User injection corrupt password

[achillebnt]

I create a simple model to import/update users, using username and phone as fields associated respectively to login and phone but when i do the import for some reason the password was changed to sha1 hash.

Doing a little debug i found this: writing a text password in database glpi_users.password for example pippo when i do the import that word will be converted to sha1 hash: d012f68144ed0f121d3cc330a17eec528c2e7d59

In the debug mode there is trace of sql query.

[stonebuzz]

Hi @achillebnt

This is the desired and functional behaviour

GLPI is compatible with passwords in sha1 format

as soon as the user updates his password (which is recommended) GLPI will encrypt it with sodium

Best regards

[achillebnt]

It's not a desired and functional behaviour... initially i do it only to update phone number of users and after i had to restore the database because no one can access to the portal.

[stonebuzz]

Ok I had misunderstood the context of the injection

Can you past here your mapping ?

[achillebnt]

Here the mapping

I do my test and i think function processAfterInsertOrUpdate in inc/userinjection.class.php has to be reviewed because this part of code every time you save it take the value in database and rehash it.

I comment out that query commit and my problem was gone.

[stonebuzz]

Can you apply this patch, enable GLPI debug mode
and reduo a CSV import ?

diff --git a/inc/userinjection.class.php b/inc/userinjection.class.php
index 9447426..af2bd72 100644
--- a/inc/userinjection.class.php
+++ b/inc/userinjection.class.php
@@ -174,6 +174,7 @@ class PluginDatainjectionUserInjection extends User implements PluginDatainjecti
             }
         }
 
+        toolbox::logDebug($values['User']);
         if (isset($values['User']['password']) && ($values['User']['password'] != '')) {
            //We use an SQL request because updating the password is unesasy
            //(self reset password process in $user->prepareInputForUpdate())

Then check php-errors.log file (/glpi/files/_log/php-errors.log)

you should see what this call gets

[achillebnt]

Here the return log:

[2024-07-11 13:33:00] glpiphplog.DEBUG: PluginDatainjectionUserInjection::processAfterInsertOrUpdate() in /var/www/html/glpi-test/marketplace/datainjection/inc/userinjection.class.php line 177
Array
  (
      [name] => user.test
      [mobile] => 12345678
      [entities_id] => 0
      [id] => 10
      [password] => 6f851c48ba4b5592aa5340aaea956e3d102eb7b4
      [password_last_update] => NULL
      [phone] => NULL
      [phone2] => NULL
      [realname] => NULL
      [firstname] => NULL
      [locations_id] => 0
      [language] => NULL
      [use_mode] => 0
      [list_limit] => NULL
      [is_active] => 1
      [comment] => NULL
      [auths_id] => 0
      [authtype] => 1
      [last_login] => NULL
      [date_mod] => 2024-07-11 11:18:06
      [date_sync] => NULL
      [is_deleted] => 0
      [profiles_id] => 0
      [usertitles_id] => 0
      [usercategories_id] => 0
      [date_format] => NULL
      [number_format] => NULL
      [names_format] => NULL
      [csv_delimiter] => NULL
      [is_ids_visible] => NULL
      [use_flat_dropdowntree] => NULL
      [show_jobs_at_login] => NULL
      [priority_1] => NULL
      [priority_2] => NULL
      [priority_3] => NULL
      [priority_4] => NULL
      [priority_5] => NULL
      [priority_6] => NULL
      [followup_private] => NULL
      [task_private] => NULL
      [default_requesttypes_id] => NULL
      [password_forget_token] => NULL
      [password_forget_token_date] => NULL
      [user_dn] => NULL
      [user_dn_hash] => NULL
      [registration_number] => NULL
      [show_count_on_tabs] => NULL
      [refresh_views] => NULL
      [set_default_tech] => NULL
      [personal_token] => NULL
      [personal_token_date] => NULL
      [api_token] => NULL
      [api_token_date] => NULL
      [cookie_token] => NULL
      [cookie_token_date] => NULL
      [display_count_on_home] => NULL
      [notification_to_myself] => NULL
      [duedateok_color] => NULL
      [duedatewarning_color] => NULL
      [duedatecritical_color] => NULL
      [duedatewarning_less] => NULL
      [duedatecritical_less] => NULL
      [duedatewarning_unit] => NULL
      [duedatecritical_unit] => NULL
      [display_options] => NULL
      [is_deleted_ldap] => 0
      [pdffont] => NULL
      [picture] => NULL
      [begin_date] => NULL
      [end_date] => NULL
      [keep_devices_when_purging_item] => NULL
      [privatebookmarkorder] => NULL
      [backcreated] => NULL
      [task_state] => NULL
      [palette] => NULL
      [page_layout] => NULL
      [fold_menu] => NULL
      [fold_search] => NULL
      [savedsearches_pinned] => NULL
      [timeline_order] => NULL
      [itil_layout] => NULL
      [richtext_layout] => NULL
      [set_default_requester] => NULL
      [lock_autolock_mode] => NULL
      [lock_directunlock_notification] => NULL
      [date_creation] => 2024-07-11 11:17:41
      [highcontrast_css] => NULL
      [plannings] => NULL
      [sync_field] => NULL
      [groups_id] => 0
      [users_id_supervisor] => 0
      [timezone] => NULL
      [default_dashboard_central] => NULL
      [default_dashboard_assets] => NULL
      [default_dashboard_helpdesk] => NULL
      [default_dashboard_mini_ticket] => NULL
      [default_central_tab] => NULL
      [nickname] => NULL
      [timeline_action_btn_layout] => NULL
      [timeline_date_format] => NULL
      [use_flat_dropdowntree_on_search_result] => NULL
  )
~~~