Removed UseLegacyEncoding option from config
This commit is contained in:
Bjarke Berg
@@ -29,9 +29,6 @@ namespace Umbraco.Configuration.Models
|
||||
public bool RequireUppercase =>
|
||||
_configuration.GetValue(Prefix + "RequireUppercase", false);
|
||||
|
||||
public bool UseLegacyEncoding =>
|
||||
_configuration.GetValue(Prefix + "UseLegacyEncoding", false);
|
||||
|
||||
public string HashAlgorithmType =>
|
||||
_configuration.GetValue(Prefix + "HashAlgorithmType", "HMACSHA256");
|
||||
|
||||
|
||||
@@ -27,9 +27,6 @@ namespace Umbraco.Configuration.Models
|
||||
public bool RequireUppercase =>
|
||||
_configuration.GetValue(Prefix + "RequireUppercase", false);
|
||||
|
||||
public bool UseLegacyEncoding =>
|
||||
_configuration.GetValue(Prefix + "UseLegacyEncoding", false);
|
||||
|
||||
public string HashAlgorithmType =>
|
||||
_configuration.GetValue(Prefix + "HashAlgorithmType", "HMACSHA256");
|
||||
|
||||
|
||||
@@ -6,13 +6,11 @@
|
||||
/// </summary>
|
||||
public interface IPasswordConfiguration
|
||||
{
|
||||
int RequiredLength { get; }
|
||||
int RequiredLength { get; }
|
||||
bool RequireNonLetterOrDigit { get; }
|
||||
bool RequireDigit { get; }
|
||||
bool RequireLowercase { get; }
|
||||
bool RequireUppercase { get; }
|
||||
|
||||
bool UseLegacyEncoding { get; }
|
||||
string HashAlgorithmType { get; }
|
||||
|
||||
// TODO: This doesn't really belong here
|
||||
|
||||
@@ -17,7 +17,6 @@ namespace Umbraco.Core.Configuration
|
||||
RequireDigit = configSettings.RequireDigit;
|
||||
RequireLowercase = configSettings.RequireLowercase;
|
||||
RequireUppercase = configSettings.RequireUppercase;
|
||||
UseLegacyEncoding = configSettings.UseLegacyEncoding;
|
||||
HashAlgorithmType = configSettings.HashAlgorithmType;
|
||||
MaxFailedAccessAttemptsBeforeLockout = configSettings.MaxFailedAccessAttemptsBeforeLockout;
|
||||
}
|
||||
@@ -32,8 +31,6 @@ namespace Umbraco.Core.Configuration
|
||||
|
||||
public bool RequireUppercase { get; }
|
||||
|
||||
public bool UseLegacyEncoding { get; }
|
||||
|
||||
public string HashAlgorithmType { get; }
|
||||
|
||||
public int MaxFailedAccessAttemptsBeforeLockout { get; }
|
||||
|
||||
@@ -66,12 +66,6 @@ namespace Umbraco.Tests.Configurations.UmbracoSettings
|
||||
Assert.IsTrue(UserPasswordConfiguration.RequireUppercase == false);
|
||||
}
|
||||
|
||||
[Test]
|
||||
public void UserPasswordConfiguration_UseLegacyEncoding()
|
||||
{
|
||||
Assert.IsTrue(UserPasswordConfiguration.UseLegacyEncoding == false);
|
||||
}
|
||||
|
||||
[Test]
|
||||
public void UserPasswordConfiguration_HashAlgorithmType()
|
||||
{
|
||||
@@ -114,12 +108,6 @@ namespace Umbraco.Tests.Configurations.UmbracoSettings
|
||||
Assert.IsTrue(MemberPasswordConfiguration.RequireUppercase == false);
|
||||
}
|
||||
|
||||
[Test]
|
||||
public void MemberPasswordConfiguration_UseLegacyEncoding()
|
||||
{
|
||||
Assert.IsTrue(MemberPasswordConfiguration.UseLegacyEncoding == false);
|
||||
}
|
||||
|
||||
[Test]
|
||||
public void MemberPasswordConfiguration_HashAlgorithmType()
|
||||
{
|
||||
|
||||
@@ -14,14 +14,6 @@ namespace Umbraco.Tests.Security
|
||||
[TestFixture]
|
||||
public class PasswordSecurityTests
|
||||
{
|
||||
[Test]
|
||||
public void Get_Hash_Algorithm_Legacy()
|
||||
{
|
||||
var passwordSecurity = new PasswordSecurity(Mock.Of<IPasswordConfiguration>(x => x.UseLegacyEncoding == true && x.HashAlgorithmType == "HMACSHA256"));
|
||||
var alg = passwordSecurity.GetHashAlgorithm("blah");
|
||||
Assert.IsTrue(alg is HMACSHA1);
|
||||
}
|
||||
|
||||
[Test]
|
||||
public void Get_Hash_Algorithm_Default()
|
||||
{
|
||||
|
||||
@@ -72,11 +72,6 @@ namespace Umbraco.Core.Security
|
||||
/// <returns></returns>
|
||||
public string FormatPasswordForStorage(string hashedPassword, string salt)
|
||||
{
|
||||
if (PasswordConfiguration.UseLegacyEncoding)
|
||||
{
|
||||
return hashedPassword;
|
||||
}
|
||||
|
||||
return salt + hashedPassword;
|
||||
}
|
||||
|
||||
@@ -88,13 +83,6 @@ namespace Umbraco.Core.Security
|
||||
/// <returns></returns>
|
||||
public string HashPassword(string pass, string salt)
|
||||
{
|
||||
//if we are doing it the old way
|
||||
|
||||
if (PasswordConfiguration.UseLegacyEncoding)
|
||||
{
|
||||
return LegacyEncodePassword(pass);
|
||||
}
|
||||
|
||||
//This is the correct way to implement this (as per the sql membership provider)
|
||||
|
||||
var bytes = Encoding.Unicode.GetBytes(pass);
|
||||
@@ -183,11 +171,6 @@ namespace Umbraco.Core.Security
|
||||
public string ParseStoredHashPassword(string storedString, out string salt)
|
||||
{
|
||||
if (string.IsNullOrWhiteSpace(storedString)) throw new ArgumentException("Value cannot be null or whitespace.", nameof(storedString));
|
||||
if (PasswordConfiguration.UseLegacyEncoding)
|
||||
{
|
||||
salt = string.Empty;
|
||||
return storedString;
|
||||
}
|
||||
|
||||
var saltLen = GenerateSalt();
|
||||
salt = storedString.Substring(0, saltLen.Length);
|
||||
@@ -208,15 +191,6 @@ namespace Umbraco.Core.Security
|
||||
/// <returns></returns>
|
||||
public HashAlgorithm GetHashAlgorithm(string password)
|
||||
{
|
||||
if (PasswordConfiguration.UseLegacyEncoding)
|
||||
{
|
||||
return new HMACSHA1
|
||||
{
|
||||
//the legacy salt was actually the password :(
|
||||
Key = Encoding.Unicode.GetBytes(password)
|
||||
};
|
||||
}
|
||||
|
||||
if (PasswordConfiguration.HashAlgorithmType.IsNullOrWhiteSpace())
|
||||
throw new InvalidOperationException("No hash algorithm type specified");
|
||||
|
||||
@@ -239,9 +213,9 @@ namespace Umbraco.Core.Security
|
||||
return encodedPassword;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user