From e1a22868bf6576d05cdb4bb25ee03f3bd9a5e4d4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20Cailly?= <ccailly@teclib.com>
Date: Mon, 18 Dec 2023 12:34:09 +0100
Subject: [PATCH] fix: use md5 algo and drop virtual key usage

---
 .../migrations/update_10.0.11_to_10.0.12.php  | 72 +++++++++++++++++++
 .../user.php                                  | 13 +++-
 install/mysql/glpi-empty.sql                  |  2 +-
 src/User.php                                  | 20 +++++-
 4 files changed, 102 insertions(+), 5 deletions(-)
 create mode 100644 install/migrations/update_10.0.11_to_10.0.12.php
 rename install/migrations/{update_10.0.10_to_10.0.11 => update_10.0.11_to_10.0.12}/user.php (86%)

diff --git a/install/migrations/update_10.0.11_to_10.0.12.php b/install/migrations/update_10.0.11_to_10.0.12.php
new file mode 100644
index 000000000000..76acd917e3c0
--- /dev/null
+++ b/install/migrations/update_10.0.11_to_10.0.12.php
@@ -0,0 +1,72 @@
+<?php
+
+/**
+ * ---------------------------------------------------------------------
+ *
+ * GLPI - Gestionnaire Libre de Parc Informatique
+ *
+ * http://glpi-project.org
+ *
+ * @copyright 2015-2023 Teclib' and contributors.
+ * @copyright 2003-2014 by the INDEPNET Development Team.
+ * @licence   https://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * ---------------------------------------------------------------------
+ *
+ * LICENSE
+ *
+ * This file is part of GLPI.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
+ * ---------------------------------------------------------------------
+ */
+
+/**
+ * Update from 10.0.11 to 10.0.12
+ *
+ * @return bool for success (will die for most error)
+ **/
+function update10011to10012()
+{
+    /**
+     * @var \DBmysql $DB
+     * @var \Migration $migration
+     */
+    global $DB, $migration;
+
+    $updateresult       = true;
+    $ADDTODISPLAYPREF   = [];
+    $DELFROMDISPLAYPREF = [];
+    $update_dir = __DIR__ . '/update_10.0.11_to_10.0.12/';
+
+    //TRANS: %s is the number of new version
+    $migration->displayTitle(sprintf(__('Update to %s'), '10.0.12'));
+    $migration->setVersion('10.0.12');
+
+    $update_scripts = scandir($update_dir);
+    foreach ($update_scripts as $update_script) {
+        if (preg_match('/\.php$/', $update_script) !== 1) {
+            continue;
+        }
+        require $update_dir . $update_script;
+    }
+
+    // ************ Keep it at the end **************
+    $migration->updateDisplayPrefs($ADDTODISPLAYPREF, $DELFROMDISPLAYPREF);
+
+    $migration->executeMigration();
+
+    return $updateresult;
+}
diff --git a/install/migrations/update_10.0.10_to_10.0.11/user.php b/install/migrations/update_10.0.11_to_10.0.12/user.php
similarity index 86%
rename from install/migrations/update_10.0.10_to_10.0.11/user.php
rename to install/migrations/update_10.0.11_to_10.0.12/user.php
index b854f0729996..efeaf39dea24 100644
--- a/install/migrations/update_10.0.10_to_10.0.11/user.php
+++ b/install/migrations/update_10.0.11_to_10.0.12/user.php
@@ -34,13 +34,24 @@
  */
 
 /**
+ * @var \DBmysql $DB
  * @var \Migration $migration
  */
 
 // Add user_dn_hash field
-$migration->addField('glpi_users', 'user_dn_hash', 'varchar(255) GENERATED ALWAYS AS (sha2(`user_dn`,256)) VIRTUAL', [
+$migration->addField('glpi_users', 'user_dn_hash', 'varchar(255)', [
     'after'  => 'user_dn',
 ]);
 
+$migration->addPostQuery($DB->buildUpdate(
+    'glpi_users',
+    [
+        'user_dn_hash' => new \QueryExpression('MD5(`user_dn`)'),
+    ],
+    [
+        'user_dn' => ['!=', null]
+    ]
+));
+
 // Add user_dn_hash index
 $migration->addKey('glpi_users', 'user_dn_hash');
diff --git a/install/mysql/glpi-empty.sql b/install/mysql/glpi-empty.sql
index 3ed9c3ec8c64..9db49660bf53 100644
--- a/install/mysql/glpi-empty.sql
+++ b/install/mysql/glpi-empty.sql
@@ -7610,7 +7610,7 @@ CREATE TABLE `glpi_users` (
   `password_forget_token` char(40) DEFAULT NULL,
   `password_forget_token_date` timestamp NULL DEFAULT NULL,
   `user_dn` text,
-  `user_dn_hash` varchar(255) GENERATED ALWAYS AS (sha2(`user_dn`,256)) VIRTUAL,
+  `user_dn_hash` varchar(255),
   `registration_number` varchar(255) DEFAULT NULL,
   `show_count_on_tabs` tinyint DEFAULT NULL,
   `refresh_views` int DEFAULT NULL,
diff --git a/src/User.php b/src/User.php
index 2d47491f85b6..c8a9b6ae09b5 100644
--- a/src/User.php
+++ b/src/User.php
@@ -550,8 +550,6 @@ public function getFromDBbySyncField($value)
     /**
      * Retrieve a user from the database using it's dn.
      *
-     * @since 0.84
-     *
      * @param string $user_dn dn of the user
      *
      * @return boolean
@@ -559,7 +557,7 @@ public function getFromDBbySyncField($value)
     public function getFromDBbyDn($user_dn)
     {
         return $this->getFromDBByCrit([
-            'user_dn_hash' => hash('sha256', $user_dn)
+            'user_dn_hash' => md5($user_dn)
         ]);
     }
 
@@ -892,6 +890,14 @@ public function post_addItem()
                 $right->add($affectation);
             }
         }
+
+        // Hash user_dn if set
+        if (isset($this->input['user_dn'])) {
+            $this->update([
+                'id' => $this->fields['id'],
+                'user_dn_hash' => md5($this->input['user_dn'])
+            ]);
+        }
     }
 
 
@@ -1187,6 +1193,14 @@ public function post_updateItem($history = true)
                 true
             );
         }
+
+        // Hash user_dn if is updated
+        if (in_array('user_dn', $this->updates)) {
+            $this->update([
+                'id' => $this->fields['id'],
+                'user_dn_hash' => md5($this->fields['user_dn'])
+            ]);
+        }
     }