| 294,7 → 294,7 |
|---|
| throw new OIDplusException(_L('Invalid auth plugin folder name. Do only enter a folder name, not an absolute or relative path')); |
| } |
| |
| OIDplus::checkRaAuthPluginAvailable($value); |
| OIDplus::checkRaAuthPluginAvailable($value, true); |
| }); |
| } |
| |
| 495,7 → 495,7 |
|---|
| return null; |
| } |
| |
| private static function checkRaAuthPluginAvailable($plugin_foldername) { |
| private static function checkRaAuthPluginAvailable($plugin_foldername, $must_hash) { |
| // if (!wildcard_is_dir(OIDplus::localpath().'plugins/'.'*'.'/auth/'.$plugin_foldername)) { |
| $plugin = OIDplus::getAuthPluginByFoldername($plugin_foldername); |
| if (is_null($plugin)) { |
| 503,16 → 503,19 |
|---|
| } |
| |
| $reason = ''; |
| if (!$plugin->available($reason)) { |
| throw new OIDplusException(trim(_L('The auth plugin "%1" is not available on this system.',$plugin_foldername).' '.$reason)); |
| if (!$plugin->availableForVerify($reason)) { |
| throw new OIDplusException(trim(_L('The auth plugin "%1" is not available for password verification on this system.',$plugin_foldername).' '.$reason)); |
| } |
| if ($must_hash && !$plugin->availableForHash($reason)) { |
| throw new OIDplusException(trim(_L('The auth plugin "%1" is not available for hashing on this system.',$plugin_foldername).' '.$reason)); |
| } |
| } |
| |
| public static function getDefaultRaAuthPlugin()/*: OIDplusAuthPlugin*/ { |
| public static function getDefaultRaAuthPlugin($must_hash)/*: OIDplusAuthPlugin*/ { |
| // 1. Priority: Use the auth plugin the user prefers |
| $def_plugin_foldername = OIDplus::config()->getValue('default_ra_auth_method'); |
| if (trim($def_plugin_foldername) !== '') { |
| OIDplus::checkRaAuthPluginAvailable($def_plugin_foldername); |
| OIDplus::checkRaAuthPluginAvailable($def_plugin_foldername, $must_hash); |
| $plugin = OIDplus::getAuthPluginByFoldername($def_plugin_foldername); |
| return $plugin; |
| } |
| 519,9 → 522,11 |
|---|
| |
| // 2. Priority: If empty (i.e. OIDplus may decide), choose the best ViaThinkSoft plugin that is supported on this system |
| $preferred_auth_plugins = array( |
| 'A4_argon2', |
| 'A3_bcrypt', |
| 'A5_vts_mcf' |
| // Sorted by preference |
| 'A4_argon2', // usually Salted Argon2id |
| 'A3_bcrypt', // usually Salted BCrypt |
| 'A5_vts_mcf', // usually SHA3-512-HMAC |
| 'A6_crypt' // usually Salted SHA512 with 5000 rounds |
| ); |
| foreach ($preferred_auth_plugins as $plugin_foldername) { |
| $plugin = OIDplus::getAuthPluginByFoldername($plugin_foldername); |
| 528,15 → 533,18 |
|---|
| if (is_null($plugin)) continue; |
| |
| $reason = ''; |
| if (!$plugin->available($reason)) continue; |
| |
| if (!$plugin->availableForHash($reason)) continue; |
| if ($must_hash && !$plugin->availableForVerify($reason)) continue; |
| return $plugin; |
| } |
| |
| // 3. Priority: If nothing found, take the first found plugin |
| $plugins = OIDplus::getAuthPlugins(); |
| if (count($plugins) > 0) { |
| return $plugins[0]; |
| foreach ($plugins as $plugin) { |
| $reason = ''; |
| if (!$plugin->availableForHash($reason)) continue; |
| if ($must_hash && !$plugin->availableForVerify($reason)) continue; |
| return $plugin; |
| } |
| |
| // 4. Priority: We must deny the creation of the password because we have no auth plugin! |
| 545,7 → 553,7 |
|---|
| |
| private static function registerAuthPlugin(OIDplusAuthPlugin $plugin) { |
| $reason = ''; |
| if (OIDplus::baseConfig()->getValue('DEBUG') && $plugin->available($reason)) { |
| if (OIDplus::baseConfig()->getValue('DEBUG') && $plugin->availableForHash($reason) && $plugin->availableForVerify($reason)) { |
| $password = generateRandomString(25); |
| |
| try { |