Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F15519944
D8269.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
2 KB
Referenced Files
None
Subscribers
None
D8269.diff
View Options
Index: resources/sql/autopatches/20140218.passwords.1.extend.sql
===================================================================
--- /dev/null
+++ resources/sql/autopatches/20140218.passwords.1.extend.sql
@@ -0,0 +1,4 @@
+/* Extend from 32 characters to 128. */
+
+ALTER TABLE {$NAMESPACE}_user.user
+ CHANGE passwordHash passwordHash VARCHAR(128) COLLATE utf8_bin;
Index: resources/sql/autopatches/20140218.passwords.2.prefix.sql
===================================================================
--- /dev/null
+++ resources/sql/autopatches/20140218.passwords.2.prefix.sql
@@ -0,0 +1,5 @@
+/* Mark all existing password hashes as "Iterated MD5". */
+
+UPDATE {$NAMESPACE}_user.user
+ SET passwordHash = CONCAT('md5:', passwordHash)
+ WHERE LENGTH(passwordHash) > 0;
Index: src/applications/people/storage/PhabricatorUser.php
===================================================================
--- src/applications/people/storage/PhabricatorUser.php
+++ src/applications/people/storage/PhabricatorUser.php
@@ -173,8 +173,7 @@
return PhabricatorPasswordHasher::comparePassword(
$this->getPasswordHashInput($envelope),
- // TODO: For now, we need to add a prefix.
- new PhutilOpaqueEnvelope('md5:'.$this->getPasswordHash()));
+ new PhutilOpaqueEnvelope($this->getPasswordHash()));
}
private function getPasswordHashInput(PhutilOpaqueEnvelope $password) {
@@ -188,19 +187,10 @@
}
private function hashPassword(PhutilOpaqueEnvelope $password) {
-
$hasher = PhabricatorPasswordHasher::getBestHasher();
$input_envelope = $this->getPasswordHashInput($password);
- $output_envelope = $hasher->getPasswordHashForStorage($input_envelope);
-
- // TODO: For now, we need to strip the type prefix until we can upgrade
- // the storage.
-
- $raw_output = $output_envelope->openEnvelope();
- $raw_output = substr($raw_output, strlen('md5:'));
-
- return new PhutilOpaqueEnvelope($raw_output);
+ return $hasher->getPasswordHashForStorage($input_envelope);
}
const CSRF_CYCLE_FREQUENCY = 3600;
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Mon, Apr 21, 1:21 AM (4 d, 6 h ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
7469086
Default Alt Text
D8269.diff (2 KB)
Attached To
Mode
D8269: Provide more storage space for password hashes and migrate existing hashes to "md5:"
Attached
Detach File
Event Timeline
Log In to Comment