Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/spec
History
David Taylor 9238767f7e
FEATURE: Persist password hashing algorithm/params in database (#20980) 
Previously, Discourse's password hashing was hard-coded to a specific algorithm and parameters. Any changes to the algorithm or parameters would essentially invalidate all existing user passwords.

This commit introduces a new `password_algorithm` column on the `users` table. This persists the algorithm/parameters which were use to generate the hash for a given user. All existing rows in the users table are assumed to be using Discourse's current algorithm/parameters. With this data stored per-user in the database, we'll be able to keep existing passwords working while adjusting the algorithm/parameters for newly hashed passwords.

Passwords which were hashed with an old algorithm will be automatically re-hashed with the new algorithm when the user next logs in.

Values in the `password_algorithm` column are based on the PHC string format (https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md). Discourse's existing algorithm is described by the string `$pbkdf2-sha256$i=64000,l=32$`

To introduce a new algorithm and start using it, make sure it's implemented in the `PasswordHasher` library, then update `User::TARGET_PASSWORD_ALGORITHM`.
 		2023-04-11 10:16:28 +01:00
..
fabricators DEV: Define form template field inputs (#20430) 2023-03-01 11:07:13 -08:00
fixtures DEV: Allow `DROP NOT NULL` in pre-deploy migrations (#20775) 2023-03-22 14:43:32 +00:00
helpers DEV: Replace #pluck_first freedom patch with AR #pick in core (#19893) 2023-02-13 12:39:45 +08:00
import_export DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
initializers DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
integration DEV: Update the rubocop setup (#20668) 2023-03-14 11:42:11 +01:00
integrity DEV: Colocate wizard component templates (#20309) 2023-02-15 11:29:22 +00:00
jobs FIX: Do not validate email in TL promotion (#20892) 2023-03-30 13:52:10 +10:00
lib FEATURE: Persist password hashing algorithm/params in database (#20980) 2023-04-11 10:16:28 +01:00
mailers DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
models FEATURE: Persist password hashing algorithm/params in database (#20980) 2023-04-11 10:16:28 +01:00
multisite DEV: Add plugin hook for transforming site setting defaults (#20941) 2023-04-05 12:28:16 +01:00
requests DEV: Support `in:<notification level>` filter on `/filter` route (#21038) 2023-04-11 08:48:07 +08:00
script/import_scripts DEV: Correct syntax_tree violations 2023-02-02 13:03:11 +00:00
serializers FEATURE: public custom sidebar sections visible to anonymous (#20931) 2023-04-06 08:55:47 +10:00
services DEV: Fix random typos (#20937) 2023-04-03 19:27:32 +02:00
support DEV: Introduces a wait_for_animation system spec helper (#20573) 2023-03-08 16:49:20 +01:00
system FEATURE: public custom sidebar sections visible to anonymous (#20931) 2023-04-06 08:55:47 +10:00
tasks DEV: Capture output in hashtags spec (#20773) 2023-03-23 11:47:14 +10:00
views FEATURE: add category name in articleSection meta tag for schema. (#21004) 2023-04-06 23:30:19 +05:30
rails_helper.rb DEV: Change Bookmarkable registration to DiscoursePluginRegistry (#20556) 2023-03-08 10:39:12 +10:00
regenerate_swagger_docs DEV: Add API docs for uploads and API doc watcher (#15387) 2021-12-23 08:40:15 +10:00
swagger_helper.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00