1<?php 2declare(strict_types = 1); 3 4namespace TYPO3\CMS\Install\Updates; 5 6/* 7 * This file is part of the TYPO3 CMS project. 8 * 9 * It is free software; you can redistribute it and/or modify it under 10 * the terms of the GNU General Public License, either version 2 11 * of the License, or any later version. 12 * 13 * For the full copyright and license information, please read the 14 * LICENSE.txt file that was distributed with this source code. 15 * 16 * The TYPO3 project - inspiring people to share! 17 */ 18 19use TYPO3\CMS\Core\Crypto\PasswordHashing\Argon2iPasswordHash; 20use TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashFactory; 21use TYPO3\CMS\Core\Utility\GeneralUtility; 22 23/** 24 * Informational upgrade wizard to remind upgrading instances 25 * may have to verify argon2i is available on the live servers 26 * @internal This class is only meant to be used within EXT:install and is not part of the TYPO3 Core API. 27 */ 28class Argon2iPasswordHashes implements UpgradeWizardInterface, ConfirmableInterface 29{ 30 protected $confirmation; 31 32 public function __construct() 33 { 34 $this->confirmation = new Confirmation( 35 'Please make sure to read the following carefully:', 36 $this->getDescription(), 37 false, 38 'Yes, I understand!', 39 '', 40 true 41 ); 42 } 43 44 /** 45 * @return string Unique identifier of this updater 46 */ 47 public function getIdentifier(): string 48 { 49 return 'argon2iPasswordHashes'; 50 } 51 52 /** 53 * @return string Title of this updater 54 */ 55 public function getTitle(): string 56 { 57 return 'Reminder to verify live system supports argon2i'; 58 } 59 60 /** 61 * @return string Longer description of this updater 62 */ 63 public function getDescription(): string 64 { 65 return 'TYPO3 uses the modern hash mechanism "argon2i" on this system. Existing passwords' 66 . ' will be automatically upgraded to this mechanism upon user login. If this instance' 67 . ' is later deployed to a different system, make sure the system does support argon2i' 68 . ' too, otherwise logins will fail. If that is not possible, select a different hash' 69 . ' algorithm in Setting > Presets > Password hashing settings and make sure no user' 70 . ' has been upgraded yet. This upgrade wizard exists only to inform you, it does not' 71 . ' change the system'; 72 } 73 74 /** 75 * Checks whether updates are required. 76 * 77 * @return bool Whether an update is required (TRUE) or not (FALSE) 78 */ 79 public function updateNecessary(): bool 80 { 81 $passwordHashFactory = GeneralUtility::makeInstance(PasswordHashFactory::class); 82 $feHash = $passwordHashFactory->getDefaultHashInstance('BE'); 83 $beHash = $passwordHashFactory->getDefaultHashInstance('FE'); 84 return $feHash instanceof Argon2iPasswordHash || $beHash instanceof Argon2iPasswordHash; 85 } 86 87 /** 88 * @return string[] All new fields and tables must exist 89 */ 90 public function getPrerequisites(): array 91 { 92 return [ 93 DatabaseUpdatedPrerequisite::class, 94 ]; 95 } 96 97 /** 98 * This upgrade wizard has informational character only, it does not perform actions. 99 * 100 * @return bool Whether everything went smoothly or not 101 */ 102 public function executeUpdate(): bool 103 { 104 return true; 105 } 106 107 /** 108 * Return a confirmation message instance 109 * 110 * @return \TYPO3\CMS\Install\Updates\Confirmation 111 */ 112 public function getConfirmation(): Confirmation 113 { 114 return $this->confirmation; 115 } 116} 117