ENH Deprecate old password encryptors

silverstripe · Sep 19, 2023 · de19dde · de19dde
1 parent 9ccba6b
commit de19dde
Show file tree

Hide file tree

Showing 5 changed files with 52 additions and 2 deletions.
diff --git a/src/Security/PasswordEncryptor_LegacyPHPHash.php b/src/Security/PasswordEncryptor_LegacyPHPHash.php
@@ -2,15 +2,28 @@
 
 namespace SilverStripe\Security;
 
+use SilverStripe\Dev\Deprecation;
+
 /**
  * Legacy implementation for SilverStripe 2.1 - 2.3,
  * which had a design flaw in password hashing that caused
  * the hashes to differ between architectures due to
  * floating point precision problems in base_convert().
  * See http://open.silverstripe.org/ticket/3004
+ *
+ * @deprecated 5.2.0 Will be removed without equivalent functionality to replace it.
  */
 class PasswordEncryptor_LegacyPHPHash extends PasswordEncryptor_PHPHash
 {
+    public function __construct()
+    {
+        Deprecation::notice(
+            '5.2.0',
+            'Will be removed without equivalent functionality to replace it.',
+            Deprecation::SCOPE_CLASS
+        );
+    }
+
     public function encrypt($password, $salt = null, $member = null)
     {
         $password = parent::encrypt($password, $salt, $member);

diff --git a/src/Security/PasswordEncryptor_MySQLOldPassword.php b/src/Security/PasswordEncryptor_MySQLOldPassword.php
@@ -2,13 +2,25 @@
 
 namespace SilverStripe\Security;
 
+use SilverStripe\Dev\Deprecation;
 use SilverStripe\ORM\DB;
 
 /**
  * Uses MySQL's OLD_PASSWORD encyrption. Requires an active DB connection.
+ *
+ * @deprecated 5.2.0 Will be removed without equivalent functionality to replace it.
  */
 class PasswordEncryptor_MySQLOldPassword extends PasswordEncryptor
 {
+    public function __construct()
+    {
+        Deprecation::notice(
+            '5.2.0',
+            'Will be removed without equivalent functionality to replace it.',
+            Deprecation::SCOPE_CLASS
+        );
+    }
+
     public function encrypt($password, $salt = null, $member = null)
     {
         return DB::prepared_query("SELECT OLD_PASSWORD(?)", [$password])->value();

diff --git a/src/Security/PasswordEncryptor_MySQLPassword.php b/src/Security/PasswordEncryptor_MySQLPassword.php
@@ -2,13 +2,25 @@
 
 namespace SilverStripe\Security;
 
+use SilverStripe\Dev\Deprecation;
 use SilverStripe\ORM\DB;
 
 /**
  * Uses MySQL's PASSWORD encryption. Requires an active DB connection.
+ *
+ * @deprecated 5.2.0 Will be removed without equivalent functionality to replace it.
  */
 class PasswordEncryptor_MySQLPassword extends PasswordEncryptor
 {
+    public function __construct()
+    {
+        Deprecation::notice(
+            '5.2.0',
+            'Will be removed without equivalent functionality to replace it.',
+            Deprecation::SCOPE_CLASS
+        );
+    }
+
     public function encrypt($password, $salt = null, $member = null)
     {
         return DB::prepared_query("SELECT PASSWORD(?)", [$password])->value();

diff --git a/src/Security/PasswordEncryptor_None.php b/src/Security/PasswordEncryptor_None.php
@@ -2,13 +2,25 @@
 
 namespace SilverStripe\Security;
 
+use SilverStripe\Dev\Deprecation;
+
 /**
  * Cleartext passwords (used in SilverStripe 2.1).
- * Also used when Security::$encryptPasswords is set to FALSE.
  * Not recommended.
+ *
+ * @deprecated 5.2.0 Will be removed without equivalent functionality to replace it.
  */
 class PasswordEncryptor_None extends PasswordEncryptor
 {
+    public function __construct()
+    {
+        Deprecation::notice(
+            '5.2.0',
+            'Will be removed without equivalent functionality to replace it.',
+            Deprecation::SCOPE_CLASS
+        );
+    }
+
     public function encrypt($password, $salt = null, $member = null)
     {
         return $password;

diff --git a/tests/php/Security/PasswordEncryptorTest.php b/tests/php/Security/PasswordEncryptorTest.php
@@ -5,6 +5,7 @@
 use SilverStripe\Security\PasswordEncryptor_Blowfish;
 use SilverStripe\Security\PasswordEncryptor;
 use SilverStripe\Core\Config\Config;
+use SilverStripe\Dev\Deprecation;
 use SilverStripe\Dev\SapphireTest;
 use SilverStripe\Security\PasswordEncryptor_LegacyPHPHash;
 use SilverStripe\Security\PasswordEncryptor_NotFoundException;
@@ -155,7 +156,7 @@ public function testEncryptorLegacyPHPHashCheck()
             'encryptors',
             ['test_sha1legacy' => [PasswordEncryptor_LegacyPHPHash::class => 'sha1']]
         );
-        $e = PasswordEncryptor::create_for_algorithm('test_sha1legacy');
+        $e = Deprecation::withNoReplacement(fn() => PasswordEncryptor::create_for_algorithm('test_sha1legacy'));
         // precomputed hashes for 'mypassword' from different architectures
         $amdHash = 'h1fj0a6m4o6k0sosks88oo08ko4gc4s';
         $intelHash = 'h1fj0a6m4o0g04ocg00o4kwoc4wowws';