mirror of
https://github.com/discourse/discourse.git
synced 2024-12-01 11:15:03 +08:00
9238767f7e
Previously, Discourse's password hashing was hard-coded to a specific algorithm and parameters. Any changes to the algorithm or parameters would essentially invalidate all existing user passwords. This commit introduces a new `password_algorithm` column on the `users` table. This persists the algorithm/parameters which were use to generate the hash for a given user. All existing rows in the users table are assumed to be using Discourse's current algorithm/parameters. With this data stored per-user in the database, we'll be able to keep existing passwords working while adjusting the algorithm/parameters for newly hashed passwords. Passwords which were hashed with an old algorithm will be automatically re-hashed with the new algorithm when the user next logs in. Values in the `password_algorithm` column are based on the PHC string format (https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md). Discourse's existing algorithm is described by the string `$pbkdf2-sha256$i=64000,l=32$` To introduce a new algorithm and start using it, make sure it's implemented in the `PasswordHasher` library, then update `User::TARGET_PASSWORD_ALGORITHM`. |
||
---|---|---|
.. | ||
20220202223955_migrate_selectable_avatars_enabled.rb | ||
20220214224506_reset_custom_emoji_post_bakes_version_secure_fix.rb | ||
20220215015538_drop_user_stat_count_constraints.rb | ||
20220220234155_conform_bounce_error_code.rb | ||
20220302171443_rebake_old_avatar_service_urls.rb | ||
20220309132720_copy_post_uploads_to_upload_references_for_sync.rb | ||
20220325064954_make_some_bookmark_columns_nullable.rb | ||
20220401140745_drop_category_required_tag_group_columns.rb | ||
20220429164301_delete_hotlinked_image_custom_fields.rb | ||
20220512011531_backfill_polymorphic_bookmarks.rb | ||
20220617151846_rename_default_categories_regular_setting.rb | ||
20220621164914_drop_flair_url_from_groups.rb | ||
20220825005115_backfill_outbound_message_id.rb | ||
20221026035440_security_log_out_invite_redemption_invited_users.rb | ||
20221108032233_drop_old_bookmark_columns_v2.rb | ||
20221212234948_drop_topic_allowed_users_backup_nov_2022.rb | ||
20230104054426_delete_old_rate_limit_search_anon.rb | ||
20230105153520_trigger_post_rebake_local_onebox_xss.rb | ||
20230113002617_reindex_invalid_indexes.rb | ||
20230117143451_drop_invalid_drafts.rb | ||
20230119024157_remove_topic_count_from_tags.rb | ||
20230119091939_drop_orphaned_reviewable_flagged_posts.rb | ||
20230224225129_backfill_svg_sprites.rb | ||
20230228105851_drop_badge_granted_title_column.rb | ||
20230405121454_update_password_algorithm_post_deploy.rb |