Subversion Repositories oidplus

Compare Revisions

Regard whitespace Rev 1098 → Rev 1099

/trunk/includes/classes/OIDplus.class.php
294,7 → 294,7
throw new OIDplusException(_L('Invalid auth plugin folder name. Do only enter a folder name, not an absolute or relative path'));
}
 
OIDplus::checkRaAuthPluginAvailable($value);
OIDplus::checkRaAuthPluginAvailable($value, true);
});
}
 
495,7 → 495,7
return null;
}
 
private static function checkRaAuthPluginAvailable($plugin_foldername) {
private static function checkRaAuthPluginAvailable($plugin_foldername, $must_hash) {
// if (!wildcard_is_dir(OIDplus::localpath().'plugins/'.'*'.'/auth/'.$plugin_foldername)) {
$plugin = OIDplus::getAuthPluginByFoldername($plugin_foldername);
if (is_null($plugin)) {
503,16 → 503,19
}
 
$reason = '';
if (!$plugin->available($reason)) {
throw new OIDplusException(trim(_L('The auth plugin "%1" is not available on this system.',$plugin_foldername).' '.$reason));
if (!$plugin->availableForVerify($reason)) {
throw new OIDplusException(trim(_L('The auth plugin "%1" is not available for password verification on this system.',$plugin_foldername).' '.$reason));
}
if ($must_hash && !$plugin->availableForHash($reason)) {
throw new OIDplusException(trim(_L('The auth plugin "%1" is not available for hashing on this system.',$plugin_foldername).' '.$reason));
}
}
 
public static function getDefaultRaAuthPlugin()/*: OIDplusAuthPlugin*/ {
public static function getDefaultRaAuthPlugin($must_hash)/*: OIDplusAuthPlugin*/ {
// 1. Priority: Use the auth plugin the user prefers
$def_plugin_foldername = OIDplus::config()->getValue('default_ra_auth_method');
if (trim($def_plugin_foldername) !== '') {
OIDplus::checkRaAuthPluginAvailable($def_plugin_foldername);
OIDplus::checkRaAuthPluginAvailable($def_plugin_foldername, $must_hash);
$plugin = OIDplus::getAuthPluginByFoldername($def_plugin_foldername);
return $plugin;
}
519,9 → 522,11
 
// 2. Priority: If empty (i.e. OIDplus may decide), choose the best ViaThinkSoft plugin that is supported on this system
$preferred_auth_plugins = array(
'A4_argon2',
'A3_bcrypt',
'A5_vts_mcf'
// Sorted by preference
'A4_argon2', // usually Salted Argon2id
'A3_bcrypt', // usually Salted BCrypt
'A5_vts_mcf', // usually SHA3-512-HMAC
'A6_crypt' // usually Salted SHA512 with 5000 rounds
);
foreach ($preferred_auth_plugins as $plugin_foldername) {
$plugin = OIDplus::getAuthPluginByFoldername($plugin_foldername);
528,15 → 533,18
if (is_null($plugin)) continue;
 
$reason = '';
if (!$plugin->available($reason)) continue;
 
if (!$plugin->availableForHash($reason)) continue;
if ($must_hash && !$plugin->availableForVerify($reason)) continue;
return $plugin;
}
 
// 3. Priority: If nothing found, take the first found plugin
$plugins = OIDplus::getAuthPlugins();
if (count($plugins) > 0) {
return $plugins[0];
foreach ($plugins as $plugin) {
$reason = '';
if (!$plugin->availableForHash($reason)) continue;
if ($must_hash && !$plugin->availableForVerify($reason)) continue;
return $plugin;
}
 
// 4. Priority: We must deny the creation of the password because we have no auth plugin!
545,7 → 553,7
 
private static function registerAuthPlugin(OIDplusAuthPlugin $plugin) {
$reason = '';
if (OIDplus::baseConfig()->getValue('DEBUG') && $plugin->available($reason)) {
if (OIDplus::baseConfig()->getValue('DEBUG') && $plugin->availableForHash($reason) && $plugin->availableForVerify($reason)) {
$password = generateRandomString(25);
 
try {
/trunk/includes/classes/OIDplusAuthPlugin.class.php
26,5 → 26,6
abstract class OIDplusAuthPlugin extends OIDplusPlugin {
public abstract function verify(OIDplusRAAuthInfo $authKey, $check_password);
public abstract function generate($password): OIDplusRAAuthInfo;
public abstract function available(&$reason): bool;
public abstract function availableForHash(&$reason): bool;
public abstract function availableForVerify(&$reason): bool;
}
/trunk/includes/classes/OIDplusAuthUtils.class.php
350,7 → 350,7
// Generate RA passwords
 
public static function raGeneratePassword($password): OIDplusRAAuthInfo {
$plugin = OIDplus::getDefaultRaAuthPlugin();
$plugin = OIDplus::getDefaultRaAuthPlugin(true);
return $plugin->generate(self::raPepperProcessing($password));
}
 
/trunk/plugins/viathinksoft/adminPages/800_plugins/OIDplusPageAdminPlugins.class.php
39,16 → 39,17
}
 
private function pluginTableLine(&$out, $plugin, $modifier=0, $na_reason='') {
$html_reason = empty($na_reason) ? '' : ' ('.htmlentities($na_reason).')';
$out['text'] .= ' <tr>';
if ($modifier == 0) {
// normal line
$out['text'] .= ' <td><a '.OIDplus::gui()->link('oidplus:system_plugins$'.get_class($plugin)).'>'.htmlentities(get_class($plugin)).'</a></td>';
$out['text'] .= ' <td><a '.OIDplus::gui()->link('oidplus:system_plugins$'.get_class($plugin)).'>'.htmlentities(get_class($plugin)).'</a>'.$html_reason.'</td>';
} else if ($modifier == 1) {
// active
$out['text'] .= '<td><a '.OIDplus::gui()->link('oidplus:system_plugins$'.get_class($plugin)).'><b>'.htmlentities(get_class($plugin)).'</b> ('.htmlentities($na_reason).')</a></td>';
$out['text'] .= '<td><a '.OIDplus::gui()->link('oidplus:system_plugins$'.get_class($plugin)).'><b>'.htmlentities(get_class($plugin)).'</b>'.$html_reason.'</a></td>';
} else if ($modifier == 2) {
// not available with reason
$out['text'] .= '<td><a '.OIDplus::gui()->link('oidplus:system_plugins$'.get_class($plugin)).'><font color="gray">'.htmlentities(get_class($plugin)).'</font></a> <font color="gray">('.$na_reason.')</font></td>';
$out['text'] .= '<td><a '.OIDplus::gui()->link('oidplus:system_plugins$'.get_class($plugin)).'><font color="gray">'.htmlentities(get_class($plugin)).'</font></a><font color="gray">'.$html_reason.'</font></td>';
}
$out['text'] .= ' <td>' . htmlentities(empty($plugin->getManifest()->getName()) ? _L('n/a') : $plugin->getManifest()->getName()) . '</td>';
$out['text'] .= ' <td>' . htmlentities(empty($plugin->getManifest()->getVersion()) ? _L('n/a') : $plugin->getManifest()->getVersion()) . '</td>';
380,16 → 381,44
$out['text'] .= '<table class="table table-bordered table-striped">';
$this->pluginTableHead($out);
foreach ($plugins as $plugin) {
$reason = '';
if ($plugin->available($reason)) {
$default = OIDplus::getDefaultRaAuthPlugin()->getManifest()->getOid() === $plugin->getManifest()->getOid();
$this->pluginTableLine($out, $plugin, $default?1:0, _L('default'));
} else if ($reason) {
$this->pluginTableLine($out, $plugin, 2, _L('not available: %1',htmlentities($reason)));
$default = OIDplus::getDefaultRaAuthPlugin(true)->getManifest()->getOid() === $plugin->getManifest()->getOid();
 
$reason_hash = '';
$can_hash = $plugin->availableForHash($reason_hash);
 
$reason_verify = '';
$can_verify = $plugin->availableForHash($reason_verify);
 
if ($can_hash && !$can_verify) {
$note = _L('Only hashing, no verification');
if (!empty($reason_verify)) $note .= '. '.$reason_verify; /* @phpstan-ignore-line */
$modifier = $default ? 1 : 0;
}
else if (!$can_hash && $can_verify) {
$note = _L('Only verification, no hashing');
if (!empty($reason_hash)) $note .= '. '.$reason_hash; /* @phpstan-ignore-line */
$modifier = $default ? 1 : 0;
}
else if (!$can_hash && !$can_verify) {
$note = _L('Not available on this system');
$app1 = '';
$app2 = '';
if (!empty($reason_verify)) $app1 = $reason_verify; /* @phpstan-ignore-line */
if (!empty($reason_hash)) $app2 = $reason_hash; /* @phpstan-ignore-line */
if ($app1 != $app2) {
$note .= '. '.$app1.'. '.$app2;
} else {
$this->pluginTableLine($out, $plugin, 2, _L('not available'));
$note .= '. '.$app1;
}
$modifier = 2;
}
else /*if ($can_hash && $can_verify)*/ {
$modifier = $default ? 1 : 0;
$note = '';
}
 
$this->pluginTableLine($out, $plugin, $modifier, htmlentities($note));
}
$out['text'] .= '</table>';
$out['text'] .= '</div></div>';
}
602,7 → 631,7
$txt = (empty($plugin->getManifest()->getName())) ? get_class($plugin) : $plugin->getManifest()->getName();
 
$reason = '';
if (!$plugin->available($reason)) $txt = '<font color="gray">'.$txt.'</font>';
if (!$plugin->availableForHash($reason) && !$plugin->availableForVerify($reason)) $txt = '<font color="gray">'.$txt.'</font>';
 
$auth_plugins[] = array(
'id' => 'oidplus:system_plugins$'.get_class($plugin),
/trunk/plugins/viathinksoft/auth/A3_bcrypt/OIDplusAuthPluginBCrypt.class.php
66,7 → 66,7
return new OIDplusRAAuthInfo($calc_authkey);
}
 
public function available(&$reason): bool {
public function availableForHash(&$reason): bool {
if (version_compare(PHP_VERSION, '7.4.0') >= 0) {
$ok = in_array('2', password_algos()) ||
in_array('2a', password_algos()) ||
84,4 → 84,8
return false;
}
 
public function availableForVerify(&$reason): bool {
return $this->availableForHash($reason);
}
 
}
/trunk/plugins/viathinksoft/auth/A4_argon2/OIDplusAuthPluginArgon2.class.php
85,7 → 85,7
}
}
 
public function available(&$reason): bool {
public function availableForHash(&$reason): bool {
if (!$this->supportsArgon2i() && !$this->supportsArgon2id()) {
$reason = _L('No fitting hash algorithm found');
return false;
94,4 → 94,8
}
}
 
public function availableForVerify(&$reason): bool {
return $this->availableForHash($reason);
}
 
}
/trunk/plugins/viathinksoft/auth/A5_vts_mcf/OIDplusAuthPluginVtsMcf.class.php
58,8 → 58,12
return new OIDplusRAAuthInfo($calc_authkey);
}
 
public function available(&$reason): bool {
return function_exists('sha3_512_hmac') || function_exists('sha3_512');
public function availableForHash(&$reason): bool {
return function_exists('vts_password_hash') && (function_exists('sha3_512_hmac') || function_exists('sha3_512'));
}
 
public function availableForVerify(&$reason): bool {
return function_exists('vts_password_verify');
}
 
}
/trunk/plugins/viathinksoft/auth/A6_crypt/OIDplusAuthPluginCrypt.class.php
36,8 → 36,12
return new OIDplusRAAuthInfo($calc_authkey);
}
 
public function available(&$reason): bool {
public function availableForHash(&$reason): bool {
return function_exists('vts_password_hash');
}
 
public function availableForVerify(&$reason): bool {
return function_exists('vts_password_verify');
}
 
}