Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

story #8059: Use secure hash function for the storage of password used for web login

Download Browse

Note that PHP 5.1 still use a weak hash function and do not compare password in constant time for compatibility reasons. Change-Id: Icb9ba183407cd5fbd7d39cf47d4cb848452c0af4

+492 −140
Thomas Gerbet (tgerbet) 2015-05-05 09:04
Thomas Gerbet (tgerbet) 2015-06-03 12:24
4d87f6146d910f344bd0f536e9ccbe3fbc243c18
55e0bdc6a37d34e1fd6925b0e214342aeb9058bf
git #tuleap/stable/4d87f6146d910f344bd0f536e9ccbe3fbc243c18

Modified Files

Side by side diff
Inline diff
Name
M plugins/git/include/Git.class.php +2 −1 Go to diff View file
M plugins/tracker/bin/remove_multiple_artifacts.php +2 −1 Go to diff View file
M src/common/REST/UserManager.class.php +4 −2 Go to diff View file
M src/common/Token/REST/v1/TokenResource.class.php +4 −2 Go to diff View file
M src/common/autoload.php +8 −4 Go to diff View file
M src/common/dao/UserDao.class.php +27 −57 Go to diff View file
M src/common/user/LoginManager.class.php +60 −21 Go to diff View file
R src/common/user/PasswordExpirationChecker.class.php Go to diff View file
R src/common/user/PasswordExpiredException.class.php Go to diff View file
A src/common/user/Password/PasswordHandler.class.php +74 −0 Go to diff View file
A src/common/user/Password/PasswordHandlerFactory.class.php +32 −0 Go to diff View file
A src/common/user/Password/StandardPasswordHandler.class.php +36 −0 Go to diff View file
A src/common/user/Password/WeakPasswordHandler.class.php +34 −0 Go to diff View file
M src/common/user/User.class.php +10 −6 Go to diff View file
M src/common/user/UserManager.class.php +10 −3 Go to diff View file
M src/db/mysql/database_structure.sql +1 −0 Go to diff View file
A src/db/mysql/updates/2015/201505051630_add_new_password_field.php +38 −0 Go to diff View file
M src/etc/local.inc.dist +3 −0 Go to diff View file
M src/utils/svn/Tuleap.pm +28 −25 Go to diff View file
M tests/simpletest/common/user/LoginManagerTest.php +5 −3 Go to diff View file
A tests/simpletest/common/user/StandardPasswordHandlerTestPHP53.php +53 −0 Go to diff View file
M tests/simpletest/common/user/UserManagerTest.php +12 −13 Go to diff View file
A tests/simpletest/common/user/WeakPasswordHandlerTest.php +43 −0 Go to diff View file
M tools/rpm/tuleap.rhel6.spec +2 −1 Go to diff View file
M tools/rpm/tuleap.spec +3 −1 Go to diff View file
M tools/setup.sh +1 −0 Go to diff View file