From: Tim Düsterhus Date: Tue, 7 Jun 2022 14:46:28 +0000 (+0200) Subject: Add `#[\SensitiveParameter]` attribute to a large number of parameters X-Git-Tag: 6.0.0_Alpha_1~1201 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=dda7fbceb72cb69aaf45ee007ec63587b3ae8137;p=GitHub%2FWoltLab%2FWCF.git Add `#[\SensitiveParameter]` attribute to a large number of parameters see #4802 --- diff --git a/wcfsetup/install/files/lib/acp/form/UserAddForm.class.php b/wcfsetup/install/files/lib/acp/form/UserAddForm.class.php index e93fbc1129..46e8991c1a 100644 --- a/wcfsetup/install/files/lib/acp/form/UserAddForm.class.php +++ b/wcfsetup/install/files/lib/acp/form/UserAddForm.class.php @@ -383,8 +383,12 @@ class UserAddForm extends UserOptionListForm * @param string $confirmPassword * @throws UserInputException */ - protected function validatePassword($password, $confirmPassword) - { + protected function validatePassword( + #[\SensitiveParameter] + $password, + #[\SensitiveParameter] + $confirmPassword + ) { if (empty($password)) { throw new UserInputException('password'); } diff --git a/wcfsetup/install/files/lib/acp/form/UserEditForm.class.php b/wcfsetup/install/files/lib/acp/form/UserEditForm.class.php index ec47c5214c..71fc12bed5 100755 --- a/wcfsetup/install/files/lib/acp/form/UserEditForm.class.php +++ b/wcfsetup/install/files/lib/acp/form/UserEditForm.class.php @@ -581,8 +581,12 @@ class UserEditForm extends UserAddForm /** * @inheritDoc */ - protected function validatePassword($password, $confirmPassword) - { + protected function validatePassword( + #[\SensitiveParameter] + $password, + #[\SensitiveParameter] + $confirmPassword + ) { if (!empty($password) || !empty($confirmPassword)) { parent::validatePassword($password, $confirmPassword); } diff --git a/wcfsetup/install/files/lib/action/TwitterAuthAction.class.php b/wcfsetup/install/files/lib/action/TwitterAuthAction.class.php index a83e55a753..e999525929 100644 --- a/wcfsetup/install/files/lib/action/TwitterAuthAction.class.php +++ b/wcfsetup/install/files/lib/action/TwitterAuthAction.class.php @@ -371,8 +371,13 @@ class TwitterAuthAction extends AbstractAction * @param string $method * @return string */ - public function createSignature($url, array $parameters, $tokenSecret = '', $method = 'POST') - { + public function createSignature( + $url, + array $parameters, + #[\SensitiveParameter] + $tokenSecret = '', + $method = 'POST' + ) { $tmp = []; foreach ($parameters as $key => $val) { $tmp[\rawurlencode($key)] = \rawurlencode($val); diff --git a/wcfsetup/install/files/lib/data/package/update/server/PackageUpdateServer.class.php b/wcfsetup/install/files/lib/data/package/update/server/PackageUpdateServer.class.php index 438c567a6e..8585adc050 100644 --- a/wcfsetup/install/files/lib/data/package/update/server/PackageUpdateServer.class.php +++ b/wcfsetup/install/files/lib/data/package/update/server/PackageUpdateServer.class.php @@ -194,8 +194,13 @@ class PackageUpdateServer extends DatabaseObject * @param string $password * @param bool $saveCredentials */ - public static function storeAuthData($packageUpdateServerID, $username, $password, $saveCredentials = false) - { + public static function storeAuthData( + $packageUpdateServerID, + $username, + #[\SensitiveParameter] + $password, + $saveCredentials = false + ) { $packageUpdateAuthData = @\unserialize(WCF::getSession()->getVar('packageUpdateAuthData')); if ($packageUpdateAuthData === null || !\is_array($packageUpdateAuthData)) { $packageUpdateAuthData = []; diff --git a/wcfsetup/install/files/lib/data/user/UserEditor.class.php b/wcfsetup/install/files/lib/data/user/UserEditor.class.php index d4ffc0a923..b726bd1f29 100644 --- a/wcfsetup/install/files/lib/data/user/UserEditor.class.php +++ b/wcfsetup/install/files/lib/data/user/UserEditor.class.php @@ -45,8 +45,10 @@ class UserEditor extends DatabaseObjectEditor implements IEditableCachedObject * * @since 5.4 */ - private static function getPasswordHash(?string $password = null): string - { + private static function getPasswordHash( + #[\SensitiveParameter] + ?string $password = null + ): string { $manager = PasswordAlgorithmManager::getInstance(); $algorithm = $manager->getDefaultAlgorithm(); diff --git a/wcfsetup/install/files/lib/form/RegisterForm.class.php b/wcfsetup/install/files/lib/form/RegisterForm.class.php index 02275feb4b..5a5ca64d46 100644 --- a/wcfsetup/install/files/lib/form/RegisterForm.class.php +++ b/wcfsetup/install/files/lib/form/RegisterForm.class.php @@ -331,8 +331,12 @@ class RegisterForm extends UserAddForm /** * @inheritDoc */ - protected function validatePassword($password, $confirmPassword) - { + protected function validatePassword( + #[\SensitiveParameter] + $password, + #[\SensitiveParameter] + $confirmPassword + ) { if (!$this->isExternalAuthentication) { parent::validatePassword($password, $confirmPassword); diff --git a/wcfsetup/install/files/lib/system/database/Database.class.php b/wcfsetup/install/files/lib/system/database/Database.class.php index 4aa63d315b..a36da89f02 100644 --- a/wcfsetup/install/files/lib/system/database/Database.class.php +++ b/wcfsetup/install/files/lib/system/database/Database.class.php @@ -122,6 +122,7 @@ abstract class Database public function __construct( $host, $user, + #[\SensitiveParameter] $password, $database, $port, diff --git a/wcfsetup/install/files/lib/system/email/transport/SmtpEmailTransport.class.php b/wcfsetup/install/files/lib/system/email/transport/SmtpEmailTransport.class.php index 649e5745f6..603b3a892b 100644 --- a/wcfsetup/install/files/lib/system/email/transport/SmtpEmailTransport.class.php +++ b/wcfsetup/install/files/lib/system/email/transport/SmtpEmailTransport.class.php @@ -91,6 +91,7 @@ class SmtpEmailTransport implements IStatusReportingEmailTransport $host = MAIL_SMTP_HOST, $port = MAIL_SMTP_PORT, $username = MAIL_SMTP_USER, + #[\SensitiveParameter] $password = MAIL_SMTP_PASSWORD, $starttls = MAIL_SMTP_STARTTLS ) { diff --git a/wcfsetup/install/files/lib/system/exporter/AbstractExporter.class.php b/wcfsetup/install/files/lib/system/exporter/AbstractExporter.class.php index 43b44257b2..6931d28775 100644 --- a/wcfsetup/install/files/lib/system/exporter/AbstractExporter.class.php +++ b/wcfsetup/install/files/lib/system/exporter/AbstractExporter.class.php @@ -94,6 +94,7 @@ abstract class AbstractExporter implements IExporter public function setData( $databaseHost, $databaseUser, + #[\SensitiveParameter] $databasePassword, $databaseName, $databasePrefix, diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Argon2.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Argon2.class.php index ab81df3d86..0f400383fe 100644 --- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Argon2.class.php +++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Argon2.class.php @@ -24,16 +24,21 @@ final class Argon2 implements IPasswordAlgorithm /** * @inheritDoc */ - public function verify(string $password, string $hash): bool - { + public function verify( + #[\SensitiveParameter] + string $password, + string $hash + ): bool { return \password_verify($password, $hash); } /** * @inheritDoc */ - public function hash(string $password): string - { + public function hash( + #[\SensitiveParameter] + string $password + ): string { return \password_hash($password, \PASSWORD_ARGON2I, self::OPTIONS); } diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Bcrypt.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Bcrypt.class.php index 0fa4a86db1..62b1b4bb75 100644 --- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Bcrypt.class.php +++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Bcrypt.class.php @@ -44,16 +44,21 @@ final class Bcrypt implements IPasswordAlgorithm /** * @inheritDoc */ - public function verify(string $password, string $hash): bool - { + public function verify( + #[\SensitiveParameter] + string $password, + string $hash + ): bool { return \password_verify($password, $hash); } /** * @inheritDoc */ - public function hash(string $password): string - { + public function hash( + #[\SensitiveParameter] + string $password + ): string { return \password_hash($password, \PASSWORD_BCRYPT, $this->getOptions()); } diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/CryptMD5.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/CryptMD5.class.php index e8016aec4b..54ed89d529 100644 --- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/CryptMD5.class.php +++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/CryptMD5.class.php @@ -19,8 +19,11 @@ final class CryptMD5 implements IPasswordAlgorithm /** * @inheritDoc */ - public function verify(string $password, string $hash): bool - { + public function verify( + #[\SensitiveParameter] + string $password, + string $hash + ): bool { // The passwords are stored differently when importing. Sometimes they are saved with the salt, // but sometimes also without the salt. We don't need the salt, because the salt is saved with the hash. [$hash] = \explode(':', $hash, 2); @@ -31,8 +34,10 @@ final class CryptMD5 implements IPasswordAlgorithm /** * @inheritDoc */ - public function hash(string $password): string - { + public function hash( + #[\SensitiveParameter] + string $password + ): string { $salt = '$1$' . Hex::encode(\random_bytes(6)) . '$'; return $this->hashWithSalt($password, $salt); @@ -41,8 +46,11 @@ final class CryptMD5 implements IPasswordAlgorithm /** * Returns the hashed password, hashed with a given salt. */ - private function hashWithSalt(string $password, string $salt): string - { + private function hashWithSalt( + #[\SensitiveParameter] + string $password, + string $salt + ): string { return \crypt($password, $salt); } diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/DoubleBcrypt.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/DoubleBcrypt.class.php index 9a21f3e7a4..0165698da5 100644 --- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/DoubleBcrypt.class.php +++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/DoubleBcrypt.class.php @@ -33,16 +33,21 @@ final class DoubleBcrypt implements IPasswordAlgorithm /** * @inheritDoc */ - public function verify(string $password, string $hash): bool - { + public function verify( + #[\SensitiveParameter] + string $password, + string $hash + ): bool { return \hash_equals($hash, self::getDoubleSaltedHash($password, $hash)); } /** * @inheritDoc */ - public function hash(string $password): string - { + public function hash( + #[\SensitiveParameter] + string $password + ): string { return self::getDoubleSaltedHash($password); } @@ -69,8 +74,11 @@ final class DoubleBcrypt implements IPasswordAlgorithm * @param string $salt * @return string */ - private static function getDoubleSaltedHash($password, $salt = null) - { + private static function getDoubleSaltedHash( + #[\SensitiveParameter] + $password, + $salt = null + ) { if ($salt === null) { $salt = self::getRandomSalt(); } @@ -85,8 +93,11 @@ final class DoubleBcrypt implements IPasswordAlgorithm * @param string $salt * @return string */ - private static function getSaltedHash($password, $salt = null) - { + private static function getSaltedHash( + #[\SensitiveParameter] + $password, + $salt = null + ) { if ($salt === null) { $salt = self::getRandomSalt(); } diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Drupal8.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Drupal8.class.php index 37037d355c..4ca4f75cba 100644 --- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Drupal8.class.php +++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Drupal8.class.php @@ -23,8 +23,11 @@ final class Drupal8 implements IPasswordAlgorithm /** * Returns the hashed password, with the given settings. */ - private function hashDrupal(string $password, string $settings): string - { + private function hashDrupal( + #[\SensitiveParameter] + string $password, + string $settings + ): string { $output = $this->hashPhpass($password, $settings); return \mb_substr($output, 0, 55, '8bit'); @@ -33,8 +36,11 @@ final class Drupal8 implements IPasswordAlgorithm /** * @inheritDoc */ - public function verify(string $password, string $hash): bool - { + public function verify( + #[\SensitiveParameter] + string $password, + string $hash + ): bool { // The passwords are stored differently when importing. Sometimes they are saved with the salt, // but sometimes also without the salt. We don't need the salt, because the salt is saved with the hash. [$hash] = \explode(':', $hash, 2); @@ -45,8 +51,10 @@ final class Drupal8 implements IPasswordAlgorithm /** * @inheritDoc */ - public function hash(string $password): string - { + public function hash( + #[\SensitiveParameter] + string $password + ): string { $salt = Hex::encode(\random_bytes(4)); return $this->hashDrupal($password, $this->getSettings() . $salt) . ':'; diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Invalid.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Invalid.class.php index 4dcff695b5..e7425cc4f5 100644 --- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Invalid.class.php +++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Invalid.class.php @@ -18,16 +18,21 @@ final class Invalid implements IPasswordAlgorithm /** * @inheritDoc */ - public function verify(string $password, string $hash): bool - { + public function verify( + #[\SensitiveParameter] + string $password, + string $hash + ): bool { return false; } /** * @inheritDoc */ - public function hash(string $password): string - { + public function hash( + #[\SensitiveParameter] + string $password + ): string { return ''; } diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Ipb2.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Ipb2.class.php index 3b29d8c81e..8c8c7d3005 100644 --- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Ipb2.class.php +++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Ipb2.class.php @@ -19,8 +19,11 @@ final class Ipb2 implements IPasswordAlgorithm /** * @inheritDoc */ - public function verify(string $password, string $hash): bool - { + public function verify( + #[\SensitiveParameter] + string $password, + string $hash + ): bool { $parts = \explode(':', $hash, 2); $hash = $parts[0]; $salt = $parts[1] ?? ''; @@ -31,8 +34,10 @@ final class Ipb2 implements IPasswordAlgorithm /** * @inheritDoc */ - public function hash(string $password): string - { + public function hash( + #[\SensitiveParameter] + string $password + ): string { $salt = Hex::encode(\random_bytes(20)); return $this->hashWithSalt($password, $salt) . ':' . $salt; @@ -41,8 +46,11 @@ final class Ipb2 implements IPasswordAlgorithm /** * Returns the hashed password, hashed with a given salt. */ - private function hashWithSalt(string $password, string $salt): string - { + private function hashWithSalt( + #[\SensitiveParameter] + string $password, + string $salt + ): string { return \md5(\md5($password) . $salt); } diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Ipb3.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Ipb3.class.php index 18c70aa90f..09f12a8793 100644 --- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Ipb3.class.php +++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Ipb3.class.php @@ -19,8 +19,11 @@ final class Ipb3 implements IPasswordAlgorithm /** * @inheritDoc */ - public function verify(string $password, string $hash): bool - { + public function verify( + #[\SensitiveParameter] + string $password, + string $hash + ): bool { $parts = \explode(':', $hash, 2); $hash = $parts[0]; $salt = $parts[1] ?? ''; @@ -31,8 +34,10 @@ final class Ipb3 implements IPasswordAlgorithm /** * @inheritDoc */ - public function hash(string $password): string - { + public function hash( + #[\SensitiveParameter] + string $password + ): string { $salt = Hex::encode(\random_bytes(20)); return $this->hashWithSalt($password, $salt) . ':' . $salt; @@ -41,8 +46,11 @@ final class Ipb3 implements IPasswordAlgorithm /** * Returns the hashed password, hashed with a given salt. */ - private function hashWithSalt(string $password, string $salt): string - { + private function hashWithSalt( + #[\SensitiveParameter] + string $password, + string $salt + ): string { return \md5(\md5($salt) . \md5($password)); } diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Joomla1.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Joomla1.class.php index edef893326..a08264f82c 100644 --- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Joomla1.class.php +++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Joomla1.class.php @@ -19,8 +19,11 @@ final class Joomla1 implements IPasswordAlgorithm /** * @inheritDoc */ - public function verify(string $password, string $hash): bool - { + public function verify( + #[\SensitiveParameter] + string $password, + string $hash + ): bool { $parts = \explode(':', $hash, 2); $hash = $parts[0]; $salt = $parts[1] ?? ''; @@ -31,8 +34,10 @@ final class Joomla1 implements IPasswordAlgorithm /** * @inheritDoc */ - public function hash(string $password): string - { + public function hash( + #[\SensitiveParameter] + string $password + ): string { $salt = Hex::encode(\random_bytes(20)); return $this->hashWithSalt($password, $salt) . ':' . $salt; @@ -41,8 +46,11 @@ final class Joomla1 implements IPasswordAlgorithm /** * Returns the hashed password, hashed with a given salt. */ - private function hashWithSalt(string $password, string $salt): string - { + private function hashWithSalt( + #[\SensitiveParameter] + string $password, + string $salt + ): string { return \md5($password . $salt); } diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Joomla2.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Joomla2.class.php index 2bf2dd073f..bb660a6c56 100644 --- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Joomla2.class.php +++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Joomla2.class.php @@ -19,8 +19,11 @@ final class Joomla2 implements IPasswordAlgorithm /** * @inheritDoc */ - public function verify(string $password, string $hash): bool - { + public function verify( + #[\SensitiveParameter] + string $password, + string $hash + ): bool { $parts = \explode(':', $hash, 2); $hash = $parts[0]; $salt = $parts[1] ?? ''; @@ -31,8 +34,10 @@ final class Joomla2 implements IPasswordAlgorithm /** * @inheritDoc */ - public function hash(string $password): string - { + public function hash( + #[\SensitiveParameter] + string $password + ): string { $salt = Hex::encode(\random_bytes(20)); return $this->hashWithSalt($password, $salt) . ':' . $salt; @@ -41,8 +46,11 @@ final class Joomla2 implements IPasswordAlgorithm /** * Returns the hashed password, hashed with a given salt. */ - private function hashWithSalt(string $password, string $salt): string - { + private function hashWithSalt( + #[\SensitiveParameter] + string $password, + string $salt + ): string { return \md5($password . $salt); } diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Joomla3.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Joomla3.class.php index 1647cef5e1..ee11d8e0b6 100644 --- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Joomla3.class.php +++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Joomla3.class.php @@ -19,8 +19,11 @@ final class Joomla3 implements IPasswordAlgorithm /** * @inheritDoc */ - public function verify(string $password, string $hash): bool - { + public function verify( + #[\SensitiveParameter] + string $password, + string $hash + ): bool { $parts = \explode(':', $hash, 2); $hash = $parts[0]; $salt = $parts[1] ?? ''; @@ -31,8 +34,10 @@ final class Joomla3 implements IPasswordAlgorithm /** * @inheritDoc */ - public function hash(string $password): string - { + public function hash( + #[\SensitiveParameter] + string $password + ): string { $salt = Hex::encode(\random_bytes(20)); return $this->hashWithSalt($password, $salt) . ':' . $salt; @@ -41,8 +46,11 @@ final class Joomla3 implements IPasswordAlgorithm /** * Returns the hashed password, hashed with a given salt. */ - private function hashWithSalt(string $password, string $salt): string - { + private function hashWithSalt( + #[\SensitiveParameter] + string $password, + string $salt + ): string { return \md5($password . $salt); } diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Mybb1.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Mybb1.class.php index a436b6fcbe..9b49436104 100644 --- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Mybb1.class.php +++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Mybb1.class.php @@ -19,8 +19,11 @@ final class Mybb1 implements IPasswordAlgorithm /** * @inheritDoc */ - public function verify(string $password, string $hash): bool - { + public function verify( + #[\SensitiveParameter] + string $password, + string $hash + ): bool { $parts = \explode(':', $hash, 2); $hash = $parts[0]; $salt = $parts[1] ?? ''; @@ -31,8 +34,10 @@ final class Mybb1 implements IPasswordAlgorithm /** * @inheritDoc */ - public function hash(string $password): string - { + public function hash( + #[\SensitiveParameter] + string $password + ): string { $salt = Hex::encode(\random_bytes(20)); return $this->hashWithSalt($password, $salt) . ':' . $salt; @@ -41,8 +46,11 @@ final class Mybb1 implements IPasswordAlgorithm /** * Returns the hashed password, hashed with a given salt. */ - private function hashWithSalt(string $password, string $salt): string - { + private function hashWithSalt( + #[\SensitiveParameter] + string $password, + string $salt + ): string { return \md5(\md5($salt) . \md5($password)); } diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Phpass.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Phpass.class.php index 9ed648f762..52870fd3dc 100644 --- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Phpass.class.php +++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Phpass.class.php @@ -23,8 +23,10 @@ final class Phpass implements IPasswordAlgorithm /** * @inheritDoc */ - public function hash(string $password): string - { + public function hash( + #[\SensitiveParameter] + string $password + ): string { $salt = Hex::encode(\random_bytes(4)); return $this->hashPhpass($password, $this->getSettings() . $salt) . ':'; diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Phpbb3.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Phpbb3.class.php index 149f555144..569fe50f95 100644 --- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Phpbb3.class.php +++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Phpbb3.class.php @@ -20,8 +20,11 @@ final class Phpbb3 implements IPasswordAlgorithm verify as phpassVerify; } - public function verify(string $password, string $hash): bool - { + public function verify( + #[\SensitiveParameter] + string $password, + string $hash + ): bool { if ($this->phpassVerify($password, $hash)) { return true; } @@ -70,8 +73,10 @@ final class Phpbb3 implements IPasswordAlgorithm return false; } - public function hash(string $password): string - { + public function hash( + #[\SensitiveParameter] + string $password + ): string { throw new NotImplementedException(); } } diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Phpfox3.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Phpfox3.class.php index b4d4ce9c0c..9fc352b8f2 100644 --- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Phpfox3.class.php +++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Phpfox3.class.php @@ -19,8 +19,11 @@ final class Phpfox3 implements IPasswordAlgorithm /** * @inheritDoc */ - public function verify(string $password, string $hash): bool - { + public function verify( + #[\SensitiveParameter] + string $password, + string $hash + ): bool { $parts = \explode(':', $hash, 2); $hash = $parts[0]; $salt = $parts[1] ?? ''; @@ -31,8 +34,10 @@ final class Phpfox3 implements IPasswordAlgorithm /** * @inheritDoc */ - public function hash(string $password): string - { + public function hash( + #[\SensitiveParameter] + string $password + ): string { $salt = Hex::encode(\random_bytes(20)); return $this->hashWithSalt($password, $salt) . ':' . $salt; @@ -41,8 +46,11 @@ final class Phpfox3 implements IPasswordAlgorithm /** * Returns the hashed password, hashed with a given salt. */ - private function hashWithSalt(string $password, string $salt): string - { + private function hashWithSalt( + #[\SensitiveParameter] + string $password, + string $salt + ): string { return \md5(\md5($password) . \md5($salt)); } diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Smf1.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Smf1.class.php index 298bd2ef0d..c5ad0b17e0 100644 --- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Smf1.class.php +++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Smf1.class.php @@ -19,8 +19,11 @@ final class Smf1 implements IPasswordAlgorithm /** * @inheritDoc */ - public function verify(string $password, string $hash): bool - { + public function verify( + #[\SensitiveParameter] + string $password, + string $hash + ): bool { $parts = \explode(':', $hash, 2); $hash = $parts[0]; $salt = $parts[1] ?? ''; @@ -31,8 +34,10 @@ final class Smf1 implements IPasswordAlgorithm /** * @inheritDoc */ - public function hash(string $password): string - { + public function hash( + #[\SensitiveParameter] + string $password + ): string { $salt = Hex::encode(\random_bytes(20)); return $this->hashWithSalt($password, $salt) . ':' . $salt; @@ -41,8 +46,11 @@ final class Smf1 implements IPasswordAlgorithm /** * Returns the hashed password, hashed with a given salt. */ - private function hashWithSalt(string $password, string $salt): string - { + private function hashWithSalt( + #[\SensitiveParameter] + string $password, + string $salt + ): string { return \sha1($salt . $password); } diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Smf2.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Smf2.class.php index c419ed378d..d85eea87c2 100644 --- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Smf2.class.php +++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Smf2.class.php @@ -19,8 +19,11 @@ final class Smf2 implements IPasswordAlgorithm /** * @inheritDoc */ - public function verify(string $password, string $hash): bool - { + public function verify( + #[\SensitiveParameter] + string $password, + string $hash + ): bool { $parts = \explode(':', $hash, 2); $hash = $parts[0]; $salt = $parts[1] ?? ''; @@ -31,8 +34,10 @@ final class Smf2 implements IPasswordAlgorithm /** * @inheritDoc */ - public function hash(string $password): string - { + public function hash( + #[\SensitiveParameter] + string $password + ): string { $salt = Hex::encode(\random_bytes(20)); return $this->hashWithSalt($password, $salt) . ':' . $salt; @@ -41,8 +46,11 @@ final class Smf2 implements IPasswordAlgorithm /** * Returns the hashed password, hashed with a given salt. */ - private function hashWithSalt(string $password, string $salt): string - { + private function hashWithSalt( + #[\SensitiveParameter] + string $password, + string $salt + ): string { return \sha1($salt . $password); } diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/TPhpass.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/TPhpass.class.php index c684b75264..b674a85115 100644 --- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/TPhpass.class.php +++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/TPhpass.class.php @@ -20,8 +20,11 @@ trait TPhpass /** * Returns the hashed password, with the given settings. */ - private function hashPhpass(string $password, string $settings): string - { + private function hashPhpass( + #[\SensitiveParameter] + string $password, + string $settings + ): string { $output = '*'; // Check for correct hash @@ -107,8 +110,11 @@ trait TPhpass /** * @inheritDoc */ - public function verify(string $password, string $hash): bool - { + public function verify( + #[\SensitiveParameter] + string $password, + string $hash + ): bool { // The passwords are stored differently when importing. Sometimes they are saved with the salt, // but sometimes also without the salt. We don't need the salt, because the salt is saved with the hash. [$hash] = \explode(':', $hash, 2); @@ -123,8 +129,10 @@ trait TPhpass /** * @deprecated 5.5 Use Phpass::hash() instead. */ - public function hash(string $password): string - { + public function hash( + #[\SensitiveParameter] + string $password + ): string { $settings = '$H$8'; $settings .= Hex::encode(\random_bytes(4)); diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Vb3.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Vb3.class.php index af61345112..0e8a0b5f62 100644 --- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Vb3.class.php +++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Vb3.class.php @@ -19,8 +19,11 @@ final class Vb3 implements IPasswordAlgorithm /** * @inheritDoc */ - public function verify(string $password, string $hash): bool - { + public function verify( + #[\SensitiveParameter] + string $password, + string $hash + ): bool { $parts = \explode(':', $hash, 2); $hash = $parts[0]; $salt = $parts[1] ?? ''; @@ -31,8 +34,10 @@ final class Vb3 implements IPasswordAlgorithm /** * @inheritDoc */ - public function hash(string $password): string - { + public function hash( + #[\SensitiveParameter] + string $password + ): string { $salt = Hex::encode(\random_bytes(20)); return $this->hashWithSalt($password, $salt) . ':' . $salt; @@ -41,8 +46,11 @@ final class Vb3 implements IPasswordAlgorithm /** * Returns the hashed password, hashed with a given salt. */ - private function hashWithSalt(string $password, string $salt): string - { + private function hashWithSalt( + #[\SensitiveParameter] + string $password, + string $salt + ): string { return \md5(\md5($password) . $salt); } diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Vb4.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Vb4.class.php index a3cee6f805..9194f149b8 100644 --- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Vb4.class.php +++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Vb4.class.php @@ -19,8 +19,11 @@ final class Vb4 implements IPasswordAlgorithm /** * @inheritDoc */ - public function verify(string $password, string $hash): bool - { + public function verify( + #[\SensitiveParameter] + string $password, + string $hash + ): bool { $parts = \explode(':', $hash, 2); $hash = $parts[0]; $salt = $parts[1] ?? ''; @@ -31,8 +34,10 @@ final class Vb4 implements IPasswordAlgorithm /** * @inheritDoc */ - public function hash(string $password): string - { + public function hash( + #[\SensitiveParameter] + string $password + ): string { $salt = Hex::encode(\random_bytes(20)); return $this->hashWithSalt($password, $salt) . ':' . $salt; @@ -41,8 +46,11 @@ final class Vb4 implements IPasswordAlgorithm /** * Returns the hashed password, hashed with a given salt. */ - private function hashWithSalt(string $password, string $salt): string - { + private function hashWithSalt( + #[\SensitiveParameter] + string $password, + string $salt + ): string { return \md5(\md5($password) . $salt); } diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Vb5.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Vb5.class.php index ca1afdaa6c..13481b61ad 100644 --- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Vb5.class.php +++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Vb5.class.php @@ -19,8 +19,11 @@ final class Vb5 implements IPasswordAlgorithm /** * @inheritDoc */ - public function verify(string $password, string $hash): bool - { + public function verify( + #[\SensitiveParameter] + string $password, + string $hash + ): bool { $parts = \explode(':', $hash, 2); $hash = $parts[0]; $salt = $parts[1] ?? ''; @@ -31,8 +34,10 @@ final class Vb5 implements IPasswordAlgorithm /** * @inheritDoc */ - public function hash(string $password): string - { + public function hash( + #[\SensitiveParameter] + string $password + ): string { $salt = Hex::encode(\random_bytes(20)); return $this->hashWithSalt($password, $salt) . ':' . $salt; @@ -41,8 +46,11 @@ final class Vb5 implements IPasswordAlgorithm /** * Returns the hashed password, hashed with a given salt. */ - private function hashWithSalt(string $password, string $salt): string - { + private function hashWithSalt( + #[\SensitiveParameter] + string $password, + string $salt + ): string { return \md5(\md5($password) . $salt); } diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Vb5Argon2.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Vb5Argon2.class.php index dafcb7715b..550c5ae952 100644 --- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Vb5Argon2.class.php +++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Vb5Argon2.class.php @@ -31,16 +31,21 @@ final class Vb5Argon2 implements IPasswordAlgorithm /** * @inheritDoc */ - public function verify(string $password, string $hash): bool - { + public function verify( + #[\SensitiveParameter] + string $password, + string $hash + ): bool { return $this->argon2->verify(\md5($password), $hash); } /** * @inheritDoc */ - public function hash(string $password): string - { + public function hash( + #[\SensitiveParameter] + string $password + ): string { return $this->argon2->hash(\md5($password)); } diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Vb5Bcrypt.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Vb5Bcrypt.class.php index 61140fc97c..e8c32d312a 100644 --- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Vb5Bcrypt.class.php +++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Vb5Bcrypt.class.php @@ -31,16 +31,21 @@ final class Vb5Bcrypt implements IPasswordAlgorithm /** * @inheritDoc */ - public function verify(string $password, string $hash): bool - { + public function verify( + #[\SensitiveParameter] + string $password, + string $hash + ): bool { return $this->bcrypt->verify(\md5($password), $hash); } /** * @inheritDoc */ - public function hash(string $password): string - { + public function hash( + #[\SensitiveParameter] + string $password + ): string { return $this->bcrypt->hash(\md5($password)); } diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Wbb2.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Wbb2.class.php index 5fbff47a12..24b4ec6ed3 100644 --- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Wbb2.class.php +++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Wbb2.class.php @@ -18,8 +18,11 @@ final class Wbb2 implements IPasswordAlgorithm /** * @inheritDoc */ - public function verify(string $password, string $hash): bool - { + public function verify( + #[\SensitiveParameter] + string $password, + string $hash + ): bool { if (\hash_equals($hash, \md5($password))) { return true; } elseif (\hash_equals($hash, \sha1($password))) { @@ -32,8 +35,10 @@ final class Wbb2 implements IPasswordAlgorithm /** * @inheritDoc */ - public function hash(string $password): string - { + public function hash( + #[\SensitiveParameter] + string $password + ): string { return \sha1($password); } diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Wcf1.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Wcf1.class.php index c97c882324..f840fcea81 100644 --- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Wcf1.class.php +++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Wcf1.class.php @@ -19,8 +19,11 @@ final class Wcf1 implements IPasswordAlgorithm /** * @inheritDoc */ - public function verify(string $password, string $hash): bool - { + public function verify( + #[\SensitiveParameter] + string $password, + string $hash + ): bool { $parts = \explode(':', $hash, 2); $hash = $parts[0]; $salt = $parts[1] ?? ''; @@ -31,8 +34,10 @@ final class Wcf1 implements IPasswordAlgorithm /** * @inheritDoc */ - public function hash(string $password): string - { + public function hash( + #[\SensitiveParameter] + string $password + ): string { $salt = Hex::encode(\random_bytes(20)); return $this->hashWithSalt($password, $salt) . ':' . $salt; @@ -41,8 +46,11 @@ final class Wcf1 implements IPasswordAlgorithm /** * Returns the hashed password, hashed with a given salt. */ - private function hashWithSalt(string $password, string $salt): string - { + private function hashWithSalt( + #[\SensitiveParameter] + string $password, + string $salt + ): string { return \sha1($salt . \sha1($salt . \sha1($password))); } diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Wcf1e.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Wcf1e.class.php index 0fc9e4be00..546b25d288 100644 --- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Wcf1e.class.php +++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Wcf1e.class.php @@ -54,8 +54,11 @@ final class Wcf1e implements IPasswordAlgorithm /** * @inheritDoc */ - public function verify(string $password, string $hash): bool - { + public function verify( + #[\SensitiveParameter] + string $password, + string $hash + ): bool { $parts = \explode(':', $hash, 2); $hash = $parts[0]; $salt = $parts[1] ?? ''; @@ -66,8 +69,10 @@ final class Wcf1e implements IPasswordAlgorithm /** * @inheritDoc */ - public function hash(string $password): string - { + public function hash( + #[\SensitiveParameter] + string $password + ): string { $salt = Hex::encode(\random_bytes(20)); return $this->hashWithSalt($password, $salt) . ':' . $salt; @@ -76,8 +81,11 @@ final class Wcf1e implements IPasswordAlgorithm /** * Returns the hashed password, hashed with a given salt. */ - private function hashWithSalt(string $password, string $salt): string - { + private function hashWithSalt( + #[\SensitiveParameter] + string $password, + string $salt + ): string { $hash = ''; if ($this->enableSalting) { if ($this->saltPosition === 'b') { @@ -105,8 +113,10 @@ final class Wcf1e implements IPasswordAlgorithm /** * Encrypts a given string with the used encryption method. */ - private function encrypt(string $string): string - { + private function encrypt( + #[\SensitiveParameter] + string $string + ): string { switch ($this->encryptionMethod) { case 'c': return \crc32($string); diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Wcf2.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Wcf2.class.php index 9e9cc9c836..148b65f0d8 100644 --- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Wcf2.class.php +++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Wcf2.class.php @@ -31,16 +31,21 @@ final class Wcf2 implements IPasswordAlgorithm /** * @inheritDoc */ - public function verify(string $password, string $hash): bool - { + public function verify( + #[\SensitiveParameter] + string $password, + string $hash + ): bool { return $this->doubleBcrypt->verify($password, $hash); } /** * @inheritDoc */ - public function hash(string $password): string - { + public function hash( + #[\SensitiveParameter] + string $password + ): string { return $this->doubleBcrypt->hash($password); } diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Xf1.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Xf1.class.php index b1c82cf0b7..084e47123e 100644 --- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Xf1.class.php +++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Xf1.class.php @@ -19,8 +19,11 @@ final class Xf1 implements IPasswordAlgorithm /** * @inheritDoc */ - public function verify(string $password, string $hash): bool - { + public function verify( + #[\SensitiveParameter] + string $password, + string $hash + ): bool { $parts = \explode(':', $hash, 2); $hash = $parts[0]; $salt = $parts[1] ?? ''; @@ -35,8 +38,10 @@ final class Xf1 implements IPasswordAlgorithm /** * @inheritDoc */ - public function hash(string $password): string - { + public function hash( + #[\SensitiveParameter] + string $password + ): string { $salt = Hex::encode(\random_bytes(20)); return $this->hashWithSalt($password, $salt) . ':' . $salt; @@ -45,8 +50,11 @@ final class Xf1 implements IPasswordAlgorithm /** * Returns the hashed password, hashed with a given salt. */ - private function hashWithSalt(string $password, string $salt): string - { + private function hashWithSalt( + #[\SensitiveParameter] + string $password, + string $salt + ): string { return \hash('sha256', \hash('sha256', $password) . $salt); } diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Xf12.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Xf12.class.php index 1d56bd482c..6f4db359b1 100644 --- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Xf12.class.php +++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Xf12.class.php @@ -31,16 +31,21 @@ final class Xf12 implements IPasswordAlgorithm /** * @inheritDoc */ - public function verify(string $password, string $hash): bool - { + public function verify( + #[\SensitiveParameter] + string $password, + string $hash + ): bool { return $this->bcrypt->verify($password, $hash); } /** * @inheritDoc */ - public function hash(string $password): string - { + public function hash( + #[\SensitiveParameter] + string $password + ): string { return $this->bcrypt->hash($password); } diff --git a/wcfsetup/install/files/lib/system/user/multifactor/totp/Totp.class.php b/wcfsetup/install/files/lib/system/user/multifactor/totp/Totp.class.php index 182f7bc5e7..1e4e7f7312 100644 --- a/wcfsetup/install/files/lib/system/user/multifactor/totp/Totp.class.php +++ b/wcfsetup/install/files/lib/system/user/multifactor/totp/Totp.class.php @@ -40,8 +40,10 @@ final class Totp */ private $secret; - public function __construct(string $secret) - { + public function __construct( + #[\SensitiveParameter] + string $secret + ) { $this->secret = $secret; }