2022-01-01 13:38:12 +00:00
|
|
|
# Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/
|
2021-08-16 06:49:32 +00:00
|
|
|
|
|
|
|
class Auth
|
|
|
|
class Backend
|
|
|
|
class Internal < Auth::Backend::Base
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
# Validation against the internal database.
|
|
|
|
#
|
|
|
|
# @returns [Boolean] true if the validation works, otherwise false.
|
|
|
|
def authenticated?
|
|
|
|
return true if hash_matches?
|
|
|
|
|
|
|
|
auth.increase_login_failed_attempts = true
|
|
|
|
|
|
|
|
false
|
|
|
|
end
|
|
|
|
|
|
|
|
# Overwrites the default behaviour to only perform this authentication if an internal password exists.
|
|
|
|
#
|
|
|
|
# @returns [Boolean] true if a internal password for the user is present.
|
|
|
|
def perform?
|
|
|
|
return false if !user.verified && user.source == 'signup'
|
|
|
|
|
|
|
|
user.password.present?
|
|
|
|
end
|
|
|
|
|
|
|
|
def hash_matches?
|
2022-03-31 11:50:42 +00:00
|
|
|
# makes sure that very long strings supplied as password
|
|
|
|
# rejected early and not even tried to match to password
|
|
|
|
if !PasswordPolicy::MaxLength.valid? password
|
|
|
|
return false
|
|
|
|
end
|
|
|
|
|
2021-08-16 06:49:32 +00:00
|
|
|
# Because of legacy reason a special check exists and afterwards the
|
|
|
|
# password will be saved in the current format.
|
|
|
|
if PasswordHash.legacy?(user.password, password)
|
|
|
|
user.update!(password: password)
|
|
|
|
return true
|
|
|
|
end
|
|
|
|
|
|
|
|
PasswordHash.verified?(user.password, password)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|