Index: resources/sql/autopatches/20140218.passwords.1.extend.sql =================================================================== --- /dev/null +++ resources/sql/autopatches/20140218.passwords.1.extend.sql @@ -0,0 +1,4 @@ +/* Extend from 32 characters to 128. */ + +ALTER TABLE {$NAMESPACE}_user.user + CHANGE passwordHash passwordHash VARCHAR(128) COLLATE utf8_bin; Index: resources/sql/autopatches/20140218.passwords.2.prefix.sql =================================================================== --- /dev/null +++ resources/sql/autopatches/20140218.passwords.2.prefix.sql @@ -0,0 +1,5 @@ +/* Mark all existing password hashes as "Iterated MD5". */ + +UPDATE {$NAMESPACE}_user.user + SET passwordHash = CONCAT('md5:', passwordHash) + WHERE LENGTH(passwordHash) > 0; Index: src/applications/people/storage/PhabricatorUser.php =================================================================== --- src/applications/people/storage/PhabricatorUser.php +++ src/applications/people/storage/PhabricatorUser.php @@ -173,8 +173,7 @@ return PhabricatorPasswordHasher::comparePassword( $this->getPasswordHashInput($envelope), - // TODO: For now, we need to add a prefix. - new PhutilOpaqueEnvelope('md5:'.$this->getPasswordHash())); + new PhutilOpaqueEnvelope($this->getPasswordHash())); } private function getPasswordHashInput(PhutilOpaqueEnvelope $password) { @@ -188,19 +187,10 @@ } private function hashPassword(PhutilOpaqueEnvelope $password) { - $hasher = PhabricatorPasswordHasher::getBestHasher(); $input_envelope = $this->getPasswordHashInput($password); - $output_envelope = $hasher->getPasswordHashForStorage($input_envelope); - - // TODO: For now, we need to strip the type prefix until we can upgrade - // the storage. - - $raw_output = $output_envelope->openEnvelope(); - $raw_output = substr($raw_output, strlen('md5:')); - - return new PhutilOpaqueEnvelope($raw_output); + return $hasher->getPasswordHashForStorage($input_envelope); } const CSRF_CYCLE_FREQUENCY = 3600;