discourse/db/post_migrate
David Taylor 9238767f7e
FEATURE: Persist password hashing algorithm/params in database (#20980)
Previously, Discourse's password hashing was hard-coded to a specific algorithm and parameters. Any changes to the algorithm or parameters would essentially invalidate all existing user passwords.

This commit introduces a new `password_algorithm` column on the `users` table. This persists the algorithm/parameters which were use to generate the hash for a given user. All existing rows in the users table are assumed to be using Discourse's current algorithm/parameters. With this data stored per-user in the database, we'll be able to keep existing passwords working while adjusting the algorithm/parameters for newly hashed passwords.

Passwords which were hashed with an old algorithm will be automatically re-hashed with the new algorithm when the user next logs in.

Values in the `password_algorithm` column are based on the PHC string format (https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md). Discourse's existing algorithm is described by the string `$pbkdf2-sha256$i=64000,l=32$`

To introduce a new algorithm and start using it, make sure it's implemented in the `PasswordHasher` library, then update `User::TARGET_PASSWORD_ALGORITHM`.
2023-04-11 10:16:28 +01:00
..
20220202223955_migrate_selectable_avatars_enabled.rb
20220214224506_reset_custom_emoji_post_bakes_version_secure_fix.rb DEV: Apply syntax_tree formatting to `db/*` 2023-01-09 11:59:41 +00:00
20220215015538_drop_user_stat_count_constraints.rb
20220220234155_conform_bounce_error_code.rb
20220302171443_rebake_old_avatar_service_urls.rb DEV: Apply syntax_tree formatting to `db/*` 2023-01-09 11:59:41 +00:00
20220309132720_copy_post_uploads_to_upload_references_for_sync.rb FEATURE: Create upload_references table (#16146) 2022-06-09 09:24:30 +10:00
20220325064954_make_some_bookmark_columns_nullable.rb DEV: Apply syntax_tree formatting to `db/*` 2023-01-09 11:59:41 +00:00
20220401140745_drop_category_required_tag_group_columns.rb DEV: Apply syntax_tree formatting to `db/*` 2023-01-09 11:59:41 +00:00
20220429164301_delete_hotlinked_image_custom_fields.rb DEV: Drop old hotlinked image data from post_custom_fields (#16594) 2022-05-12 15:34:35 +01:00
20220512011531_backfill_polymorphic_bookmarks.rb FEATURE: Promote polymorphic bookmarks to default and migrate (#16729) 2022-05-23 10:07:15 +10:00
20220617151846_rename_default_categories_regular_setting.rb UX: Change wording for 'regular' categories to 'normal' (#17134) 2022-06-20 06:49:33 +03:00
20220621164914_drop_flair_url_from_groups.rb DEV: Apply syntax_tree formatting to `db/*` 2023-01-09 11:59:41 +00:00
20220825005115_backfill_outbound_message_id.rb FEATURE: Overhaul email threading (#17996) 2022-09-26 09:14:24 +10:00
20221026035440_security_log_out_invite_redemption_invited_users.rb DEV: Apply syntax_tree formatting to `db/*` 2023-01-09 11:59:41 +00:00
20221108032233_drop_old_bookmark_columns_v2.rb DEV: Apply syntax_tree formatting to `db/*` 2023-01-09 11:59:41 +00:00
20221212234948_drop_topic_allowed_users_backup_nov_2022.rb DEV: Delete tmp table from migration for invites (#19431) 2022-12-13 10:17:25 +10:00
20230104054426_delete_old_rate_limit_search_anon.rb FEATURE: rate limit anon searches per second (#19708) 2023-01-27 10:05:27 -08:00
20230105153520_trigger_post_rebake_local_onebox_xss.rb SECURITY: Prevent XSS in local oneboxes (#20008) 2023-01-25 19:17:21 +02:00
20230113002617_reindex_invalid_indexes.rb FIX: Add migration to reindex invalid indexes (#19858) 2023-01-13 11:04:26 +08:00
20230117143451_drop_invalid_drafts.rb SECURITY: Limit the length of drafts (#19989) 2023-01-25 13:50:21 +02:00
20230119024157_remove_topic_count_from_tags.rb SECURITY: Default tags to show count of topics in unrestricted categories (#19916) 2023-01-20 09:50:24 +08:00
20230119091939_drop_orphaned_reviewable_flagged_posts.rb FIX: Delete reviewables associated to posts automatically 2023-01-25 09:45:36 +01:00
20230224225129_backfill_svg_sprites.rb DEV: Store theme sprites in the DB (#20501) 2023-03-14 13:11:45 -05:00
20230228105851_drop_badge_granted_title_column.rb DEV: Remove `badge_granted_title` column from `user_profiles` (#20476) 2023-03-08 13:37:20 +01:00
20230405121454_update_password_algorithm_post_deploy.rb FEATURE: Persist password hashing algorithm/params in database (#20980) 2023-04-11 10:16:28 +01:00