1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-22 14:52:41 +01:00
phorge-phorge/resources
epriestley 21e415299f Mark all existing password hashes as "legacy" and start upgrading digest formats
Summary:
Depends on D18907. Ref T13043. Ref T12509. We have some weird old password digest behavior that isn't terribly concerning, but also isn't great.

Specifically, old passwords were digested in weird ways before being hashed. Notably, account passwords were digested with usernames, so your password stops working if your username is chagned. Not the end of the world, but silly.

Mark all existing hashes as "v1", and automatically upgrade then when they're used or changed. Some day, far in the future, we could stop supporting these legacy digests and delete the code and passwords and just issue upgrade advice ("Passwords which haven't been used in more than two years no longer work."). But at least get things on a path toward sane, modern behavior.

Test Plan: Ran migration. Spot-checked that everthing in the database got marked as "v1". Used an existing password to login successfully. Verified that it was upgraded to a `null` (modern) digest. Logged in with it again.

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13043, T12509

Differential Revision: https://secure.phabricator.com/D18908
2018-01-23 14:01:09 -08:00
..
builtin Add more repo images 2017-08-08 17:51:15 -07:00
celerity Respect token limits for "Assign to" and custom datasource fields in Herald 2018-01-22 11:54:12 -08:00
cows Use PHP implementation of Cowsay for cowsay rule 2015-09-13 12:27:30 -07:00
emoji Add some sort of sort to Emoji Autocomplete 2017-01-24 20:21:06 -08:00
figlet/custom Include "Figlet" and PEAR "Text_Figlet" in externals 2015-09-13 12:30:48 -07:00
font Made Meme Generator 2013-01-19 18:43:43 -08:00
sprite Uh, update Phabricator login image 2017-08-11 13:37:26 -07:00
sql Mark all existing password hashes as "legacy" and start upgrading digest formats 2018-01-23 14:01:09 -08:00
sshd Drop interactive login from sshd example 2017-06-27 12:51:46 -07:00