2019-01-24 13:40:40 -08:00
ThrottlePreAuthenticationProvider.php Use PHP 7 '??' operator instead of '?:' with 'isset()' where convenient 2018-05-30 18:06:13 -07:00
Throttler.php Fix PhanTypeMismatchDeclaredParam 2018-07-07 00:34:30 +00:00
UserDataAuthenticationRequest.php Get ConfigFactory & MainConfig from MediaWikiServices 2016-11-23 00:12:38 +00:00
UsernameAuthenticationRequest.php