feat(user): optimize User::getFromDBbyDn() by adding user_dn_hash

fix(auth-ldap): unset user_dn_hash for sql insert

feat(composer.json): add ext-hash to required PHP extensions

Revert "feat(composer.json): add ext-hash to required PHP extensions"

This reverts commit 370b4f4.

chore: Update ComposerRequireChecker config to whitelist hash function

Revert "chore: Update ComposerRequireChecker config to whitelist hash function"

This reverts commit 8e3cdc9.

fix: use md5 algo and drop virtual key usage

install/migrations/update_10.0.x_to_10.1.0/user.php

@@ -50,3 +50,21 @@
 
 $migration->addConfig(['show_search_form' => 0]);
 Config::deleteConfigurationValues('core', ['fold_search']);
+
+// Add user_dn_hash field
+$migration->addField('glpi_users', 'user_dn_hash', 'varchar(255)', [
+    'after'  => 'user_dn',
+]);
+
+$migration->addPostQuery($DB->buildUpdate(
+    'glpi_users',
+    [
+        'user_dn_hash' => new \QueryExpression('MD5(`user_dn`)'),
+    ],
+    [
+        'user_dn' => ['!=', null]
+    ]
+));
+
+// Add user_dn_hash index
+$migration->addKey('glpi_users', 'user_dn_hash');

install/mysql/glpi-empty.sql

@@ -7770,6 +7770,7 @@ CREATE TABLE `glpi_users` (
   `password_forget_token` char(40) DEFAULT NULL,
   `password_forget_token_date` timestamp NULL DEFAULT NULL,
   `user_dn` text,
+  `user_dn_hash` varchar(255),
   `registration_number` varchar(255) DEFAULT NULL,
   `show_count_on_tabs` tinyint DEFAULT NULL,
   `refresh_views` int DEFAULT NULL,
@@ -7856,6 +7857,7 @@ CREATE TABLE `glpi_users` (
   KEY `users_id_supervisor` (`users_id_supervisor`),
   KEY `auths_id` (`auths_id`),
   KEY `default_requesttypes_id` (`default_requesttypes_id`),
+  KEY `user_dn_hash` (`user_dn_hash`),
   KEY `substitution_end_date` (`substitution_end_date`),
   KEY `substitution_start_date` (`substitution_start_date`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci ROW_FORMAT=DYNAMIC;

src/User.php

@@ -557,15 +557,15 @@ public function getFromDBbySyncField($value)
     /**
      * Retrieve a user from the database using it's dn.
      *
-     * @since 0.84
-     *
      * @param string $user_dn dn of the user
      *
      * @return boolean
      */
     public function getFromDBbyDn($user_dn)
     {
-        return $this->getFromDBByCrit(['user_dn' => $user_dn]);
+        return $this->getFromDBByCrit([
+            'user_dn_hash' => md5($user_dn)
+        ]);
     }
 
     /**
@@ -914,6 +914,14 @@ public function post_addItem()
                 Session::addMessageAfterRedirect($e->getMessage(), false, ERROR);
             }
         }
+
+        // Hash user_dn if set
+        if (isset($this->input['user_dn'])) {
+            $this->update([
+                'id' => $this->fields['id'],
+                'user_dn_hash' => md5($this->input['user_dn'])
+            ]);
+        }
     }
 
 
@@ -1230,6 +1238,14 @@ public function post_updateItem($history = true)
                 E_USER_WARNING
             );
         }
+
+        // Hash user_dn if is updated
+        if (in_array('user_dn', $this->updates)) {
+            $this->update([
+                'id' => $this->fields['id'],
+                'user_dn_hash' => md5($this->fields['user_dn'])
+            ]);
+        }
     }
 
 

tests/LDAP/AuthLdap.php

@@ -1337,6 +1337,7 @@ public function testLdapAuth()
         unset($dup['id']);
         unset($dup['date_creation']);
         unset($dup['date_mod']);
+        unset($dup['user_dn_hash']);
         $aid = $dup['auths_id'];
         $dup['auths_id'] = $aid + 1;