From f64db10633c05cd299677c0236a63b4da673feb4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=B4me=20Chilliet?= <come.chilliet@fusiondirectory.org>
Date: Thu, 6 May 2021 11:45:15 +0200
Subject: [PATCH] :sparkles: feat(core) Refactor userPassword template storing
 to something more sensible

The new format is method|locked|password, which makes a lot more sense
 than storing a bogus hash for templates, and fixes problems with clear
 method.

The code can still read the old format so transition should be fine.

issue #6163
---
 .../generic/class_UserPasswordAttribute.inc       | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/plugins/personal/generic/class_UserPasswordAttribute.inc b/plugins/personal/generic/class_UserPasswordAttribute.inc
index 1c7fc460c..c6c938330 100644
--- a/plugins/personal/generic/class_UserPasswordAttribute.inc
+++ b/plugins/personal/generic/class_UserPasswordAttribute.inc
@@ -192,7 +192,14 @@ class UserPasswordAttribute extends CompositeAttribute
         if ($value == '%askme%') {
           return ['%askme%', '', '', $value, 'FALSE'];
         }
-        list($value, $password) = explode('|', $value, 2);
+        $parts = explode('|', $value, 3);
+        if ((count($parts) < 3) || !in_array($parts[1], ['TRUE','FALSE'])) {
+          /* Old format from FD<1.4 */
+          list($value, $password) = $parts;
+        } else {
+          list($pw_storage, $locked, $password) = $parts;
+          return [$pw_storage, $password, $password, $this->attributes[3]->getValue(), $locked];
+        }
       }
       $tmp = passwordMethod::get_method($value);
       if (is_object($tmp)) {
@@ -221,11 +228,11 @@ class UserPasswordAttribute extends CompositeAttribute
       trigger_error('Unknown password method '.$values[0]);
       return $values[3];
     }
-    $test = new $temp[$values[0]]($this->plugin->dn, $this->plugin);
-    $test->set_hash($values[0]);
     if ($this->plugin->is_template) {
-      return $test->generate_hash($values[1], ($values[4] == 'TRUE')).'|'.$values[1];
+      return $values[0].'|'.$values[4].'|'.$values[1];
     } else {
+      $test = new $temp[$values[0]]($this->plugin->dn, $this->plugin);
+      $test->set_hash($values[0]);
       return $test->generate_hash($values[1]);
     }
   }
-- 
GitLab