mirror of
https://github.com/discourse/discourse.git
synced 2024-11-23 23:06:57 +08:00
9238767f7e
Previously, Discourse's password hashing was hard-coded to a specific algorithm and parameters. Any changes to the algorithm or parameters would essentially invalidate all existing user passwords. This commit introduces a new `password_algorithm` column on the `users` table. This persists the algorithm/parameters which were use to generate the hash for a given user. All existing rows in the users table are assumed to be using Discourse's current algorithm/parameters. With this data stored per-user in the database, we'll be able to keep existing passwords working while adjusting the algorithm/parameters for newly hashed passwords. Passwords which were hashed with an old algorithm will be automatically re-hashed with the new algorithm when the user next logs in. Values in the `password_algorithm` column are based on the PHC string format (https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md). Discourse's existing algorithm is described by the string `$pbkdf2-sha256$i=64000,l=32$` To introduce a new algorithm and start using it, make sure it's implemented in the `PasswordHasher` library, then update `User::TARGET_PASSWORD_ALGORITHM`. |
||
---|---|---|
.. | ||
reports | ||
anon_cache_invalidator.rb | ||
cached_counting.rb | ||
category_hashtag.rb | ||
has_custom_fields.rb | ||
has_destroyed_web_hook.rb | ||
has_sanitizable_fields.rb | ||
has_search_data.rb | ||
has_url.rb | ||
limited_edit.rb | ||
positionable.rb | ||
roleable.rb | ||
searchable.rb | ||
second_factor_manager.rb | ||
stats_cacheable.rb | ||
topic_tracking_state_publishable.rb | ||
trashable.rb |