Add argon2 passwords support

This commit is contained in:
Benjamin Renard 2022-04-19 11:53:39 +02:00
parent f5d21ec93c
commit 457995bc22
2 changed files with 23 additions and 0 deletions

View file

@ -25,6 +25,8 @@
<para>Nom du type d'encodage du mot de passe utilisé. Les types d'encodages <para>Nom du type d'encodage du mot de passe utilisé. Les types d'encodages
supportés sont les suivants : supportés sont les suivants :
<itemizedlist> <itemizedlist>
<listitem><simpara><literal>argon2</literal> (ou <literal>argon2i</literal>, PHP >= 7.2)</simpara></listitem>
<listitem><simpara><literal>argon2id</literal> (PHP >= 7.3)</simpara></listitem>
<listitem><simpara><literal>md5crypt</literal></simpara></listitem> <listitem><simpara><literal>md5crypt</literal></simpara></listitem>
<listitem><simpara><literal>crypt</literal></simpara></listitem> <listitem><simpara><literal>crypt</literal></simpara></listitem>
<listitem><simpara><literal>ext_des</literal></simpara></listitem> <listitem><simpara><literal>ext_des</literal></simpara></listitem>

View file

@ -208,6 +208,23 @@ class LSattr_ldap_password extends LSattr_ldap {
return '{CRYPT}'.crypt($clearPassword,'$1$'.$salt.'$'); return '{CRYPT}'.crypt($clearPassword,'$1$'.$salt.'$');
} }
break; break;
case 'argon2':
case 'argon2i':
if( ! defined( 'PASSWORD_ARGON2I' ) ) {
LSerror :: addErrorCode('LSattr_ldap_password_01', 'argon2');
}
else {
return '{ARGON2}'.password_hash($clearPassword, PASSWORD_ARGON2I);
}
break;
case 'argon2id':
if( ! defined( 'PASSWORD_ARGON2ID' ) ) {
LSerror :: addErrorCode('LSattr_ldap_password_01', 'argon2id');
}
else {
return '{ARGON2}'.password_hash($clearPassword, PASSWORD_ARGON2ID);
}
break;
case 'clear': case 'clear':
return $clearPassword; return $clearPassword;
break; break;
@ -310,6 +327,10 @@ class LSattr_ldap_password extends LSattr_ldap {
break; break;
# Argon2 passwords
case 'argon2':
return password_verify($clearPassword, $hashedPasswordData);
# No crypt is given # No crypt is given
default: default:
# Assume is a plaintext password # Assume is a plaintext password