maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

fix password crypt hash being always evaluated to argon2i as the case always returns true if PASSWORD_ARGON2I is defined but the froxlor setting might be set to another hash leading to a useless password

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2024-02-03 10:12:36 +01:00
parent 9c70976018
commit ece4b34f25
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/Froxlor/Api/Commands/EmailAccounts.php
View File

@@ -157,10 +157,10 @@ class EmailAccounts extends ApiCommand implements ResourceEntity
// prefix hash-algo // prefix hash-algo
switch (Settings::Get('system.passwordcryptfunc')) { switch (Settings::Get('system.passwordcryptfunc')) {
case defined('PASSWORD_ARGON2I') && PASSWORD_ARGON2I: case 'argon2i':
$cpPrefix = '{ARGON2I}'; $cpPrefix = '{ARGON2I}';
break; break;
case defined('PASSWORD_ARGON2ID') && PASSWORD_ARGON2ID: case 'argon2id':
$cpPrefix = '{ARGON2ID}'; $cpPrefix = '{ARGON2ID}';
break; break;
default: default:
@@ -404,10 +404,10 @@ class EmailAccounts extends ApiCommand implements ResourceEntity
$password = Crypt::validatePassword($password, true); $password = Crypt::validatePassword($password, true);
// prefix hash-algo // prefix hash-algo
switch (Settings::Get('system.passwordcryptfunc')) { switch (Settings::Get('system.passwordcryptfunc')) {
case defined('PASSWORD_ARGON2I') && PASSWORD_ARGON2I: case 'argon2i':
$cpPrefix = '{ARGON2I}'; $cpPrefix = '{ARGON2I}';
break; break;
case defined('PASSWORD_ARGON2ID') && PASSWORD_ARGON2ID: case 'argon2id':
$cpPrefix = '{ARGON2ID}'; $cpPrefix = '{ARGON2ID}';
break; break;
default: default: