Merge pull request dokuwiki#4388 from xi/unusable-password

allow to set unusable password

Author: splitbrain

_test/tests/inc/auth_password.test.php

@@ -73,6 +73,16 @@ function test_verifySelf($method, $hash) {
         $this->assertTrue(auth_verifyPassword('foo' . $method, $hash));
     }
 
+    /**
+     * @dataProvider hashes
+     * @param $method
+     * @param $hash
+     */
+    function test_verifyUnusable($method, $hash) {
+        $hash = auth_cryptPassword(null, $method);
+        $this->assertFalse(auth_verifyPassword(null, $hash));
+    }
+
     function test_bcrypt_self() {
         $hash = auth_cryptPassword('foobcrypt', 'bcrypt');
         $this->assertTrue(auth_verifyPassword('foobcrypt', $hash));

inc/auth.php

@@ -1319,6 +1319,8 @@ function act_resendpwd()
  * If the selected method needs a salt and none was given, a random one
  * is chosen.
  *
+ * You can pass null as the password to create an unusable hash.
+ *
  * @author  Andreas Gohr <[email protected]>
  *
  * @param string $clear The clear text password
@@ -1329,6 +1331,11 @@ function act_resendpwd()
 function auth_cryptPassword($clear, $method = '', $salt = null)
 {
     global $conf;
+
+    if ($clear === null) {
+        return DOKU_UNUSABLE_PASSWORD;
+    }
+
     if (empty($method)) $method = $conf['passcrypt'];
 
     $pass = new PassHash();
@@ -1354,6 +1361,10 @@ function auth_cryptPassword($clear, $method = '', $salt = null)
  */
 function auth_verifyPassword($clear, $crypt)
 {
+    if ($crypt === DOKU_UNUSABLE_PASSWORD) {
+        return false;
+    }
+
     $pass = new PassHash();
     return $pass->verify_hash($clear, $crypt);
 }

inc/defines.php

@@ -65,6 +65,12 @@
 define('DOKU_MEDIA_INUSE', 4);
 define('DOKU_MEDIA_EMPTY_NS', 8);
 
+/**
+ * Unusable password hash
+ * @file inc/auth.php
+ */
+define('DOKU_UNUSABLE_PASSWORD', '!unusable');
+
 /**
  * Mail header constants
  *