Commit b7650d06 authored by Robert Lyon's avatar Robert Lyon Committed by Gerrit Code Review

Handling webservices validate_password better (Bug 1393530)

Getting it to use the internal validate_password() function instead of
just repeating what it does

Change-Id: Iad1d39a1f7a212ec425ce5ed2a09d7409aa9fd88
Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
parent 431a6613
......@@ -231,7 +231,7 @@ class AuthInternal extends Auth {
* @param string $salt The salt we have.
* @returns int 0 means not validated, 1 means validated, 2 means validated but needs updating
*/
private function validate_password($theysent, $wehave, $salt) {
protected function validate_password($theysent, $wehave, $salt) {
$this->must_be_ready();
if ($salt == '*') {
......
......@@ -83,18 +83,10 @@ class AuthWebservice extends AuthInternal {
* @param string $wehave The password we have in the database for them
* @param string $salt The salt we have.
*/
private function validate_password($theysent, $wehave, $salt) {
protected function validate_password($theysent, $wehave, $salt) {
$this->must_be_ready();
if ($salt == '*') {
// This is a special salt that means this user simply CAN'T log in.
// It is used on the root user (id=0)
return false;
}
// The main type - a salted sha1
$sha1sent = $this->encrypt_password($theysent, $salt, '$2a$' . get_config('bcrypt_cost') . '$', get_config('passwordsaltmain'));
return $sha1sent == $wehave;
$validate = parent::validate_password($theysent, $wehave, $salt);
return (!empty($validate)) ? true : false;
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment