discourse/app/models/concerns
David Taylor 9238767f7e
FEATURE: Persist password hashing algorithm/params in database (#20980)
Previously, Discourse's password hashing was hard-coded to a specific algorithm and parameters. Any changes to the algorithm or parameters would essentially invalidate all existing user passwords.

This commit introduces a new `password_algorithm` column on the `users` table. This persists the algorithm/parameters which were use to generate the hash for a given user. All existing rows in the users table are assumed to be using Discourse's current algorithm/parameters. With this data stored per-user in the database, we'll be able to keep existing passwords working while adjusting the algorithm/parameters for newly hashed passwords.

Passwords which were hashed with an old algorithm will be automatically re-hashed with the new algorithm when the user next logs in.

Values in the `password_algorithm` column are based on the PHC string format (https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md). Discourse's existing algorithm is described by the string `$pbkdf2-sha256$i=64000,l=32$`

To introduce a new algorithm and start using it, make sure it's implemented in the `PasswordHasher` library, then update `User::TARGET_PASSWORD_ALGORITHM`.
2023-04-11 10:16:28 +01:00
..
reports DEV: Prefer \A and \z over ^ and $ in regexes (#19936) 2023-01-20 12:52:49 -06:00
anon_cache_invalidator.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
cached_counting.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
category_hashtag.rb FIX: Category hashtags weren't always found for sub-sub-categories (#20156) 2023-02-03 12:17:52 +01:00
has_custom_fields.rb DEV: Prefer \A and \z over ^ and $ in regexes (#19936) 2023-01-20 12:52:49 -06:00
has_destroyed_web_hook.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
has_sanitizable_fields.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
has_search_data.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
has_url.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
limited_edit.rb REFACTOR: Edit title respects min trust to edit post 2020-02-05 10:36:24 -07:00
positionable.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
roleable.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
searchable.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
second_factor_manager.rb FEATURE: Persist password hashing algorithm/params in database (#20980) 2023-04-11 10:16:28 +01:00
stats_cacheable.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
topic_tracking_state_publishable.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
trashable.rb DEV: Added .only_deleted scope in the Trashable module (#20196) 2023-02-07 15:28:59 -03:00