From 79d0450c7758c6e43fa3a7cea377d5029de63829 Mon Sep 17 00:00:00 2001
From: James Cole <thegrumpydictator@gmail.com>
Date: Thu, 8 Mar 2018 20:44:56 +0100
Subject: [PATCH] Implement new password verifier #1187

---
 app/Http/Controllers/Auth/LoginController.php | 23 ++----
 app/Providers/FireflyServiceProvider.php      |  3 +-
 app/Services/Password/PwndVerifierV2.php      | 71 +++++++++++++++++++
 3 files changed, 77 insertions(+), 20 deletions(-)
 create mode 100644 app/Services/Password/PwndVerifierV2.php

diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php
index e6a4bfcc9b..8b76348ea1 100644
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@@ -22,14 +22,13 @@ declare(strict_types=1);
 
 namespace FireflyIII\Http\Controllers\Auth;
 
+use DB;
 use FireflyConfig;
 use FireflyIII\Http\Controllers\Controller;
-use FireflyIII\Models\TransactionCurrency;
 use FireflyIII\User;
 use Illuminate\Cookie\CookieJar;
 use Illuminate\Foundation\Auth\AuthenticatesUsers;
 use Illuminate\Http\Request;
-use Schema;
 
 /**
  * @codeCoverageIgnore
@@ -123,23 +122,9 @@ class LoginController extends Controller
      */
     public function showLoginForm(Request $request)
     {
-        // check for presence of tables:
-        $hasTable = Schema::hasTable('users');
-
-        if (!$hasTable) {
-            $message
-                = 'Firefly III could not find the "users" table. This is a strong indication your database credentials are wrong or the database has not been initialized. Did you follow the installation instructions correctly?';
-
-            return view('error', compact('message'));
-        }
-
-        // check for presence of currency:
-        $currency = TransactionCurrency::where('code', 'EUR')->first();
-        if (null === $currency) {
-            $message
-                = 'Firefly III could not find the EURO currency. This is a strong indication the database has not been initialized correctly. Did you follow the installation instructions?';
-
-            return view('error', compact('message'));
+        $count = DB::table('users')->count();
+        if ($count === 0) {
+            return redirect(route('register')); // @codeCoverageIgnore
         }
 
         // forget 2fa session thing.
diff --git a/app/Providers/FireflyServiceProvider.php b/app/Providers/FireflyServiceProvider.php
index f04fad6fa2..2b56a7f1fd 100644
--- a/app/Providers/FireflyServiceProvider.php
+++ b/app/Providers/FireflyServiceProvider.php
@@ -47,6 +47,7 @@ use FireflyIII\Repositories\TransactionType\TransactionTypeRepositoryInterface;
 use FireflyIII\Repositories\User\UserRepository;
 use FireflyIII\Repositories\User\UserRepositoryInterface;
 use FireflyIII\Services\Password\PwndVerifier;
+use FireflyIII\Services\Password\PwndVerifierV2;
 use FireflyIII\Services\Password\Verifier;
 use FireflyIII\Support\Amount;
 use FireflyIII\Support\ExpandedForm;
@@ -176,6 +177,6 @@ class FireflyServiceProvider extends ServiceProvider
         $this->app->bind(BudgetReportHelperInterface::class, BudgetReportHelper::class);
 
         // password verifier thing
-        $this->app->bind(Verifier::class, PwndVerifier::class);
+        $this->app->bind(Verifier::class, PwndVerifierV2::class);
     }
 }
diff --git a/app/Services/Password/PwndVerifierV2.php b/app/Services/Password/PwndVerifierV2.php
new file mode 100644
index 0000000000..09686d6a66
--- /dev/null
+++ b/app/Services/Password/PwndVerifierV2.php
@@ -0,0 +1,71 @@
+<?php
+/**
+ * PwndVerifierV2.php
+ * Copyright (c) 2018 thegrumpydictator@gmail.com
+ *
+ * This file is part of Firefly III.
+ *
+ * Firefly III is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Firefly III is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Firefly III. If not, see <http://www.gnu.org/licenses/>.
+ */
+declare(strict_types=1);
+
+namespace FireflyIII\Services\Password;
+
+use Log;
+use Requests;
+use Requests_Exception;
+
+/**
+ * Class PwndVerifierV2.
+ */
+class PwndVerifierV2 implements Verifier
+{
+    /**
+     * Verify the given password against (some) service.
+     *
+     * @param string $password
+     *
+     * @return bool
+     */
+    public function validPassword(string $password): bool
+    {
+        $hash   = sha1($password);
+        $prefix = substr($hash, 0, 5);
+        $rest   = substr($hash, 5);
+        $uri    = sprintf('https://api.pwnedpasswords.com/range/%s', $prefix);
+        $opt    = ['useragent' => 'Firefly III v' . config('firefly.version'), 'timeout' => 2];
+
+        Log::debug(sprintf('hash prefix is %s', $prefix));
+        Log::debug(sprintf('rest is %s', $rest));
+
+        try {
+            $result = Requests::get($uri, $opt);
+        } catch (Requests_Exception $e) {
+            return true;
+        }
+        Log::debug(sprintf('Status code returned is %d', $result->status_code));
+        if (404 === $result->status_code) {
+            return true;
+        }
+        $strpos = stripos($result->body, $rest);
+        if ($strpos === false) {
+            Log::debug(sprintf('%s was not found in result body. Return true.', $rest));
+
+            return true;
+        }
+        Log::debug('Could not find %s, return FALSE.');
+
+        return false;
+    }
+}