Skip to content

Commit

Permalink
3.1.2
Browse files Browse the repository at this point in the history 
Fix for #4297
  • Loading branch information
@nilsteampassnet
nilsteampassnet committed Sep 2, 2024
1 parent d42221f commit e5e3754
Show file tree
Hide file tree
Showing 7 changed files with 26 additions and 22 deletions.
2 changes: 1 addition & 1 deletion includes/config/include.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@

define('TP_VERSION', '3.1.2');
define("UPGRADE_MIN_DATE", "1724862801");
define('TP_VERSION_MINOR', '59');
define('TP_VERSION_MINOR', '60');
define('TP_TOOL_NAME', 'Teampass');
define('TP_ONE_DAY_SECONDS', 86400);
define('TP_ONE_WEEK_SECONDS', 604800);
Expand Down
5 changes: 4 additions & 1 deletion includes/js/functions.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -407,11 +407,14 @@ function simplePurifier(
.replaceAll('>', '>')
.replaceAll('&', '&')
.replaceAll('&', '&')
.replaceAll('&', '&')
.replaceAll('&', '&')
.replaceAll('"', '"')
.replaceAll('";', '"')
.replaceAll('";', '"')
.replaceAll('"', '"')
.replaceAll(''', "'");
.replaceAll(''', "'")
.replaceAll(''', "'");

if (bSanitize === false) {
return textCleaned;
Expand Down
8 changes: 4 additions & 4 deletions includes/tables_integrity.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,11 @@
},
{
"table_name": "background_tasks",
"structure_hash": "9bc115806665bb223564f9a6fafdd873e83be186f631311c02543142d0a1fe35"
"structure_hash": "a0898a3f459ba246019b05d55c3ca0426745cb93153dec26fac9634834477d9b"
},
{
"table_name": "background_tasks_logs",
"structure_hash": "f10662f70ff0bc9252fd8d2cc50d20aa0106043db029e30a432432827496294b"
"structure_hash": "b2fcc60ceb4d88543c9c40e6abefd85116b17b5c6b796cc63b53f4832f451e0f"
},
{
"table_name": "cache",
Expand Down Expand Up @@ -97,11 +97,11 @@
},
{
"table_name": "log_items",
"structure_hash": "4eae2e19d885fe0d17ba7e523e273930b254f71d72c484012250080e4580c199"
"structure_hash": "c394770da836eee405ce63b2789716f1bbc6ded68e412b130c6bfb5c148d2c9f"
},
{
"table_name": "log_system",
"structure_hash": "a59b524f3c30b0dd1bc37a6d20ad232e40aae2414f15838faf87e4a6f6186b9a"
"structure_hash": "685365edf156d518fba2f4be654e32ea65033f1327bc6295d67e8c34f365068f"
},
{
"table_name": "misc",
Expand Down
10 changes: 8 additions & 2 deletions install/install.queries.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@
use Hackzilla\PasswordGenerator\RandomGenerator\Php7RandomGenerator;
use TeampassClasses\SuperGlobal\SuperGlobal;
use TeampassClasses\Language\Language;
use TeampassClasses\PasswordManager\PasswordManager;

// Do initial test
if (file_exists('../includes/config/settings.php') === false) {
Expand Down Expand Up @@ -851,15 +852,20 @@ function encryptFollowingDefuse($message, $ascii_key)
);

require_once '../includes/config/include.php';

// Hash password
$passwordManager = new PasswordManager();
$hashedPassword = $passwordManager->hashPassword($var['admin_pwd']);

// check that admin accounts doesn't exist
$tmp = mysqli_num_rows(mysqli_query($dbTmp, "SELECT * FROM `" . $var['tbl_prefix'] . "users` WHERE login = 'admin'"));
if ($tmp === 0) {
$mysqli_result = mysqli_query(
$dbTmp,
"INSERT INTO `" . $var['tbl_prefix'] . "users` (`id`, `login`, `pw`, `admin`, `gestionnaire`, `personal_folder`, `groupes_visibles`, `email`, `encrypted_psk`, `last_pw_change`, `name`, `lastname`, `can_create_root_folder`, `public_key`, `private_key`, `is_ready_for_usage`, `otp_provided`) VALUES ('1', 'admin', '" . bCrypt($var['admin_pwd'], '13') . "', '1', '0', '0', '0', '" . $var['admin_email'] . "', '', '" . time() . "', 'Change me', 'Change me', '1', 'none', 'none', '1', '1')"
"INSERT INTO `" . $var['tbl_prefix'] . "users` (`id`, `login`, `pw`, `admin`, `gestionnaire`, `personal_folder`, `groupes_visibles`, `email`, `encrypted_psk`, `last_pw_change`, `name`, `lastname`, `can_create_root_folder`, `public_key`, `private_key`, `is_ready_for_usage`, `otp_provided`) VALUES ('1', 'admin', '" . $hashedPassword . "', '1', '0', '0', '0', '" . $var['admin_email'] . "', '', '" . time() . "', 'Change me', 'Change me', '1', 'none', 'none', '1', '1')"
);
} else {
$mysqli_result = mysqli_query($dbTmp, 'UPDATE `' . $var['tbl_prefix'] . "users` SET `pw` = '" . bCrypt($var['admin_pwd'], '13') . "' WHERE login = 'admin' AND id = '1'");
$mysqli_result = mysqli_query($dbTmp, 'UPDATE `' . $var['tbl_prefix'] . "users` SET `pw` = '" . $hashedPassword . "' WHERE login = 'admin' AND id = '1'");
}

// check that API doesn't exist
Expand Down
2 changes: 1 addition & 1 deletion sources/items.queries.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4544,7 +4544,7 @@
$session->get('user-private_key')
)
);

$log = 'Used user ID: '.$session->get('user-id')."\n";
$log .= 'Used user Private key: '.$session->get('user-private_key')."\n";
$log .= '$currentUserKey: '.$dataItem['share_key']."\n";
Expand Down
6 changes: 2 additions & 4 deletions sources/main.functions.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,10 +62,6 @@
// Load config if $SETTINGS not defined
$configManager = new ConfigManager();
$SETTINGS = $configManager->getAllSettings();
/*if (isset($SETTINGS['cpassman_dir']) === false || empty($SETTINGS['cpassman_dir']) === true) {
include_once __DIR__ . '/../includes/config/tp.config.php';
}
*/

/**
* genHash().
Expand All @@ -77,6 +73,7 @@
*
* @return string|void
*/
/* TODO - Remove this function
function bCrypt(
string $password,
string $cost
Expand All @@ -94,6 +91,7 @@ function bCrypt(
return crypt($password, $salt);
}
*/

/**
* Checks if a string is hex encoded
Expand Down
15 changes: 6 additions & 9 deletions vendor/teampassclasses/passwordmanager/src/PasswordManager.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,10 +59,10 @@ public function verifyPassword(string $hashedPassword, string $plainPassword): b
// --- Handle migration from PasswordLib to Symfony PasswordHasher
public function migratePassword(string $hashedPassword, string $plainPassword, int $userId): string
{
// Vérifiez si le mot de passe a été haché avec passwordlib
if ($this->isPasswordLibHash($hashedPassword)) {
// Vérification de passwordlib
if ($this->passwordLibVerify($hashedPassword, html_entity_decode($plainPassword))) {
// Check if the password is correct
if ($this->verifyPassword($hashedPassword, $plainPassword) === true) {
// Check if password has been hashed with passwordlib
if ($this->isPasswordLibHash($hashedPassword)) {
// Password is valid, hash it with new system
$newHashedPassword = $this->hashPassword($plainPassword);
$userInfo['pw'] = $newHashedPassword;
Expand All @@ -73,13 +73,10 @@ public function migratePassword(string $hashedPassword, string $plainPassword, i
if (WIP === true) error_log("migratePassword performed for user ".$userId." | Old hash: ".$hashedPassword." | New hash: ".$newHashedPassword);
// Return new hashed password
return $newHashedPassword;
} else {
//throw new \Exception("Password is not correct");
return false;
}
}

// Le mot de passe a déjà été haché avec le nouveau système
// Return hashed password
return $hashedPassword;
}

Expand All @@ -89,7 +86,7 @@ private function isPasswordLibHash(string $hashedPassword): bool
return strpos($hashedPassword, '$2y$10$') === 0;
}

// Vous devrez implémenter cette fonction pour utiliser la vérification de passwordlib
// Vérification du hash et mdp passwordlib
private function passwordLibVerify(string $hashedPassword, string $plainPassword): bool
{
// Vérification avec passwordlib
Expand Down

0 comments on commit e5e3754

Please sign in to comment.