From f7ce3a3530d4cb3cede1d193c6a00e0be19e9a17 Mon Sep 17 00:00:00 2001 From: BuildTools Date: Thu, 23 Jan 2020 18:23:11 -0500 Subject: [PATCH 01/10] create option to use bcrypt. --- Core/Frameworks/Baikal/Core/BcryptAuth.php | 85 +++++++++++++++++++ Core/Frameworks/Baikal/Core/Server.php | 6 +- .../Baikal/Model/Config/Standard.php | 40 +++++++-- Core/Frameworks/Baikal/Model/User.php | 15 +++- Core/Frameworks/BaikalAdmin/Core/Auth.php | 15 +++- 5 files changed, 142 insertions(+), 19 deletions(-) create mode 100755 Core/Frameworks/Baikal/Core/BcryptAuth.php mode change 100644 => 100755 Core/Frameworks/Baikal/Core/Server.php mode change 100644 => 100755 Core/Frameworks/Baikal/Model/Config/Standard.php mode change 100644 => 100755 Core/Frameworks/Baikal/Model/User.php mode change 100644 => 100755 Core/Frameworks/BaikalAdmin/Core/Auth.php diff --git a/Core/Frameworks/Baikal/Core/BcryptAuth.php b/Core/Frameworks/Baikal/Core/BcryptAuth.php new file mode 100755 index 000000000..38028600d --- /dev/null +++ b/Core/Frameworks/Baikal/Core/BcryptAuth.php @@ -0,0 +1,85 @@ + + * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License + */ +class BcryptAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic { + + /** + * Reference to PDO connection + * + * @var PDO + */ + protected $pdo; + + /** + * PDO table name we'll be using + * + * @var string + */ + protected $tableName; + + /** + * Authentication realm + * + * @var string + */ + protected $authRealm; + + /** + * Creates the backend object. + * + * If the filename argument is passed in, it will parse out the specified file fist. + * + * @param PDO $pdo + * @param string $tableName The PDO table name to use + */ + function __construct(\PDO $pdo, $authRealm, $tableName = 'users') { + + $this->pdo = $pdo; + $this->tableName = $tableName; + $this->authRealm = $authRealm; + } + + /** + * Validates a username and password + * + * This method should return true or false depending on if login + * succeeded. + * + * @param string $username + * @param string $password + * @return bool + */ + function validateUserPass($username, $password) { + + $stmt = $this->pdo->prepare('SELECT username, digesta1 FROM ' . $this->tableName . ' WHERE username = ?'); + $stmt->execute([$username]); + $result = $stmt->fetchAll(); + if (!count($result)) return false; + + if (substr($result[0]['digesta1'],0,4) == '$2y$') { + $check = password_verify($password, $result[0]['digesta1']); + } else { + $hash = md5($username . ':' . $this->authRealm . ':' . $password); + if ($result[0]['digesta1'] === $hash) { + $check = true; + } + } + if ($check == true) { + $this->currentUser = $username; + return true; + } + return false; + + } + +} diff --git a/Core/Frameworks/Baikal/Core/Server.php b/Core/Frameworks/Baikal/Core/Server.php old mode 100644 new mode 100755 index b5792bad8..4c7d514a6 --- a/Core/Frameworks/Baikal/Core/Server.php +++ b/Core/Frameworks/Baikal/Core/Server.php @@ -132,11 +132,11 @@ function start() { protected function initServer() { if ($this->authType === 'Basic') { - $authBackend = new \Baikal\Core\PDOBasicAuth($this->pdo, $this->authRealm); - } else { + $authBackend = new \Baikal\Core\BcryptAuth($this->pdo, $this->authRealm); + } else { $authBackend = new \Sabre\DAV\Auth\Backend\PDO($this->pdo); $authBackend->setRealm($this->authRealm); - } + } $principalBackend = new \Sabre\DAVACL\PrincipalBackend\PDO($this->pdo); $nodes = [ diff --git a/Core/Frameworks/Baikal/Model/Config/Standard.php b/Core/Frameworks/Baikal/Model/Config/Standard.php old mode 100644 new mode 100755 index daab958f8..da100f87b --- a/Core/Frameworks/Baikal/Model/Config/Standard.php +++ b/Core/Frameworks/Baikal/Model/Config/Standard.php @@ -50,6 +50,10 @@ class Standard extends \Baikal\Model\Config { "type" => "string", "comment" => "HTTP authentication type for WebDAV; default Digest" ], + "BAIKAL_USER_AUTH_TYPE" => [ + "type" => "string", + "comment" => "Authentication mechanism for user accounts" + ], "BAIKAL_ADMIN_PASSWORDHASH" => [ "type" => "string", "comment" => "Baïkal Web admin password hash; Set via Baïkal Web Admin", @@ -62,7 +66,8 @@ class Standard extends \Baikal\Model\Config { "BAIKAL_CARD_ENABLED" => true, "BAIKAL_CAL_ENABLED" => true, "BAIKAL_INVITE_FROM" => "", - "BAIKAL_DAV_AUTH_TYPE" => "Digest", + "BAIKAL_DAV_AUTH_TYPE" => "Basic", + "BAIKAL_USER_AUTH_TYPE" => "Bcrypt", "BAIKAL_ADMIN_PASSWORDHASH" => "" ]; @@ -99,6 +104,13 @@ function formMorphologyForThisModelInstance() { "options" => ["Digest", "Basic"] ])); + $oMorpho->add(new \Formal\Element\Listbox([ + "prop" => "BAIKAL_USER_AUTH_TYPE", + "label" => "Password Storage Engine", + "options" => ["MD5","BCrypt"], + "help" => "If set to BCrypt, WebDAV must be set to BASIC.
If you change this setting, you must change your password before you log out or you will be locked out!" + ])); + $oMorpho->add(new \Formal\Element\Password([ "prop" => "BAIKAL_ADMIN_PASSWORDHASH", "label" => "Admin password", @@ -132,14 +144,20 @@ function set($sProp, $sValue) { # Special handling for password and passwordconfirm if ($sProp === "BAIKAL_ADMIN_PASSWORDHASH" && $sValue !== "") { - parent::set( - "BAIKAL_ADMIN_PASSWORDHASH", - \BaikalAdmin\Core\Auth::hashAdminPassword($sValue) - ); - } - - return $this; - } + if (BAIKAL_USER_AUTH_TYPE === "BCrypt") { + parent::set( + "BAIKAL_ADMIN_PASSWORDHASH", + password_hash($sValue,PASSWORD_BCRYPT) + ); + } else { + parent::set( + "BAIKAL_ADMIN_PASSWORDHASH", + \BaikalAdmin\Core\Auth::hashAdminPassword($sValue) + ); + } + } + return $this; + } parent::set($sProp, $sValue); } @@ -194,6 +212,10 @@ protected static function getDefaultConfig() { # WebDAV authentication type; default Digest define("BAIKAL_DAV_AUTH_TYPE", "Digest"); + +# Baikal user authentication mechanism; default bcrypt +define("BAIKAL_USER_AUTH_TYPE", "Bcrypt"); + # Baïkal Web admin password hash; Set via Baïkal Web Admin define("BAIKAL_ADMIN_PASSWORDHASH", ""); CODE; diff --git a/Core/Frameworks/Baikal/Model/User.php b/Core/Frameworks/Baikal/Model/User.php old mode 100644 new mode 100755 index f744f9983..95c041c72 --- a/Core/Frameworks/Baikal/Model/User.php +++ b/Core/Frameworks/Baikal/Model/User.php @@ -104,10 +104,17 @@ function set($sPropName, $sPropValue) { # Special handling for password and passwordconfirm if ($sPropName === "password" && $sPropValue !== "") { - parent::set( - "digesta1", - $this->getPasswordHashForPassword($sPropValue) - ); + if (BAIKAL_USER_AUTH_TYPE === "BCrypt") { + parent::set( + "digesta1", + password_hash($sPropValue,PASSWORD_BCRYPT) + ); + } else { + parent::set( + "digesta1", + $this->getPasswordHashForPassword($sPropValue) + ); + } } return $this; diff --git a/Core/Frameworks/BaikalAdmin/Core/Auth.php b/Core/Frameworks/BaikalAdmin/Core/Auth.php old mode 100644 new mode 100755 index 5f4e81c7a..3bbf19392 --- a/Core/Frameworks/BaikalAdmin/Core/Auth.php +++ b/Core/Frameworks/BaikalAdmin/Core/Auth.php @@ -45,9 +45,18 @@ static function authenticate() { $sUser = \Flake\Util\Tools::POST("login"); $sPass = \Flake\Util\Tools::POST("password"); - $sPassHash = self::hashAdminPassword($sPass); + if (substr(BAIKAL_ADMIN_PASSWORDHASH,0,4) == "$2y$") { + $sPassHash = password_verify($sPass, BAIKAL_ADMIN_PASSWORDHASH); + } else { + $sPassHash = self::hashAdminPassword($sPass); + if ($sPassHash === BAIKAL_ADMIN_PASSWORDHASH) { + $sPassHash = true; + } else { + $sPassHash = false; + } + } - if ($sUser === "admin" && $sPassHash === BAIKAL_ADMIN_PASSWORDHASH) { + if ($sUser === "admin" && $sPassHash == true) { $_SESSION["baikaladminauth"] = md5(BAIKAL_ADMIN_PASSWORDHASH); return true; } @@ -66,7 +75,7 @@ static function hashAdminPassword($sPassword) { } else { $sAuthRealm = "BaikalDAV"; # Fallback to default value; useful when initializing App, as all constants are not set yet } - + return md5('admin:' . $sAuthRealm . ':' . $sPassword); } From 366cf2186a46f7d2639677f3259cb6769b2e939d Mon Sep 17 00:00:00 2001 From: BuildTools Date: Thu, 23 Jan 2020 19:05:56 -0500 Subject: [PATCH 02/10] fix error --- Core/Frameworks/Baikal/Model/Config/Standard.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Core/Frameworks/Baikal/Model/Config/Standard.php b/Core/Frameworks/Baikal/Model/Config/Standard.php index da100f87b..b90143c89 100755 --- a/Core/Frameworks/Baikal/Model/Config/Standard.php +++ b/Core/Frameworks/Baikal/Model/Config/Standard.php @@ -144,7 +144,7 @@ function set($sProp, $sValue) { # Special handling for password and passwordconfirm if ($sProp === "BAIKAL_ADMIN_PASSWORDHASH" && $sValue !== "") { - if (BAIKAL_USER_AUTH_TYPE === "BCrypt") { + if ("BAIKAL_USER_AUTH_TYPE" === "BCrypt") { parent::set( "BAIKAL_ADMIN_PASSWORDHASH", password_hash($sValue,PASSWORD_BCRYPT) From 319c3b4dc7be2666dd8406820f5924453763b055 Mon Sep 17 00:00:00 2001 From: BuildTools Date: Thu, 23 Jan 2020 19:24:55 -0500 Subject: [PATCH 03/10] fix typo --- Core/Frameworks/Baikal/Model/Config/Standard.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Core/Frameworks/Baikal/Model/Config/Standard.php b/Core/Frameworks/Baikal/Model/Config/Standard.php index b90143c89..4148928be 100755 --- a/Core/Frameworks/Baikal/Model/Config/Standard.php +++ b/Core/Frameworks/Baikal/Model/Config/Standard.php @@ -144,7 +144,7 @@ function set($sProp, $sValue) { # Special handling for password and passwordconfirm if ($sProp === "BAIKAL_ADMIN_PASSWORDHASH" && $sValue !== "") { - if ("BAIKAL_USER_AUTH_TYPE" === "BCrypt") { + if (!defined("BAIKAL_USER_AUTH_TYPE") || BAIKAL_USER_AUTH_TYPE === "Bcrypt") { parent::set( "BAIKAL_ADMIN_PASSWORDHASH", password_hash($sValue,PASSWORD_BCRYPT) From 8fd36b4160a409c239ed7521d08d9b79d6df6950 Mon Sep 17 00:00:00 2001 From: BuildTools Date: Thu, 23 Jan 2020 19:27:47 -0500 Subject: [PATCH 04/10] set basic/bcrypt to be default --- Core/Frameworks/Baikal/Model/Config/Standard.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Core/Frameworks/Baikal/Model/Config/Standard.php b/Core/Frameworks/Baikal/Model/Config/Standard.php index 4148928be..b889958ca 100755 --- a/Core/Frameworks/Baikal/Model/Config/Standard.php +++ b/Core/Frameworks/Baikal/Model/Config/Standard.php @@ -101,13 +101,13 @@ function formMorphologyForThisModelInstance() { $oMorpho->add(new \Formal\Element\Listbox([ "prop" => "BAIKAL_DAV_AUTH_TYPE", "label" => "WebDAV authentication type", - "options" => ["Digest", "Basic"] + "options" => ["Digest","Digest"] ])); $oMorpho->add(new \Formal\Element\Listbox([ "prop" => "BAIKAL_USER_AUTH_TYPE", "label" => "Password Storage Engine", - "options" => ["MD5","BCrypt"], + "options" => ["Bcrypt","MD5"], "help" => "If set to BCrypt, WebDAV must be set to BASIC.
If you change this setting, you must change your password before you log out or you will be locked out!" ])); @@ -209,8 +209,8 @@ protected static function getDefaultConfig() { # CalDAV invite From: mail address (comment or leave blank to disable notifications) define("BAIKAL_INVITE_FROM", "noreply@$_SERVER[SERVER_NAME]"); -# WebDAV authentication type; default Digest -define("BAIKAL_DAV_AUTH_TYPE", "Digest"); +# WebDAV authentication type; default Basic +define("BAIKAL_DAV_AUTH_TYPE", "Basic"); # Baikal user authentication mechanism; default bcrypt From faaa559f8745881b24aa2c80b3acd7717996066e Mon Sep 17 00:00:00 2001 From: BuildTools Date: Thu, 23 Jan 2020 19:30:24 -0500 Subject: [PATCH 05/10] fix typo --- Core/Frameworks/Baikal/Model/Config/Standard.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Core/Frameworks/Baikal/Model/Config/Standard.php b/Core/Frameworks/Baikal/Model/Config/Standard.php index b889958ca..cec2c9c4f 100755 --- a/Core/Frameworks/Baikal/Model/Config/Standard.php +++ b/Core/Frameworks/Baikal/Model/Config/Standard.php @@ -48,7 +48,7 @@ class Standard extends \Baikal\Model\Config { ], "BAIKAL_DAV_AUTH_TYPE" => [ "type" => "string", - "comment" => "HTTP authentication type for WebDAV; default Digest" + "comment" => "HTTP authentication type for WebDAV; default Basic" ], "BAIKAL_USER_AUTH_TYPE" => [ "type" => "string", @@ -101,7 +101,7 @@ function formMorphologyForThisModelInstance() { $oMorpho->add(new \Formal\Element\Listbox([ "prop" => "BAIKAL_DAV_AUTH_TYPE", "label" => "WebDAV authentication type", - "options" => ["Digest","Digest"] + "options" => ["Basic","Digest"] ])); $oMorpho->add(new \Formal\Element\Listbox([ From ade76e833fc68c6a36bc5764efb95e92619827e3 Mon Sep 17 00:00:00 2001 From: BuildTools Date: Thu, 23 Jan 2020 22:14:20 -0500 Subject: [PATCH 06/10] Make admin password always hash to bcrypt when changing password. User now hashing according to BAIKAL_USER_AUTH_TYPE setting --- Core/Frameworks/Baikal/Model/Config/Standard.php | 13 +++---------- Core/Frameworks/Baikal/Model/User.php | 2 +- 2 files changed, 4 insertions(+), 11 deletions(-) diff --git a/Core/Frameworks/Baikal/Model/Config/Standard.php b/Core/Frameworks/Baikal/Model/Config/Standard.php index cec2c9c4f..d0edde0e9 100755 --- a/Core/Frameworks/Baikal/Model/Config/Standard.php +++ b/Core/Frameworks/Baikal/Model/Config/Standard.php @@ -106,9 +106,9 @@ function formMorphologyForThisModelInstance() { $oMorpho->add(new \Formal\Element\Listbox([ "prop" => "BAIKAL_USER_AUTH_TYPE", - "label" => "Password Storage Engine", + "label" => "Password Storage Hash Type", "options" => ["Bcrypt","MD5"], - "help" => "If set to BCrypt, WebDAV must be set to BASIC.
If you change this setting, you must change your password before you log out or you will be locked out!" + "help" => "If set to BCrypt, WebDAV must be set to BASIC." ])); $oMorpho->add(new \Formal\Element\Password([ @@ -144,18 +144,11 @@ function set($sProp, $sValue) { # Special handling for password and passwordconfirm if ($sProp === "BAIKAL_ADMIN_PASSWORDHASH" && $sValue !== "") { - if (!defined("BAIKAL_USER_AUTH_TYPE") || BAIKAL_USER_AUTH_TYPE === "Bcrypt") { parent::set( "BAIKAL_ADMIN_PASSWORDHASH", password_hash($sValue,PASSWORD_BCRYPT) ); - } else { - parent::set( - "BAIKAL_ADMIN_PASSWORDHASH", - \BaikalAdmin\Core\Auth::hashAdminPassword($sValue) - ); } - } return $this; } @@ -213,7 +206,7 @@ protected static function getDefaultConfig() { define("BAIKAL_DAV_AUTH_TYPE", "Basic"); -# Baikal user authentication mechanism; default bcrypt +# Baikal user password hash method; default bcrypt define("BAIKAL_USER_AUTH_TYPE", "Bcrypt"); # Baïkal Web admin password hash; Set via Baïkal Web Admin diff --git a/Core/Frameworks/Baikal/Model/User.php b/Core/Frameworks/Baikal/Model/User.php index 95c041c72..896a6e1a8 100755 --- a/Core/Frameworks/Baikal/Model/User.php +++ b/Core/Frameworks/Baikal/Model/User.php @@ -104,7 +104,7 @@ function set($sPropName, $sPropValue) { # Special handling for password and passwordconfirm if ($sPropName === "password" && $sPropValue !== "") { - if (BAIKAL_USER_AUTH_TYPE === "BCrypt") { + if (BAIKAL_USER_AUTH_TYPE === "Bcrypt") { parent::set( "digesta1", password_hash($sPropValue,PASSWORD_BCRYPT) From 46556a518edeb00c6f78ed0a7e2b473d1ffaa3fb Mon Sep 17 00:00:00 2001 From: BuildTools Date: Mon, 24 Feb 2020 12:48:24 -0500 Subject: [PATCH 07/10] replace tabs with spaces. This should stop the builds from failing --- Core/Frameworks/Baikal/Core/BcryptAuth.php | 18 ++++++------ Core/Frameworks/Baikal/Core/Server.php | 8 +++--- .../Baikal/Model/Config/Standard.php | 28 +++++++++---------- Core/Frameworks/Baikal/Model/User.php | 22 +++++++-------- 4 files changed, 38 insertions(+), 38 deletions(-) diff --git a/Core/Frameworks/Baikal/Core/BcryptAuth.php b/Core/Frameworks/Baikal/Core/BcryptAuth.php index 38028600d..4975ccbb7 100755 --- a/Core/Frameworks/Baikal/Core/BcryptAuth.php +++ b/Core/Frameworks/Baikal/Core/BcryptAuth.php @@ -66,15 +66,15 @@ function validateUserPass($username, $password) { $result = $stmt->fetchAll(); if (!count($result)) return false; - if (substr($result[0]['digesta1'],0,4) == '$2y$') { - $check = password_verify($password, $result[0]['digesta1']); - } else { - $hash = md5($username . ':' . $this->authRealm . ':' . $password); - if ($result[0]['digesta1'] === $hash) { - $check = true; - } - } - if ($check == true) { + if (substr($result[0]['digesta1'],0,4) == '$2y$') { + $check = password_verify($password, $result[0]['digesta1']); + } else { + $hash = md5($username . ':' . $this->authRealm . ':' . $password); + if ($result[0]['digesta1'] === $hash) { + $check = true; + } + } + if ($check == true) { $this->currentUser = $username; return true; } diff --git a/Core/Frameworks/Baikal/Core/Server.php b/Core/Frameworks/Baikal/Core/Server.php index 4c7d514a6..0bcd4d6cf 100755 --- a/Core/Frameworks/Baikal/Core/Server.php +++ b/Core/Frameworks/Baikal/Core/Server.php @@ -132,11 +132,11 @@ function start() { protected function initServer() { if ($this->authType === 'Basic') { - $authBackend = new \Baikal\Core\BcryptAuth($this->pdo, $this->authRealm); + $authBackend = new \Baikal\Core\BcryptAuth($this->pdo, $this->authRealm); } else { - $authBackend = new \Sabre\DAV\Auth\Backend\PDO($this->pdo); - $authBackend->setRealm($this->authRealm); - } + $authBackend = new \Sabre\DAV\Auth\Backend\PDO($this->pdo); + $authBackend->setRealm($this->authRealm); + } $principalBackend = new \Sabre\DAVACL\PrincipalBackend\PDO($this->pdo); $nodes = [ diff --git a/Core/Frameworks/Baikal/Model/Config/Standard.php b/Core/Frameworks/Baikal/Model/Config/Standard.php index d0edde0e9..e1c72ff79 100755 --- a/Core/Frameworks/Baikal/Model/Config/Standard.php +++ b/Core/Frameworks/Baikal/Model/Config/Standard.php @@ -67,7 +67,7 @@ class Standard extends \Baikal\Model\Config { "BAIKAL_CAL_ENABLED" => true, "BAIKAL_INVITE_FROM" => "", "BAIKAL_DAV_AUTH_TYPE" => "Basic", - "BAIKAL_USER_AUTH_TYPE" => "Bcrypt", + "BAIKAL_USER_AUTH_TYPE" => "Bcrypt", "BAIKAL_ADMIN_PASSWORDHASH" => "" ]; @@ -104,12 +104,12 @@ function formMorphologyForThisModelInstance() { "options" => ["Basic","Digest"] ])); - $oMorpho->add(new \Formal\Element\Listbox([ - "prop" => "BAIKAL_USER_AUTH_TYPE", - "label" => "Password Storage Hash Type", - "options" => ["Bcrypt","MD5"], - "help" => "If set to BCrypt, WebDAV must be set to BASIC." - ])); + $oMorpho->add(new \Formal\Element\Listbox([ + "prop" => "BAIKAL_USER_AUTH_TYPE", + "label" => "Password Storage Hash Type", + "options" => ["Bcrypt","MD5"], + "help" => "If set to BCrypt, WebDAV must be set to BASIC." + ])); $oMorpho->add(new \Formal\Element\Password([ "prop" => "BAIKAL_ADMIN_PASSWORDHASH", @@ -144,13 +144,13 @@ function set($sProp, $sValue) { # Special handling for password and passwordconfirm if ($sProp === "BAIKAL_ADMIN_PASSWORDHASH" && $sValue !== "") { - parent::set( - "BAIKAL_ADMIN_PASSWORDHASH", - password_hash($sValue,PASSWORD_BCRYPT) - ); - } - return $this; - } + parent::set( + "BAIKAL_ADMIN_PASSWORDHASH", + password_hash($sValue,PASSWORD_BCRYPT) + ); + } + return $this; + } parent::set($sProp, $sValue); } diff --git a/Core/Frameworks/Baikal/Model/User.php b/Core/Frameworks/Baikal/Model/User.php index 896a6e1a8..0e0fd1779 100755 --- a/Core/Frameworks/Baikal/Model/User.php +++ b/Core/Frameworks/Baikal/Model/User.php @@ -104,17 +104,17 @@ function set($sPropName, $sPropValue) { # Special handling for password and passwordconfirm if ($sPropName === "password" && $sPropValue !== "") { - if (BAIKAL_USER_AUTH_TYPE === "Bcrypt") { - parent::set( - "digesta1", - password_hash($sPropValue,PASSWORD_BCRYPT) - ); - } else { - parent::set( - "digesta1", - $this->getPasswordHashForPassword($sPropValue) - ); - } + if (BAIKAL_USER_AUTH_TYPE === "Bcrypt") { + parent::set( + "digesta1", + password_hash($sPropValue,PASSWORD_BCRYPT) + ); + } else { + parent::set( + "digesta1", + $this->getPasswordHashForPassword($sPropValue) + ); + } } return $this; From 50fe68683568bba6d99014c2403cc3128b218eee Mon Sep 17 00:00:00 2001 From: root Date: Fri, 13 Mar 2020 14:50:59 -0400 Subject: [PATCH 08/10] remove unused variable. Comment for now. If TravisCI passes, will delete --- Core/Frameworks/Baikal/Core/BcryptAuth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Core/Frameworks/Baikal/Core/BcryptAuth.php b/Core/Frameworks/Baikal/Core/BcryptAuth.php index 4975ccbb7..3f7a275c2 100755 --- a/Core/Frameworks/Baikal/Core/BcryptAuth.php +++ b/Core/Frameworks/Baikal/Core/BcryptAuth.php @@ -75,7 +75,7 @@ function validateUserPass($username, $password) { } } if ($check == true) { - $this->currentUser = $username; + // $this->currentUser = $username; return true; } return false; From e97f9fe125466ffefbc1c05599d8daa2201d6ada Mon Sep 17 00:00:00 2001 From: BuildTools Date: Fri, 13 Mar 2020 15:30:35 -0400 Subject: [PATCH 09/10] ran php-cs-fixer and sabre-cs-fixer --- Core/Frameworks/Baikal/Core/BcryptAuth.php | 2 +- Core/Frameworks/Baikal/Core/Server.php | 2 +- Core/Frameworks/Baikal/Core/Tools.php | 107 ++++++++++++--------- 3 files changed, 62 insertions(+), 49 deletions(-) diff --git a/Core/Frameworks/Baikal/Core/BcryptAuth.php b/Core/Frameworks/Baikal/Core/BcryptAuth.php index 3f7a275c2..150e93853 100755 --- a/Core/Frameworks/Baikal/Core/BcryptAuth.php +++ b/Core/Frameworks/Baikal/Core/BcryptAuth.php @@ -66,7 +66,7 @@ function validateUserPass($username, $password) { $result = $stmt->fetchAll(); if (!count($result)) return false; - if (substr($result[0]['digesta1'],0,4) == '$2y$') { + if (substr($result[0]['digesta1'], 0, 4) == '$2y$') { $check = password_verify($password, $result[0]['digesta1']); } else { $hash = md5($username . ':' . $this->authRealm . ':' . $password); diff --git a/Core/Frameworks/Baikal/Core/Server.php b/Core/Frameworks/Baikal/Core/Server.php index 0bcd4d6cf..eccc633d0 100755 --- a/Core/Frameworks/Baikal/Core/Server.php +++ b/Core/Frameworks/Baikal/Core/Server.php @@ -133,7 +133,7 @@ protected function initServer() { if ($this->authType === 'Basic') { $authBackend = new \Baikal\Core\BcryptAuth($this->pdo, $this->authRealm); - } else { + } else { $authBackend = new \Sabre\DAV\Auth\Backend\PDO($this->pdo); $authBackend->setRealm($this->authRealm); } diff --git a/Core/Frameworks/Baikal/Core/Tools.php b/Core/Frameworks/Baikal/Core/Tools.php index 9c1caae03..d0bf6e4f6 100644 --- a/Core/Frameworks/Baikal/Core/Tools.php +++ b/Core/Frameworks/Baikal/Core/Tools.php @@ -24,18 +24,20 @@ # This copyright notice MUST APPEAR in all copies of the script! ################################################################# - namespace Baikal\Core; -class Tools { - static function &db() { - return $GLOBALS["pdo"]; +class Tools +{ + public static function &db() + { + return $GLOBALS['pdo']; } - static function assertEnvironmentIsOk() { + public static function assertEnvironmentIsOk() + { # Asserting Baikal Context - if (!defined("BAIKAL_CONTEXT") || BAIKAL_CONTEXT !== true) { - die("Bootstrap.php may not be included outside the Baikal context"); + if (!defined('BAIKAL_CONTEXT') || BAIKAL_CONTEXT !== true) { + die('Bootstrap.php may not be included outside the Baikal context'); } # Asserting PDO @@ -50,21 +52,24 @@ static function assertEnvironmentIsOk() { } } - static function configureEnvironment() { + public static function configureEnvironment() + { set_exception_handler('\Baikal\Core\Tools::handleException'); - ini_set("error_reporting", E_ALL); + ini_set('error_reporting', E_ALL); } - static function handleException($exception) { - echo "
" . $exception . "
";
+    public static function handleException($exception)
+    {
+        echo '
'.$exception.'
';
     }
 
-    static function assertBaikalIsOk() {
+    public static function assertBaikalIsOk()
+    {
 
         # DB connexion has not been asserted earlier by Flake, to give us a chance to trigger the install tool
         # We assert it right now
-        if (!\Flake\Framework::isDBInitialized() && (!defined("BAIKAL_CONTEXT_INSTALL") || BAIKAL_CONTEXT_INSTALL === false)) {
-            throw new \Exception("Fatal error: no connection to a database is available.");
+        if (!\Flake\Framework::isDBInitialized() && (!defined('BAIKAL_CONTEXT_INSTALL') || BAIKAL_CONTEXT_INSTALL === false)) {
+            throw new \Exception('Fatal error: no connection to a database is available.');
         }
 
         # Asserting that the database is structurally complete
@@ -73,51 +78,52 @@ static function assertBaikalIsOk() {
         #}
 
         # Asserting config file exists
-        if (!file_exists(PROJECT_PATH_SPECIFIC . "config.php")) {
-            throw new \Exception("Specific/config.php does not exist. Please use the Install tool to create it.");
+        if (!file_exists(PROJECT_PATH_SPECIFIC.'config.php')) {
+            throw new \Exception('Specific/config.php does not exist. Please use the Install tool to create it.');
         }
 
         # Asserting config file is readable
-        if (!is_readable(PROJECT_PATH_SPECIFIC . "config.php")) {
+        if (!is_readable(PROJECT_PATH_SPECIFIC.'config.php')) {
             throw new \Exception("Specific/config.php is not readable. Please give read permissions to httpd user on file 'Specific/config.php'.");
         }
 
         # Asserting config file is writable
-        if (!is_writable(PROJECT_PATH_SPECIFIC . "config.php")) {
+        if (!is_writable(PROJECT_PATH_SPECIFIC.'config.php')) {
             throw new \Exception("Specific/config.php is not writable. Please give write permissions to httpd user on file 'Specific/config.php'.");
         }
 
         # Asserting system config file exists
-        if (!file_exists(PROJECT_PATH_SPECIFIC . "config.system.php")) {
-            throw new \Exception("Specific/config.system.php does not exist. Please use the Install tool to create it.");
+        if (!file_exists(PROJECT_PATH_SPECIFIC.'config.system.php')) {
+            throw new \Exception('Specific/config.system.php does not exist. Please use the Install tool to create it.');
         }
 
         # Asserting system config file is readable
-        if (!is_readable(PROJECT_PATH_SPECIFIC . "config.system.php")) {
+        if (!is_readable(PROJECT_PATH_SPECIFIC.'config.system.php')) {
             throw new \Exception("Specific/config.system.php is not readable. Please give read permissions to httpd user on file 'Specific/config.system.php'.");
         }
 
         # Asserting system config file is writable
-        if (!is_writable(PROJECT_PATH_SPECIFIC . "config.system.php")) {
+        if (!is_writable(PROJECT_PATH_SPECIFIC.'config.system.php')) {
             throw new \Exception("Specific/config.system.php is not writable. Please give write permissions to httpd user on file 'Specific/config.system.php'.");
         }
     }
 
-    static function getRequiredTablesList() {
+    public static function getRequiredTablesList()
+    {
         return [
-            "addressbooks",
-            "calendarobjects",
-            "calendars",
-            "cards",
-            "groupmembers",
-            "locks",
-            "principals",
-            "users",
+            'addressbooks',
+            'calendarobjects',
+            'calendars',
+            'cards',
+            'groupmembers',
+            'locks',
+            'principals',
+            'users',
         ];
     }
 
-    static function isDBStructurallyComplete(\Flake\Core\Database $oDB) {
-
+    public static function isDBStructurallyComplete(\Flake\Core\Database $oDB)
+    {
         $aRequiredTables = self::getRequiredTablesList();
         $aPresentTables = $oDB->tables();
 
@@ -129,42 +135,47 @@ static function isDBStructurallyComplete(\Flake\Core\Database $oDB) {
         return true;
     }
 
-    static function bashPrompt($prompt) {
+    public static function bashPrompt($prompt)
+    {
         echo $prompt;
         @flush();
         @ob_flush();
         $confirmation = @trim(fgets(STDIN));
+
         return $confirmation;
     }
 
-    static function bashPromptSilent($prompt = "Enter Password:") {
+    public static function bashPromptSilent($prompt = 'Enter Password:')
+    {
         $command = "/usr/bin/env bash -c 'echo OK'";
 
         if (rtrim(shell_exec($command)) !== 'OK') {
             trigger_error("Can't invoke bash");
+
             return;
         }
 
         $command = "/usr/bin/env bash -c 'read -s -p \""
-        . addslashes($prompt)
-        . "\" mypassword && echo \$mypassword'";
+        .addslashes($prompt)
+        ."\" mypassword && echo \$mypassword'";
 
         $password = rtrim(shell_exec($command));
         echo "\n";
+
         return $password;
     }
 
-    static function getCopyrightNotice($sLinePrefixChar = "#", $sLineSuffixChar = "", $sOpening = false, $sClosing = false) {
-
+    public static function getCopyrightNotice($sLinePrefixChar = '#', $sLineSuffixChar = '', $sOpening = false, $sClosing = false)
+    {
         if ($sOpening === false) {
-            $sOpening = str_repeat("#", 78);
+            $sOpening = str_repeat('#', 78);
         }
 
         if ($sClosing === false) {
-            $sClosing = str_repeat("#", 78);
+            $sClosing = str_repeat('#', 78);
         }
 
-        $iYear = date("Y");
+        $iYear = date('Y');
 
         $sCode = <<
Date: Fri, 13 Mar 2020 16:04:15 -0400
Subject: [PATCH 10/10] sabre-cs-fixer passes locally

---
 Core/Frameworks/Baikal/Core/BcryptAuth.php    |  1 -
 Core/Frameworks/Baikal/Core/Tools.php         | 45 ++++++++++---------
 .../Baikal/Model/Config/Standard.php          |  6 +--
 Core/Frameworks/Baikal/Model/User.php         |  2 +-
 Core/Frameworks/BaikalAdmin/Core/Auth.php     | 22 ++++-----
 5 files changed, 38 insertions(+), 38 deletions(-)

diff --git a/Core/Frameworks/Baikal/Core/BcryptAuth.php b/Core/Frameworks/Baikal/Core/BcryptAuth.php
index 150e93853..4a53a639c 100755
--- a/Core/Frameworks/Baikal/Core/BcryptAuth.php
+++ b/Core/Frameworks/Baikal/Core/BcryptAuth.php
@@ -75,7 +75,6 @@ function validateUserPass($username, $password) {
                 }
         }
         if ($check == true) {
-            // $this->currentUser = $username;
             return true;
         }
         return false;
diff --git a/Core/Frameworks/Baikal/Core/Tools.php b/Core/Frameworks/Baikal/Core/Tools.php
index d0bf6e4f6..6b1fa30d6 100644
--- a/Core/Frameworks/Baikal/Core/Tools.php
+++ b/Core/Frameworks/Baikal/Core/Tools.php
@@ -24,16 +24,17 @@
 #  This copyright notice MUST APPEAR in all copies of the script!
 #################################################################
 
+
 namespace Baikal\Core;
 
 class Tools
 {
-    public static function &db()
+    static function &db()
     {
         return $GLOBALS['pdo'];
     }
 
-    public static function assertEnvironmentIsOk()
+    static function assertEnvironmentIsOk()
     {
         # Asserting Baikal Context
         if (!defined('BAIKAL_CONTEXT') || BAIKAL_CONTEXT !== true) {
@@ -52,18 +53,18 @@ public static function assertEnvironmentIsOk()
         }
     }
 
-    public static function configureEnvironment()
+    static function configureEnvironment()
     {
         set_exception_handler('\Baikal\Core\Tools::handleException');
         ini_set('error_reporting', E_ALL);
     }
 
-    public static function handleException($exception)
+    static function handleException($exception)
     {
-        echo '
'.$exception.'
';
+        echo '
' . $exception . '
';
     }
 
-    public static function assertBaikalIsOk()
+    static function assertBaikalIsOk()
     {
 
         # DB connexion has not been asserted earlier by Flake, to give us a chance to trigger the install tool
@@ -78,37 +79,37 @@ public static function assertBaikalIsOk()
         #}
 
         # Asserting config file exists
-        if (!file_exists(PROJECT_PATH_SPECIFIC.'config.php')) {
+        if (!file_exists(PROJECT_PATH_SPECIFIC . 'config.php')) {
             throw new \Exception('Specific/config.php does not exist. Please use the Install tool to create it.');
         }
 
         # Asserting config file is readable
-        if (!is_readable(PROJECT_PATH_SPECIFIC.'config.php')) {
+        if (!is_readable(PROJECT_PATH_SPECIFIC . 'config.php')) {
             throw new \Exception("Specific/config.php is not readable. Please give read permissions to httpd user on file 'Specific/config.php'.");
         }
 
         # Asserting config file is writable
-        if (!is_writable(PROJECT_PATH_SPECIFIC.'config.php')) {
+        if (!is_writable(PROJECT_PATH_SPECIFIC . 'config.php')) {
             throw new \Exception("Specific/config.php is not writable. Please give write permissions to httpd user on file 'Specific/config.php'.");
         }
 
         # Asserting system config file exists
-        if (!file_exists(PROJECT_PATH_SPECIFIC.'config.system.php')) {
+        if (!file_exists(PROJECT_PATH_SPECIFIC . 'config.system.php')) {
             throw new \Exception('Specific/config.system.php does not exist. Please use the Install tool to create it.');
         }
 
         # Asserting system config file is readable
-        if (!is_readable(PROJECT_PATH_SPECIFIC.'config.system.php')) {
+        if (!is_readable(PROJECT_PATH_SPECIFIC . 'config.system.php')) {
             throw new \Exception("Specific/config.system.php is not readable. Please give read permissions to httpd user on file 'Specific/config.system.php'.");
         }
 
         # Asserting system config file is writable
-        if (!is_writable(PROJECT_PATH_SPECIFIC.'config.system.php')) {
+        if (!is_writable(PROJECT_PATH_SPECIFIC . 'config.system.php')) {
             throw new \Exception("Specific/config.system.php is not writable. Please give write permissions to httpd user on file 'Specific/config.system.php'.");
         }
     }
 
-    public static function getRequiredTablesList()
+    static function getRequiredTablesList()
     {
         return [
             'addressbooks',
@@ -122,7 +123,7 @@ public static function getRequiredTablesList()
         ];
     }
 
-    public static function isDBStructurallyComplete(\Flake\Core\Database $oDB)
+    static function isDBStructurallyComplete(\Flake\Core\Database $oDB)
     {
         $aRequiredTables = self::getRequiredTablesList();
         $aPresentTables = $oDB->tables();
@@ -135,7 +136,7 @@ public static function isDBStructurallyComplete(\Flake\Core\Database $oDB)
         return true;
     }
 
-    public static function bashPrompt($prompt)
+    static function bashPrompt($prompt)
     {
         echo $prompt;
         @flush();
@@ -145,7 +146,7 @@ public static function bashPrompt($prompt)
         return $confirmation;
     }
 
-    public static function bashPromptSilent($prompt = 'Enter Password:')
+    static function bashPromptSilent($prompt = 'Enter Password:')
     {
         $command = "/usr/bin/env bash -c 'echo OK'";
 
@@ -156,8 +157,8 @@ public static function bashPromptSilent($prompt = 'Enter Password:')
         }
 
         $command = "/usr/bin/env bash -c 'read -s -p \""
-        .addslashes($prompt)
-        ."\" mypassword && echo \$mypassword'";
+        . addslashes($prompt)
+        . "\" mypassword && echo \$mypassword'";
 
         $password = rtrim(shell_exec($command));
         echo "\n";
@@ -165,7 +166,7 @@ public static function bashPromptSilent($prompt = 'Enter Password:')
         return $password;
     }
 
-    public static function getCopyrightNotice($sLinePrefixChar = '#', $sLineSuffixChar = '', $sOpening = false, $sClosing = false)
+    static function getCopyrightNotice($sLinePrefixChar = '#', $sLineSuffixChar = '', $sOpening = false, $sClosing = false)
     {
         if ($sOpening === false) {
             $sOpening = str_repeat('#', 78);
@@ -201,10 +202,10 @@ public static function getCopyrightNotice($sLinePrefixChar = '#', $sLineSuffixCh
 
 This copyright notice MUST APPEAR in all copies of the script!
 CODE;
-        $sCode = "\n".trim($sCode)."\n";
+        $sCode = "\n" . trim($sCode) . "\n";
         $aCode = explode("\n", $sCode);
         foreach (array_keys($aCode) as $iLineNum) {
-            $aCode[$iLineNum] = trim($sLinePrefixChar."\t".$aCode[$iLineNum]);
+            $aCode[$iLineNum] = trim($sLinePrefixChar . "\t" . $aCode[$iLineNum]);
         }
 
         if (trim($sOpening) !== '') {
@@ -218,7 +219,7 @@ public static function getCopyrightNotice($sLinePrefixChar = '#', $sLineSuffixCh
         return implode("\n", $aCode);
     }
 
-    public static function timezones()
+    static function timezones()
     {
         $aZones = \DateTimeZone::listIdentifiers();
 
diff --git a/Core/Frameworks/Baikal/Model/Config/Standard.php b/Core/Frameworks/Baikal/Model/Config/Standard.php
index e1c72ff79..df9e422ca 100755
--- a/Core/Frameworks/Baikal/Model/Config/Standard.php
+++ b/Core/Frameworks/Baikal/Model/Config/Standard.php
@@ -101,13 +101,13 @@ function formMorphologyForThisModelInstance() {
         $oMorpho->add(new \Formal\Element\Listbox([
             "prop"    => "BAIKAL_DAV_AUTH_TYPE",
             "label"   => "WebDAV authentication type",
-            "options" => ["Basic","Digest"]
+            "options" => ["Basic", "Digest"]
         ]));
 
         $oMorpho->add(new \Formal\Element\Listbox([
             "prop"    => "BAIKAL_USER_AUTH_TYPE",
             "label"   => "Password Storage Hash Type",
-            "options" => ["Bcrypt","MD5"],
+            "options" => ["Bcrypt", "MD5"],
             "help"    => "If set to BCrypt, WebDAV must be set to BASIC."
         ]));
 
@@ -146,7 +146,7 @@ function set($sProp, $sValue) {
             if ($sProp === "BAIKAL_ADMIN_PASSWORDHASH" && $sValue !== "") {
                         parent::set(
                             "BAIKAL_ADMIN_PASSWORDHASH",
-                            password_hash($sValue,PASSWORD_BCRYPT)
+                            password_hash($sValue, PASSWORD_BCRYPT)
                         );
                   }
             return $this;
diff --git a/Core/Frameworks/Baikal/Model/User.php b/Core/Frameworks/Baikal/Model/User.php
index 0e0fd1779..ebcb65962 100755
--- a/Core/Frameworks/Baikal/Model/User.php
+++ b/Core/Frameworks/Baikal/Model/User.php
@@ -107,7 +107,7 @@ function set($sPropName, $sPropValue) {
                 if (BAIKAL_USER_AUTH_TYPE === "Bcrypt") {
                         parent::set(
                             "digesta1",
-                            password_hash($sPropValue,PASSWORD_BCRYPT)
+                            password_hash($sPropValue, PASSWORD_BCRYPT)
                         );
                 } else {
                         parent::set(
diff --git a/Core/Frameworks/BaikalAdmin/Core/Auth.php b/Core/Frameworks/BaikalAdmin/Core/Auth.php
index 3bbf19392..493671945 100755
--- a/Core/Frameworks/BaikalAdmin/Core/Auth.php
+++ b/Core/Frameworks/BaikalAdmin/Core/Auth.php
@@ -45,16 +45,16 @@ static function authenticate() {
         $sUser = \Flake\Util\Tools::POST("login");
         $sPass = \Flake\Util\Tools::POST("password");
 
-	if (substr(BAIKAL_ADMIN_PASSWORDHASH,0,4) == "$2y$") {
-	        $sPassHash = password_verify($sPass, BAIKAL_ADMIN_PASSWORDHASH);
-	} else {
-		$sPassHash = self::hashAdminPassword($sPass);
-		if ($sPassHash === BAIKAL_ADMIN_PASSWORDHASH) {
-			$sPassHash = true;
-		} else {
-			$sPassHash = false;
-		}
-	}
+    if (substr(BAIKAL_ADMIN_PASSWORDHASH, 0, 4) == "$2y$") {
+            $sPassHash = password_verify($sPass, BAIKAL_ADMIN_PASSWORDHASH);
+    } else {
+        $sPassHash = self::hashAdminPassword($sPass);
+        if ($sPassHash === BAIKAL_ADMIN_PASSWORDHASH) {
+            $sPassHash = true;
+        } else {
+            $sPassHash = false;
+        }
+    }
 
         if ($sUser === "admin" && $sPassHash == true) {
             $_SESSION["baikaladminauth"] = md5(BAIKAL_ADMIN_PASSWORDHASH);
@@ -75,7 +75,7 @@ static function hashAdminPassword($sPassword) {
         } else {
             $sAuthRealm = "BaikalDAV";    # Fallback to default value; useful when initializing App, as all constants are not set yet
         }
-	
+    
         return md5('admin:' . $sAuthRealm . ':' . $sPassword);
     }