allow to set unusable password

This could be used by plugins such as dokuwiki-plugin-oauth to create
accounts that can only by accessed via SSO.

2 files changed, 21 insertions, 0 deletions

diff --git a/_test/tests/inc/auth_password.test.php b/_test/tests/inc/auth_password.test.php
index d5ad6f2e7..c14c6128e 100644
--- a/_test/tests/inc/auth_password.test.php
+++ b/_test/tests/inc/auth_password.test.php
@@ -73,6 +73,16 @@ class auth_password_test extends DokuWikiTest {
         $this->assertTrue(auth_verifyPassword('foo' . $method, $hash));
     }
 
+    /**
+     * @dataProvider hashes
+     * @param $method
+     * @param $hash
+     */
+    function test_verifyUnusable($method, $hash) {
+        $hash = auth_cryptPassword(null, $method);
+        $this->assertFalse(auth_verifyPassword(null, $hash));
+    }
+
     function test_bcrypt_self() {
         $hash = auth_cryptPassword('foobcrypt', 'bcrypt');
         $this->assertTrue(auth_verifyPassword('foobcrypt', $hash));
diff --git a/inc/auth.php b/inc/auth.php
index 51797e934..166e6b9b3 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -22,6 +22,8 @@ use phpseclib3\Crypt\AES;
 use phpseclib3\Crypt\Common\SymmetricKey;
 use phpseclib3\Exception\BadDecryptionException;
 
+const UNUSABLE_PASSWORD = '!unusable';
+
 /**
  * Initialize the auth system.
  *
@@ -1329,6 +1331,11 @@ function act_resendpwd()
 function auth_cryptPassword($clear, $method = '', $salt = null)
 {
     global $conf;
+
+    if ($clear === null) {
+        return UNUSABLE_PASSWORD;
+    }
+
     if (empty($method)) $method = $conf['passcrypt'];
 
     $pass = new PassHash();
@@ -1354,6 +1361,10 @@ function auth_cryptPassword($clear, $method = '', $salt = null)
  */
 function auth_verifyPassword($clear, $crypt)
 {
+    if ($crypt === UNUSABLE_PASSWORD) {
+        return false;
+    }
+
     $pass = new PassHash();
     return $pass->verify_hash($clear, $crypt);
 }