Importing hashed passwords on Drupal 10.1 is broken

Open on Drupal.org →

Created on 15 April 2023, over 1 year ago

Updated 30 May 2023, over 1 year ago

Problem/Motivation

Drupal 10.1 changed the password hashing - which breaks importing hashed passwords with Feeds.

See https://www.drupal.org/node/3322420 →

To keep supporting the import of MD5 or sha512 hashed passwords, the new core module Password Compatibility needs to be enabled.

Steps to reproduce

Install Drupal 10.1
Try to import a user with either a MD5 or sha512 hashed password
Try to login as the imported user.

Login will fail.

Proposed resolution

When on Drupal 10.1, require the Password Compatibility module (phpass) for the options "md5" and "sha512". When the module is not enabled, disable these options in the UI and add a message that the Password Compatibility module is required in order to import hashed passwords.

When on < Drupal 10.1, leave everything working as now. No UI changes in this case.

Remaining tasks

Review the proposed solution
Test the mapping UI with both Drupal 10.1 and before Drupal 10.1.

Testing

Test the following scenario's:

Drupal 10.1

Do a clean install of Drupal 10.1.
Enable Feeds.
Create a feed type, select the user processor and save.
Add a mapping target to "Password" and save mappings.
Click on target configuration for this target. Options "MD5" and "SHA512" should be greyed out. Do you understand why?
Resolve the issue to make the options "MD5" and "SHA512" active.
Go back to the mapping screen, configure the target "Password" and confirm that options "MD5" and "SHA512" are now available.

Drupal 10.0 (or Drupal 9.5)

For this test you may either use a clean install or an existing install.
Enable Feeds.
Create a feed type, select the user processor and save.
Add a mapping target to "Password".
Click on target configuration for this target. Confirm all options are available.
Select either "MD5" or "SHA512".
Save mappings.
Upgrade to Drupal 10.1 and run database updates.
Uninstall the module "Password Compatibility".
Go back to mapping screen. A message should appear that there's an issue with the Password target.

User interface changes

When on Drupal 10.1 and when using the FeedsTarget plugin "password", a warning message gets displayed when the Password Compatibility module is not enabled on the mapping page.

In the summary column:

On the target configuration:

API changes

None.

Data model changes

None.

📌 Task

Status

Fixed

Version

3.0

Component

Code

Created by

🇳🇱Netherlands megachriz

Live updates comments and jobs are added and updated live.

Drupal 10 compatibility

Drupal 10.1 compatibility

Sign in to follow issues

Comments & Activities

Issue created by @megachriz
@megachriz opened merge request.
Status changed to Needs review over 1 year ago9:05am 15 April 2023
Comment over 1 year ago →
🇳🇱Netherlands megachriz
Comment over 1 year ago →
🇳🇱Netherlands megachriz
I added instructions for testing.
Open in Jenkins → Open on Drupal.org →
Core: 9.5.5 + Environment: PHP 7.4 & MySQL 5.7
last update over 1 year ago
701 pass
Open in Jenkins → Open on Drupal.org →
Core: 10.1.x + Environment: PHP 8.1 & MySQL 8
last update over 1 year ago
701 pass
Open in Jenkins → Open on Drupal.org →
Core: 9.5.5 + Environment: PHP 7.4 & MySQL 5.7
last update over 1 year ago
701 pass
Comment over 1 year ago →
System Message

MegaChriz → committed d1361ebb on 8.x-3.x
Issue #3354383 by MegaChriz: Fixed importing hashed passwords on Drupal...
Status changed to Fixed over 1 year ago9:27am 30 May 2023
Comment over 1 year ago →
🇳🇱Netherlands megachriz
Merged the code!
Comment over 1 year ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024