renames to LegacyPasswordSecurity

src/Umbraco.Core/Security/LegacyPasswordSecurity.cs

@@ -7,13 +7,10 @@ namespace Umbraco.Core.Security
 {
 
     /// <summary>
-    /// Handles password hashing and formatting
+    /// Handles password hashing and formatting for legacy hashing algorithms
     /// </summary>
-    public class PasswordSecurity
+    public class LegacyPasswordSecurity
     {
-        // TODO: This class could/should be renamed since it's really purely about legacy hashing, we want to use the new hashing available
-        // to us but this is here for compatibility purposes.
-
         // TODO: This class no longer has the logic available to verify the old old old password format, we should
         // include this ability so that upgrades for very old versions/data can work and then auto-migrate to the new password format.
 
@@ -24,7 +21,7 @@ namespace Umbraco.Core.Security
         /// Constructor
         /// </summary>
         /// <param name="passwordConfiguration"></param>
-        public PasswordSecurity(IPasswordConfiguration passwordConfiguration)
+        public LegacyPasswordSecurity(IPasswordConfiguration passwordConfiguration)
         {
             _passwordConfiguration = passwordConfiguration;
             _generator = new PasswordGenerator(passwordConfiguration);

src/Umbraco.Tests.UnitTests/Umbraco.Core/Security/PasswordSecurityTests.cs

@@ -14,7 +14,7 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Core.Security
         [Test]
         public void Check_Password_Hashed_Non_KeyedHashAlgorithm()
         {
-            var passwordSecurity = new PasswordSecurity(Mock.Of<IPasswordConfiguration>(x => x.HashAlgorithmType == "SHA256"));
+            var passwordSecurity = new LegacyPasswordSecurity(Mock.Of<IPasswordConfiguration>(x => x.HashAlgorithmType == "SHA256"));
 
             string salt;
             var pass = "ThisIsAHashedPassword";
@@ -29,7 +29,7 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Core.Security
         [Test]
         public void Check_Password_Hashed_KeyedHashAlgorithm()
         {
-            var passwordSecurity = new PasswordSecurity(Mock.Of<IPasswordConfiguration>(x => x.HashAlgorithmType == Constants.Security.AspNetUmbraco8PasswordHashAlgorithmName));
+            var passwordSecurity = new LegacyPasswordSecurity(Mock.Of<IPasswordConfiguration>(x => x.HashAlgorithmType == Constants.Security.AspNetUmbraco8PasswordHashAlgorithmName));
 
             string salt;
             var pass = "ThisIsAHashedPassword";
@@ -44,9 +44,9 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Core.Security
         [Test]
         public void Format_Pass_For_Storage_Hashed()
         {
-            var passwordSecurity = new PasswordSecurity(Mock.Of<IPasswordConfiguration>(x => x.HashAlgorithmType == Constants.Security.AspNetUmbraco8PasswordHashAlgorithmName));
+            var passwordSecurity = new LegacyPasswordSecurity(Mock.Of<IPasswordConfiguration>(x => x.HashAlgorithmType == Constants.Security.AspNetUmbraco8PasswordHashAlgorithmName));
 
-            var salt = PasswordSecurity.GenerateSalt();
+            var salt = LegacyPasswordSecurity.GenerateSalt();
             var stored = "ThisIsAHashedPassword";
 
             var result = passwordSecurity.FormatPasswordForStorage(stored, salt);
@@ -57,9 +57,9 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Core.Security
         [Test]
         public void Get_Stored_Password_Hashed()
         {
-            var passwordSecurity = new PasswordSecurity(Mock.Of<IPasswordConfiguration>(x => x.HashAlgorithmType == Constants.Security.AspNetUmbraco8PasswordHashAlgorithmName));
+            var passwordSecurity = new LegacyPasswordSecurity(Mock.Of<IPasswordConfiguration>(x => x.HashAlgorithmType == Constants.Security.AspNetUmbraco8PasswordHashAlgorithmName));
 
-            var salt = PasswordSecurity.GenerateSalt();
+            var salt = LegacyPasswordSecurity.GenerateSalt();
             var stored = salt + "ThisIsAHashedPassword";
 
             string initSalt;
@@ -77,7 +77,7 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Core.Security
             var lastLength = 0;
             for (var i = 0; i < 10000; i++)
             {
-                var result = PasswordSecurity.GenerateSalt();
+                var result = LegacyPasswordSecurity.GenerateSalt();
 
                 if (i > 0)
                     Assert.AreEqual(lastLength, result.Length);

src/Umbraco.Web.BackOffice/Extensions/UmbracoBackOfficeServiceCollectionExtensions.cs

@@ -65,7 +65,7 @@ namespace Umbraco.Extensions
             services.TryAddScoped<IPasswordValidator<BackOfficeIdentityUser>, PasswordValidator<BackOfficeIdentityUser>>();
             services.TryAddScoped<IPasswordHasher<BackOfficeIdentityUser>>(
                 services => new BackOfficePasswordHasher(
-                    new PasswordSecurity(services.GetRequiredService<IUserPasswordConfiguration>()),
+                    new LegacyPasswordSecurity(services.GetRequiredService<IUserPasswordConfiguration>()),
                     services.GetRequiredService<IJsonSerializer>()));
             services.TryAddScoped<IUserConfirmation<BackOfficeIdentityUser>, DefaultUserConfirmation<BackOfficeIdentityUser>>();
             services.TryAddScoped<IUserClaimsPrincipalFactory<BackOfficeIdentityUser>, UserClaimsPrincipalFactory<BackOfficeIdentityUser>>();

src/Umbraco.Web.BackOffice/Security/BackOfficePasswordHasher.cs

@@ -13,10 +13,10 @@ namespace Umbraco.Web.BackOffice.Security
     /// </summary>
     public class BackOfficePasswordHasher : PasswordHasher<BackOfficeIdentityUser>
     {
-        private readonly PasswordSecurity _passwordSecurity;
+        private readonly LegacyPasswordSecurity _passwordSecurity;
         private readonly IJsonSerializer _jsonSerializer;
 
-        public BackOfficePasswordHasher(PasswordSecurity passwordSecurity, IJsonSerializer jsonSerializer)
+        public BackOfficePasswordHasher(LegacyPasswordSecurity passwordSecurity, IJsonSerializer jsonSerializer)
         {
             _passwordSecurity = passwordSecurity;
             _jsonSerializer = jsonSerializer;

src/Umbraco.Web/Editors/MemberController.cs

@@ -63,13 +63,13 @@ namespace Umbraco.Web.Editors
         {
             _passwordConfig = passwordConfig ?? throw new ArgumentNullException(nameof(passwordConfig));
             _propertyEditors = propertyEditors ?? throw new ArgumentNullException(nameof(propertyEditors));
-            _passwordSecurity = new PasswordSecurity(_passwordConfig);
+            _passwordSecurity = new LegacyPasswordSecurity(_passwordConfig);
             _passwordValidator = new ConfiguredPasswordValidator();
         }
 
         private readonly IMemberPasswordConfiguration _passwordConfig;
         private readonly PropertyEditorCollection _propertyEditors;
-        private readonly PasswordSecurity _passwordSecurity;
+        private readonly LegacyPasswordSecurity _passwordSecurity;
         private readonly IPasswordValidator _passwordValidator;
 
         public PagedResult<MemberBasic> GetPagedResults(

src/Umbraco.Web/Security/BackOfficeOwinUserManager.cs

@@ -119,7 +119,7 @@ namespace Umbraco.Web.Security
 
         protected override IPasswordHasher<BackOfficeIdentityUser> GetDefaultPasswordHasher(IPasswordConfiguration passwordConfiguration)
         {
-            return new UserAwarePasswordHasher<BackOfficeIdentityUser>(new PasswordSecurity(passwordConfiguration));
+            return new UserAwarePasswordHasher<BackOfficeIdentityUser>(new LegacyPasswordSecurity(passwordConfiguration));
         }
 
         protected void InitUserManager(BackOfficeOwinUserManager manager, IDataProtectionProvider dataProtectionProvider)

src/Umbraco.Web/Security/Providers/MembersMembershipProvider.cs

@@ -80,7 +80,7 @@ namespace Umbraco.Web.Security.Providers
                     CustomHashAlgorithmType.IsNullOrWhiteSpace() ? Membership.HashAlgorithmType : CustomHashAlgorithmType,
                     MaxInvalidPasswordAttempts));
 
-            _passwordSecurity = new Lazy<PasswordSecurity>(() => new PasswordSecurity(PasswordConfiguration));
+            _passwordSecurity = new Lazy<LegacyPasswordSecurity>(() => new LegacyPasswordSecurity(PasswordConfiguration));
 
         }
 
@@ -114,10 +114,10 @@ namespace Umbraco.Web.Security.Providers
             }
         }
 
-        private Lazy<PasswordSecurity> _passwordSecurity;
+        private Lazy<LegacyPasswordSecurity> _passwordSecurity;
         private Lazy<IPasswordConfiguration> _passwordConfig;
 
-        public override PasswordSecurity PasswordSecurity => _passwordSecurity.Value;
+        public override LegacyPasswordSecurity PasswordSecurity => _passwordSecurity.Value;
         public IPasswordConfiguration PasswordConfiguration => _passwordConfig.Value;
 
         private class MembershipProviderPasswordConfiguration : IPasswordConfiguration

src/Umbraco.Web/Security/UmbracoMembershipProviderBase.cs

@@ -14,7 +14,7 @@ namespace Umbraco.Web.Security
         {
         }
 
-        public abstract PasswordSecurity PasswordSecurity { get; }
+        public abstract LegacyPasswordSecurity PasswordSecurity { get; }
         public abstract string DefaultMemberTypeAlias { get; }
 
         /// <summary>

src/Umbraco.Web/Security/UserAwarePasswordHasher.cs

@@ -7,9 +7,9 @@ namespace Umbraco.Web.Security
     public class UserAwarePasswordHasher<T> : IPasswordHasher<T>
         where T : BackOfficeIdentityUser
     {
-        private readonly PasswordSecurity _passwordSecurity;
+        private readonly LegacyPasswordSecurity _passwordSecurity;
 
-        public UserAwarePasswordHasher(PasswordSecurity passwordSecurity)
+        public UserAwarePasswordHasher(LegacyPasswordSecurity passwordSecurity)
         {
             _passwordSecurity = passwordSecurity;
         }