Page MenuHomePhabricator
Differential D10325

Allow users to recover from a missing password hasher
ClosedPublic
Actions

Authored by epriestley on Aug 21 2014, 4:50 PM.
Tags
None
Referenced Files
F14052982: D10325.diff
Fri, Nov 15, 11:52 AM
F14040762: D10325.diff
Mon, Nov 11, 1:10 PM
F14022741: D10325.diff
Wed, Nov 6, 7:07 PM
F14005283: D10325.id24864.diff
Sun, Oct 27, 10:41 AM
Unknown Object (File)
Oct 8 2024, 10:55 PM
Unknown Object (File)
Oct 8 2024, 6:32 AM
Unknown Object (File)
Oct 1 2024, 9:56 PM
Unknown Object (File)
Sep 30 2024, 3:30 AM
View All Files
Subscribers
epriestley

Details

Reviewers
btrahan
Maniphest Tasks
T5934: Unable to reset password if hashing method is not available.
Commits
Restricted Diffusion Commit
rPd122d9ec86a8: Allow users to recover from a missing password hasher
Summary

Fixes T5934. If you hash a password with, e.g., bcrypt, and then lose the bcrypt hasher for some reason, we currently fatal when trying to figure out if we can upgrade.

Instead, detect that the current hasher implementation has vanished and let the user reset their password (for account passwords) or choose a new one (for VCS passwords)>

Test Plan

Account password:

  • Artifically disabled bcrypt hasher.
  • Viewed password panel, saw warnings about missing hasher.
  • Used password reset workflow to change password, saw iterated MD5 hashed password get set.
  • Enabled bcrypt hasher again.
  • Saw upgrade warning.
  • Upgraded password to bcrypt.

VCS password:

  • Artificially disabled bcrypt hasher.
  • Viewed password panel, saw warnings about missing hasher.
  • Reset password.
  • Saw iterated md5 password.
  • Reenabled bcrypt.
  • Upgraded to bcrypt.

Diff Detail

Repository
rP Phabricator
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

epriestley updated this revision to Diff 24855.Aug 21 2014, 4:50 PM
epriestley retitled this revision from to Allow users to recover from a missing password hasher.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: btrahan.
epriestley added a task: T5934: Unable to reset password if hashing method is not available..
Herald added a subscriber: epriestley. · View Herald TranscriptAug 21 2014, 4:50 PM
Harbormaster completed remote builds in B2315: Diff 24855.Aug 21 2014, 4:51 PM
btrahan accepted this revision.Aug 21 2014, 6:25 PM
btrahan edited edge metadata.
This revision is now accepted and ready to land.Aug 21 2014, 6:25 PM
epriestley closed this revision.Aug 21 2014, 6:30 PM
epriestley updated this revision to Diff 24864.

Closed by commit rPd122d9ec86a8 (authored by @epriestley).

Revision Contents
Changeset List

PathSize
src/
applications/
diffusion/
panel/
36 lines
settings/
panel/
23 lines
infrastructure/
util/
password/
4 lines

Diff 24864

View Options

src/applications/diffusion/panel/DiffusionSetPasswordPanel.php

Loading...
View Options

src/applications/settings/panel/PhabricatorSettingsPanelPassword.php

Loading...
View Options

src/infrastructure/util/password/PhabricatorPasswordHasher.php

Loading...
Phabricator · Built by Phacility