Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AuthDrupal.pm has no reference to what Drupal version is to be used #25

Open
nilsmau opened this issue Dec 8, 2024 · 1 comment
Open

AuthDrupal.pm has no reference to what Drupal version is to be used #25

nilsmau opened this issue Dec 8, 2024 · 1 comment

Comments

@nilsmau
Copy link

nilsmau commented Dec 8, 2024

I cannot find any documentation on what Drupal version the interfaces are supposed to work with.

For Drupal 11.0.9 the druapl_tim sub in AuthDrupal.pm has to be adapted as it does not match the Drupal DB structure anymore, please see below.
Additionally, Drupal is apparently hashing the password differently now than before, thus sub Authenticate in AuthDrupal.pm is not able to authenticate anymore.

Please make required Drupal version explicit in documentation.

sub drupal_tim
  {
  (#) Periodic drupal maintenance

  AE::log info => '- - - Periodic Drupal maintenance';

  FunctionCall('DbDoSQL',
    'INSERT INTO ovms_owners SELECT uid,name,mail,pass,status,0,utc_timestamp() FROM users_field_data '
  . 'WHERE (users_field_data.uid NOT IN (SELECT owner FROM ovms_owners) AND users_field_data.uid != 0)');
# original query:
#    'INSERT INTO ovms_owners SELECT uid,name,mail,pass,status,0,utc_timestamp() FROM users '
#  . 'WHERE users.uid NOT IN (SELECT owner FROM ovms_owners)');


  FunctionCall('DbDoSQL',
    'UPDATE ovms_owners LEFT JOIN users_field_data ON users_field_data.uid=ovms_owners.owner '
  . 'SET ovms_owners.pass=users_field_data.pass, ovms_owners.status=users_field_data.status, ovms_owners.name=users_field_data.name, ovms_owners.mail=users_field_data.mail,'
  . '    ovms_owners.deleted=0, ovms_owners.changed=UTC_TIMESTAMP() '
  . 'WHERE users_field_data.pass<>ovms_owners.pass OR users_field_data.status<>ovms_owners.status OR users_field_data.name<>ovms_owners.name OR users_field_data.mail <> ovms_owners.mail');
# original query:
#    'UPDATE ovms_owners LEFT JOIN users ON users.uid=ovms_owners.owner '
#  . 'SET ovms_owners.pass=users.pass, ovms_owners.status=users.status, ovms_owners.name=users.name, ovms_owners.mail=users.mail, '
#  . '    ovms_owners.deleted=0, ovms_owners.changed=UTC_TIMESTAMP() '
#  . 'WHERE users.pass<>ovms_owners.pass OR users.status<>ovms_owners.status OR users.name<>ovms_owners.name OR users.mail<>ovms_owners.mail');


  FunctionCall('DbDoSQL',
    'UPDATE ovms_owners SET deleted=1,changed=UTC_TIMESTAMP() WHERE deleted=0 AND owner NOT IN (SELECT uid FROM users_field_data)');
# original query:
#    'UPDATE ovms_owners SET deleted=1,changed=UTC_TIMESTAMP() WHERE deleted=0 AND owner NOT IN (SELECT uid FROM users)');
}
@nilsmau
Copy link
Author

nilsmau commented Dec 8, 2024
edited
Loading

For Drupal 11.0.9 changing AuthDrupal.pm line 85
from:
if ($encoded eq $dbpass)
to
if (PHP::Functions::Password::password_verify($password, $dbpass) eq 1)
allows for proper authentication.
lines 70 to 83 (encoding the user provided password to a hash the old fashioned way) can probably be omitted.

(you need to install PHP::Functions via cpanm PHP::Functions::Password

@nilsmau nilsmau changed the title AuthDrupal.pm as no reference to what Drupal version is to be used AuthDrupal.pm has no reference to what Drupal version is to be used Dec 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nilsmau