Provide more storage space for password hashes and migrate existing hashes to "md5:"

Summary: Ref T4443. Provide more space; remove the hack-glue.

Test Plan: Logged out, logged in, inspected database.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T4443

Differential Revision: https://secure.phabricator.com/D8269

resources/sql/autopatches/20140218.passwords.1.extend.sql

@@ -0,0 +1,4 @@
+/* Extend from 32 characters to 128. */
+
+ALTER TABLE {$NAMESPACE}_user.user
+  CHANGE passwordHash passwordHash VARCHAR(128) COLLATE utf8_bin;

resources/sql/autopatches/20140218.passwords.2.prefix.sql

@@ -0,0 +1,5 @@
+/* Mark all existing password hashes as "Iterated MD5". */
+
+UPDATE {$NAMESPACE}_user.user
+  SET passwordHash = CONCAT('md5:', passwordHash)
+  WHERE LENGTH(passwordHash) > 0;

src/applications/people/storage/PhabricatorUser.php

@@ -173,8 +173,7 @@ final class PhabricatorUser
 
     return PhabricatorPasswordHasher::comparePassword(
       $this->getPasswordHashInput($envelope),
-      // TODO: For now, we need to add a prefix.
-      new PhutilOpaqueEnvelope('md5:'.$this->getPasswordHash()));
+      new PhutilOpaqueEnvelope($this->getPasswordHash()));
   }
 
   private function getPasswordHashInput(PhutilOpaqueEnvelope $password) {
@@ -188,19 +187,10 @@ final class PhabricatorUser
   }
 
   private function hashPassword(PhutilOpaqueEnvelope $password) {
-
     $hasher = PhabricatorPasswordHasher::getBestHasher();
 
     $input_envelope = $this->getPasswordHashInput($password);
-    $output_envelope = $hasher->getPasswordHashForStorage($input_envelope);
-
-    // TODO: For now, we need to strip the type prefix until we can upgrade
-    // the storage.
-
-    $raw_output = $output_envelope->openEnvelope();
-    $raw_output = substr($raw_output, strlen('md5:'));
-
-    return new PhutilOpaqueEnvelope($raw_output);
+    return $hasher->getPasswordHashForStorage($input_envelope);
   }
 
   const CSRF_CYCLE_FREQUENCY  = 3600;