mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-25 08:12:40 +01:00
21e415299f
Summary: Depends on D18907. Ref T13043. Ref T12509. We have some weird old password digest behavior that isn't terribly concerning, but also isn't great. Specifically, old passwords were digested in weird ways before being hashed. Notably, account passwords were digested with usernames, so your password stops working if your username is chagned. Not the end of the world, but silly. Mark all existing hashes as "v1", and automatically upgrade then when they're used or changed. Some day, far in the future, we could stop supporting these legacy digests and delete the code and passwords and just issue upgrade advice ("Passwords which haven't been used in more than two years no longer work."). But at least get things on a path toward sane, modern behavior. Test Plan: Ran migration. Spot-checked that everthing in the database got marked as "v1". Used an existing password to login successfully. Verified that it was upgraded to a `null` (modern) digest. Logged in with it again. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13043, T12509 Differential Revision: https://secure.phabricator.com/D18908
4 lines
148 B
SQL
4 lines
148 B
SQL
UPDATE {$NAMESPACE}_auth.auth_password
|
|
SET legacyDigestFormat = 'v1'
|
|
WHERE passwordType IN ('vcs', 'account')
|
|
AND legacyDigestFormat IS NULL;
|