[Bug]: Base64 encoding of Argon2 password hashes

[augke]

Is there an existing issue for this?

• I have searched the existing issues

Environment

- OS: Debian 13
- PHP: 8.4.15 (Docker)
- LDAP Server: OpenLDAP

PLA Code

Docker hub

PLA Version

v2.3.5

Current Behavior

Argon2id hashed passwords set with LDIF files show up as CLEAR in phpLDAPadmin web interface. Check password function with correct password fails with invalid credentials.

Bind operation (through e.g. ldapsearch) with Argon2id hashed passwords set though phpLDAPadmin web interface fails with invalid credentials.

Expected Behavior

Argon2id hashed passwords set with LDIF files show up as {ARGON2} in phpLDAPadmin web interface. Check password function with correct password does not fail with invalid credentials.

Bind operation (through e.g. ldapsearch) with Argon2id hashed passwords set though phpLDAPadmin web interface does not fail with invalid credentials.

Steps To Reproduce

Set Argon2id hashed password with LDIF file. Use check password function in web-interface.
Set Argon2id hashed password from phpLDAPadmin web interface. Use ldapsearch to test bind operation.

Relevant log output

Anything else?

First of all: Thank you for this software!

Digging after a cause for bind operations failing, I noticed that the Argon2id hash was base64 encoded when set from the phpLDAPadmin web interface and weren't when set with an LDIF file. Bind operations in phpLDAPadmin only worked when the password was set through the web interface, and vice versa for LDIF/ldapsearch.

I've found a relevant issue #316 with fix in commit f8d7819, removing base64 encoding from app/Classes/LDAP/Attribute/Password/Argon2i.php

I've applied the same fix for app/Classes/LDAP/Attribute/Password/Argon2id.php which seems to fix the issue.

Pull request 426 opened with patch.

[leenooks]

Thanks for reporting this, PR applied.