Users: password changes via the web UI now use Argon2

[?]
Apr 15, 2021, 2:56 PM
QA7SEIVP756UUYM5SEXOLEONOG5M2XS3QSL4A4BP2LXHA3EG2AUQC

Dependencies

  • [2] 56Q5PJPG Users: transparently upgrade passwords to Argon2
  • [3] S66BOMVU * Added authentication.
  • [4] IFY7BYPS User.pm: Handle params from JSON properly
  • [5] MQMF2LBW Re-enable adding new users via the web interface
  • [6] ASPD4MDN Passwords: check in constant time
  • [7] XJRJ4J7M Add user registration
  • [8] LSZLZHJY Allow users to edit their own settings
  • [9] RX5IIZMT Use Email::MIME instead of Email::Simple
  • [10] 4AKMU4ZB Clean up user editing
  • [11] SYLVCTT6 Start api cleanup with the User model

Change contents

  • edit in src/lib/Hydra/Controller/User.pm at line 229
    [3.694][3.694:804]()
    }
    sub setPassword {
    my ($user, $password) = @_;
    $user->update({ password => sha1_hex($password) });
  • replacement in src/lib/Hydra/Controller/User.pm at line 291
    [3.986][3.986:1025]()
    setPassword($user, $password);
    [3.986]
    [3.1025]
    $user->setPassword($password);
  • replacement in src/lib/Hydra/Controller/User.pm at line 391
    [3.1765][3.1765:1800]()
    setPassword($user, $password);
    [3.1765]
    [3.50]
    $user->setPassword($password);
  • edit in src/lib/Hydra/Schema/Users.pm at line 216
    [3.2033][3.2033:2034](),[3.2034][3.700:753]()
    sub check_password {
    my ($self, $password) = @_;
  • edit in src/lib/Hydra/Schema/Users.pm at line 217
    [3.754]
    [2.1928]
    sub _authenticator() {
  • edit in src/lib/Hydra/Schema/Users.pm at line 228
    [2.2219]
    [2.2219]
    return $authenticator;
    }
    sub check_password {
    my ($self, $password) = @_;
  • edit in src/lib/Hydra/Schema/Users.pm at line 235
    [2.2220]
    [2.2220]
    my $authenticator = _authenticator();
  • replacement in src/lib/Hydra/Schema/Users.pm at line 238
    [2.2352][2.2352:2468]()
    $self->update({
    "password" => $authenticator->hash_password($password),
    });
    [2.2352]
    [2.2468]
    $self->setPassword($password);
  • edit in src/lib/Hydra/Schema/Users.pm at line 247
    [3.845]
    [3.4016]
    sub setPassword {
    my ($self, $password) = @_;;
    $self->update({
    "password" => _authenticator()->hash_password($password),
    });
    }