Joomla! Issue Tracker | Joomla! CMS #18364 - [4.0] Password Handler API

? ? ?

Fixed in Code Base
12 Nov 2017
Medium
Build: 4.0-dev
# 18364
Diff
mbabker:password-handler

Pending

User tests: Successful: Unsuccessful:

mbabker
19 Oct 2017

Pull Request for Issue #12333

Summary of Changes

Our core API has a hardcoded set of password hashes that it supports making adding and removing support for hashing algorithms somewhat difficult. To improve this situation, we can make use of a new API in the Framework's Authentication package which provides an API for hashing and validating passwords and the use of the service container to allow handlers to be defined.

Testing Instructions

With the patch applied, authentication should still work as before with all supported password hashes. As well, rehashing older password hashes continues to work as before.

Documentation Changes Required

Document the new services in the container and the new PHP API, as well as how plugins can interface with this new functionality.

d715731 18 Oct 2017

Support specifying the password hashing algorithm to use

7c50221 18 Oct 2017

If verifyPassword determines a password needs rehashing with Argon2i, allow a Argon2i hash to be generated

35ecee3 18 Oct 2017

Update wrapper with new signature

6fca744 18 Oct 2017

Add Authentication package

d925550 18 Oct 2017

Service provider for authentication password handlers

b7c46ba 18 Oct 2017

Add handlers for legacy hashes

a48abe9 18 Oct 2017

Use the handlers to hash passwords

3cd841c 18 Oct 2017

Use the handlers to verify passwords

3075e5b 19 Oct 2017

Introduce an interface defining a handler which can check whether the password needs to be rehashed

joomla-cms-bot - change - 19 Oct 2017

Category

⇒

External Library Composer Change Installation Libraries Unit Tests

mbabker - open - 19 Oct 2017

mbabker - change - 19 Oct 2017

Status

New

⇒

Pending

mbabker - comment - 19 Oct 2017

Note this PR also cherry picks the merged #18254 into the 4.0 branch as this is built from the API changes added there.

0b371c1 5 Nov 2017

Merge branch '4.0-dev' of github.com:joomla/joomla-cms into password-handler

mbabker - change - 5 Nov 2017

Labels

Added: ? ? ?

6ef5aad 12 Nov 2017

Merge branch '4.0-dev' of github.com:joomla/joomla-cms into password-handler

wilsonge - change - 12 Nov 2017

Status	Pending	⇒	Fixed in Code Base
Closed_Date	0000-00-00 00:00:00	⇒	2017-11-12 17:20:50
Closed_By		⇒	wilsonge

wilsonge - close - 12 Nov 2017

wilsonge - merge - 12 Nov 2017

wilsonge - comment - 16 Nov 2017

@mbabker Please fix the fact you cannot log in

Add a Comment

Login with GitHub to post a comment

Older
Newer