@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Provide more storage space for password hashes and migrate existing hashes to "md5:"
Summary: Ref T4443. Provide more space; remove the hack-glue.
Test Plan: Logged out, logged in, inspected database.
Reviewers: btrahan
Reviewed By: btrahan
CC: aran
Maniphest Tasks: T4443
Differential Revision: https://secure.phabricator.com/D8269
+11
-12
+4
resources/sql/autopatches/20140218.passwords.1.extend.sql
+4
resources/sql/autopatches/20140218.passwords.1.extend.sql
+5
resources/sql/autopatches/20140218.passwords.2.prefix.sql
+5
resources/sql/autopatches/20140218.passwords.2.prefix.sql
+2
-12
src/applications/people/storage/PhabricatorUser.php
+2
-12
src/applications/people/storage/PhabricatorUser.php
···
173
173
174
174
return PhabricatorPasswordHasher::comparePassword(
175
175
$this->getPasswordHashInput($envelope),
176
-
// TODO: For now, we need to add a prefix.
177
-
new PhutilOpaqueEnvelope('md5:'.$this->getPasswordHash()));
176
+
new PhutilOpaqueEnvelope($this->getPasswordHash()));
178
177
}
179
178
180
179
private function getPasswordHashInput(PhutilOpaqueEnvelope $password) {
···
188
187
}
189
188
190
189
private function hashPassword(PhutilOpaqueEnvelope $password) {
191
-
192
190
$hasher = PhabricatorPasswordHasher::getBestHasher();
193
191
194
192
$input_envelope = $this->getPasswordHashInput($password);
195
-
$output_envelope = $hasher->getPasswordHashForStorage($input_envelope);
196
-
197
-
// TODO: For now, we need to strip the type prefix until we can upgrade
198
-
// the storage.
199
-
200
-
$raw_output = $output_envelope->openEnvelope();
201
-
$raw_output = substr($raw_output, strlen('md5:'));
202
-
203
-
return new PhutilOpaqueEnvelope($raw_output);
193
+
return $hasher->getPasswordHashForStorage($input_envelope);
204
194
}
205
195
206
196
const CSRF_CYCLE_FREQUENCY = 3600;