I noticed MWOldPassword is broken while working on
I7024b287a7. When generating new passwords for it,
a superfluous : is being added to the serialized hash
within the database (and that breaks parsing so that
people can't ever log in).
As this is not really relevant in the real world (as
nobody is hopefully using plain MD5 passwords anymore),
this doesn't need any backward compatibility handling
for the broken hashes.
Change-Id: I753c135a6de39008488bd7462c2bfcda2cbac116
public function crypt( $plaintext ) {
global $wgPasswordSalt;
- if ( $wgPasswordSalt && count( $this->args ) == 1 ) {
+ if ( $wgPasswordSalt && count( $this->args ) === 1 ) {
$this->hash = md5( $this->args[0] . '-' . md5( $plaintext ) );
} else {
$this->args = array();
}
public function toString() {
- return
- ':' . $this->config['type'] . ':' .
- implode( $this->getDelimiter(), array_merge( $this->params, $this->args ) ) .
- $this->getDelimiter() . $this->hash;
+ $str = ':' . $this->config['type'] . ':';
+
+ if ( count( $this->params ) || count( $this->args ) ) {
+ $str .= implode( $this->getDelimiter(), array_merge( $this->params, $this->args ) );
+ $str .= $this->getDelimiter();
+ }
+
+ return $str . $this->hash;
}
/**
$passwordFactory = $this->user->getPasswordFactory();
$oldDefaultType = $passwordFactory->getDefaultType();
- // B is salted MD5 (thus fast) ... we don't care about security here, this is test only
- $passwordFactory->setDefaultType( 'B' ); // @TODO: Change this to A once that is fixed: https://gerrit.wikimedia.org/r/167523
+ // A is unsalted MD5 (thus fast) ... we don't care about security here, this is test only
+ $passwordFactory->setDefaultType( 'A' );
$newPassword = $passwordFactory->newFromPlaintext( $password , $this->user->getPassword() );
$change = false;