phorge-phorge

revi-archive/phorge-phorge

Fork 0

mirror of https://we.phorge.it/source/phorge.git synced 2025-03-04 00:19:18 +01:00

Commit graph

Author	SHA1	Message	Date
epriestley	5a8a56f414	Prepare the new AuthPassword infrastructure for storing account passwords Summary: Ref T13043. In D18898 I moved VCS passwords to the new shared infrastructure. Before account passwords can move, we need to make two changes: - For legacy reasons, VCS passwords and Account passwords have different "digest" algorithms. Both are more complicated than they should be, but we can't easily fix it without breaking existing passwords. Add a `PasswordHashInterface` so that objects which can have passwords hashes can implement custom digest logic for each password type. - Account passwords have a dedicated external salt (`PhabricatorUser->passwordSalt`). This is a generally reasonable thing to support (since not all hashers are self-salting) and we need to keep it around so existing passwords still work. Add salt support to `AuthPassword` and make it generate/regenerate when passwords are updated. Then add a nice story about password digestion. Test Plan: Ran migrations. Used an existing VCS password; changed VCS password. Tried to use a revoked password. Unit tests still pass. Grepped for callers to legacy `PhabricatorHash::digestPassword()`, found none. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13043 Differential Revision: https://secure.phabricator.com/D18900	2018-01-23 10:57:40 -08:00
epriestley	bb12f4bab7	Add test coverage to the PasswordEngine upgrade workflow and fix a few bugs Summary: Ref T13043. When we verify a password and a better hasher is available, we automatically upgrade the stored hash to the stronger hasher. Add test coverage for this workflow and fix a few bugs and issues, mostly related to shuffling the old hasher name into the transaction. This doesn't touch anything user-visible yet. Test Plan: Ran unit tests. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13043 Differential Revision: https://secure.phabricator.com/D18897	2018-01-23 10:55:35 -08:00
epriestley	c280c85772	Consolidate password verification/revocation logic in a new PhabricatorAuthPasswordEngine Summary: Ref T13043. This provides a new piece of shared infrastructure that VCS passwords and account passwords can use to validate passwords that users enter. This isn't reachable by anything yet. The test coverage of the "upgrade" flow (where we rehash a password to use a stronger hasher) isn't great in this diff, I'll expand that in the next change and then start migrating things. Test Plan: Added a bunch of unit tests. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13043 Differential Revision: https://secure.phabricator.com/D18896	2018-01-23 10:54:49 -08:00

Author

SHA1

Message

Date

epriestley

5a8a56f414

Prepare the new AuthPassword infrastructure for storing account passwords

Summary:
Ref T13043. In D18898 I moved VCS passwords to the new shared infrastructure.

Before account passwords can move, we need to make two changes:

  - For legacy reasons, VCS passwords and Account passwords have different "digest" algorithms. Both are more complicated than they should be, but we can't easily fix it without breaking existing passwords. Add a `PasswordHashInterface` so that objects which can have passwords hashes can implement custom digest logic for each password type.
  - Account passwords have a dedicated external salt (`PhabricatorUser->passwordSalt`). This is a generally reasonable thing to support (since not all hashers are self-salting) and we need to keep it around so existing passwords still work. Add salt support to `AuthPassword` and make it generate/regenerate when passwords are updated.

Then add a nice story about password digestion.

Test Plan: Ran migrations. Used an existing VCS password; changed VCS password. Tried to use a revoked password. Unit tests still pass. Grepped for callers to legacy `PhabricatorHash::digestPassword()`, found none.

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13043

Differential Revision: https://secure.phabricator.com/D18900

2018-01-23 10:57:40 -08:00

epriestley

bb12f4bab7

Add test coverage to the PasswordEngine upgrade workflow and fix a few bugs

Summary:
Ref T13043. When we verify a password and a better hasher is available, we automatically upgrade the stored hash to the stronger hasher.

Add test coverage for this workflow and fix a few bugs and issues, mostly related to shuffling the old hasher name into the transaction.

This doesn't touch anything user-visible yet.

Test Plan: Ran unit tests.

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13043

Differential Revision: https://secure.phabricator.com/D18897

2018-01-23 10:55:35 -08:00

epriestley

c280c85772

Consolidate password verification/revocation logic in a new PhabricatorAuthPasswordEngine

Summary:
Ref T13043. This provides a new piece of shared infrastructure that VCS passwords and account passwords can use to validate passwords that users enter.

This isn't reachable by anything yet.

The test coverage of the "upgrade" flow (where we rehash a password to use a stronger hasher) isn't great in this diff, I'll expand that in the next change and then start migrating things.

Test Plan: Added a bunch of unit tests.

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13043

Differential Revision: https://secure.phabricator.com/D18896

2018-01-23 10:54:49 -08:00

3 commits