From b7dd5e8d0d38861e5b6d9f5d065a4954654677b8 Mon Sep 17 00:00:00 2001 From: Eugene Tsai Date: Fri, 2 Aug 2019 10:15:53 +0300 Subject: [PATCH] Addition method of validation pass for magento 2.3 has been added. (#47) Fixes: https://github.com/macopedia/magmi-m2/issues/42 https://github.com/macopedia/magmi-m2/issues/45 --- magmi/inc/magmi_auth.php | 33 +++++++++++++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) diff --git a/magmi/inc/magmi_auth.php b/magmi/inc/magmi_auth.php index dee6a56e..1afcf480 100644 --- a/magmi/inc/magmi_auth.php +++ b/magmi/inc/magmi_auth.php @@ -44,10 +44,39 @@ private function validatePass($hash,$pass){ $hash = explode(":",$hash); $cecheck = md5($hash[1] . $pass); $eecheck = hash('sha256',$hash[1] . $pass); - $valid=($cecheck == $hash[0] || $eecheck== $hash[0]); + $eecheckArgo = $this->getArgonHash($pass, $hash[1]); + $valid = ($cecheck == $hash[0] || $eecheck == $hash[0] || $eecheckArgo == $hash[0]); return $valid; } + + /** + * Generate Argon2ID13 hash. + * Got from \Magento\Framework\Encryption\Encryptor + * + * @param string $data + * @param string $salt + * @return string + */ + private function getArgonHash($data, $salt = ''){ + $salt = empty($salt) ? + random_bytes(SODIUM_CRYPTO_PWHASH_SALTBYTES) : + substr($salt, 0, SODIUM_CRYPTO_PWHASH_SALTBYTES); + + if (strlen($salt) < SODIUM_CRYPTO_PWHASH_SALTBYTES) { + $salt = str_pad($salt, SODIUM_CRYPTO_PWHASH_SALTBYTES, $salt); + } + + return bin2hex(sodium_crypto_pwhash( + SODIUM_CRYPTO_SIGN_SEEDBYTES, + $data, + $salt, + SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, + SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE, + SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13 + )); + } + public function engineInit($params) { @@ -58,4 +87,4 @@ public function engineRun($params) { // TODO: Implement engineRun() method. } -} \ No newline at end of file +}