needsRehash always checks against PASSWORD_DEFAULT

Created on 17 January 2023, almost 3 years ago

Updated 23 May 2023, over 2 years ago

Problem/Motivation

When checking if the password needs to be rehashed, PASSWORD_DEFAULT is provided as a parameter instead of the configured algorithm. If an alternate algorithm is configured, the password will always be rehashed even though not necessary.

Steps to reproduce

override the password.php service's arguments to provide a different algorithm (e.g. PASSWORD_ARGON2I

Proposed resolution

Update the value sent to password_rehash()

Remaining tasks

User interface changes

API changes

Data model changes

🐛 Bug report

Status

Fixed

Version

1.0

Component

Code

Created by

🇨🇦Canada gapple

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Status changed to Needs review almost 3 years ago8:30pm 17 January 2023
Comment over 2 years ago →
System Message

neclimdul → committed 725c7e56 on 8.x-1.x authored by gapple →
Issue #3334308: needsRehash always checks against PASSWORD_DEFAULT
Status changed to Fixed over 2 years ago3:53pm 23 May 2023
Comment over 2 years ago →
🇺🇸United States neclimdul Houston, TX
Thanks!
Comment over 2 years ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024