add tool to hash unhashed site and admin user passwords
authorTony Cook <tony@develop-help.com>
Mon, 27 May 2013 06:01:35 +0000 (16:01 +1000)
committerTony Cook <tony@develop-help.com>
Mon, 27 May 2013 06:01:35 +0000 (16:01 +1000)
MANIFEST
site/cgi-bin/modules/BSE/Upgrade/Passwords.pm [new file with mode: 0644]
site/data/db/sql_statements.data
site/util/bse_upgrade.pl [new file with mode: 0644]

index f843409..3a04fb1 100644 (file)
--- a/MANIFEST
+++ b/MANIFEST
@@ -278,6 +278,7 @@ site/cgi-bin/modules/BSE/UI/Tellafriend.pm
 site/cgi-bin/modules/BSE/UI/Thumb.pm
 site/cgi-bin/modules/BSE/UI/User.pm
 site/cgi-bin/modules/BSE/UI/UserCommon.pm
+site/cgi-bin/modules/BSE/Upgrade/Passwords.pm
 site/cgi-bin/modules/BSE/URL.pm
 site/cgi-bin/modules/BSE/UserReg.pm
 site/cgi-bin/modules/BSE/Util/ContentType.pm
@@ -842,6 +843,7 @@ site/util/bse_session_clean.pl
 site/util/bse_storage.pl
 site/util/bse_template_check.pl
 site/util/bse_thumb.pl
+site/util/bse_upgrade.pl
 site/util/bse_versiondeps.pl
 site/util/bseaddimages.pl
 site/util/bsexlsprod.pl
diff --git a/site/cgi-bin/modules/BSE/Upgrade/Passwords.pm b/site/cgi-bin/modules/BSE/Upgrade/Passwords.pm
new file mode 100644 (file)
index 0000000..6e3da94
--- /dev/null
@@ -0,0 +1,72 @@
+package BSE::Upgrade::Passwords;
+use strict;
+use SiteUsers;
+use BSE::TB::AdminUsers;
+
+our $VERSION = "1.000";
+
+sub upgrade {
+  my ($class, %opts) = @_;
+
+  $class->_upgrade_siteusers(%opts);
+  $class->_upgrade_adminusers(%opts);
+}
+
+sub _upgrade_siteusers {
+  my ($class, %opts) = @_;
+
+  my @users = SiteUsers->getBy
+    (
+     password_type => "plain",
+    );
+  $opts{progress}->("Upgrading site user passwords")
+    if $opts{actions};
+  $opts{progress}->("Found ", scalar @users, " users to upgrade")
+    if $opts{verbose};
+
+  $opts{progress}->("  Not actually doing any password upgrades")
+    if $opts{nothing};
+  for my $user (@users) {
+    $opts{progress}->("  Hashing password for site user '", $user->userId, "'");
+    unless ($opts{nothing}) {
+      $user->changepw
+       (
+        $user->password,
+        'S',
+        msg => "Password for '" . $user->userId . "' hashed",
+       );
+      $user->save;
+    }
+  }
+}
+
+sub _upgrade_adminusers {
+  my ($class, %opts) = @_;
+
+  my @users = BSE::TB::AdminUsers->getBy
+    (
+     password_type => "plain",
+    );
+  $opts{progress}->("Upgrading admin user passwords")
+    if $opts{actions};
+  $opts{progress}->("Found ", scalar @users, " users to upgrade")
+    if $opts{verbose};
+
+  $opts{progress}->("  Not actually doing any password upgrades")
+    if $opts{nothing};
+  for my $user (@users) {
+    $opts{progress}->("  Hashing password for admin user '", $user->logon, "'");
+    unless ($opts{nothing}) {
+      # NOTE: the logging parameters aren't used yet
+      $user->changepw
+       (
+        $user->password,
+        'S',
+        msg => "Password for admin user '" . $user->logon . "' hashed",
+       );
+      $user->save;
+    }
+  }
+}
+
+1;
index cfd2894..dc4b8bb 100644 (file)
@@ -1,5 +1,5 @@
 --
-# VERSION=1.004
+# VERSION=1.005
 name: bse_siteuserSeminarBookingsDetail
 sql_statement: <<SQL
 select ar.*, pr.*, se.*, ss.*, sb.*,
@@ -667,3 +667,8 @@ SQL
 name: bse_lockout_ip
 sql_statement: call bse_ip_lockout(?,?,?)
 
+name: getAdminUserByPassword_type
+sql_statement: <<SQL
+select bs.*, us.* from admin_base bs, admin_users us
+  where bs.id = us.base_id and us.password_type = ?
+SQL
diff --git a/site/util/bse_upgrade.pl b/site/util/bse_upgrade.pl
new file mode 100644 (file)
index 0000000..327f030
--- /dev/null
@@ -0,0 +1,64 @@
+#!perl -w
+use strict;
+use Getopt::Long;
+use FindBin;
+
+Getopt::Long::Configure('bundling');
+my $verbose;
+my $actions;
+my $nothing;
+my $bse_dir = "../cgi-bin";
+my $help;
+GetOptions
+  (
+   "v:i", \$verbose,
+   "a|actions" => \$actions,
+   "b|bse=s" => \$bse_dir,
+   "n|nothing" => \$nothing,
+   "h" => \$help,
+  );
+
+if ($help) {
+  print <<EOS;
+Usage: perl $0 [options]
+Upgrade various bits of BSE.
+
+Currently:
+
+ - hashes unhashed site user passwords
+ - hashes unhashed admin user passwords
+
+Options:
+ -n - only display the actions to perform, but make no changes
+      (displays items as "skipped")
+ -a - display the actions as their done
+ -b cgidir - locate the BSE CGI directory (default ../cgi-bin)
+ -v - display progress
+ -v=2 - more details
+ -h - display this help text
+EOS
+  exit 0;
+}
+
+defined $verbose && !$verbose
+  and $verbose = 1;
+
+my %opts =
+  (
+   verbose => $verbose,
+   actions => $actions,
+   nothing => $nothing,
+   progress => sub { print @_, "\n" },
+  );
+
+unshift @INC, "$bse_dir/modules";
+
+-d "$bse_dir/modules"
+  or die "$0: $bse_dir isn't a BSE cgi-bin\n";
+
+require BSE::API;
+
+BSE::API::bse_init($bse_dir);
+
+require BSE::Upgrade::Passwords;
+BSE::Upgrade::Passwords->upgrade(%opts);