Feeling Lucky
?
[#30866] - [4.0] Fix rehashing passwords
- Fixed in Code Base
- 17 Oct 2020
- Medium
- Build: 4.0-dev
- # 30866
- Diff
- SharkyKZ:j4/fix/password-rehash
User tests: Successful: Unsuccessful:
Summary of Changes
Corrects constants used when rehashing passwords.
Testing Instructions
For this you need to have an account that requires password rehash. Otherwise you have to manually edit either the file included in this PR or the password handler to always return true when check if rehash is needed. E.g. when using argon2i change this line to return true;:
Once done, try to login.
Actual result BEFORE applying this Pull Request
0 The argon2i algorithm is not supported for hashing passwords.
Call stack
# Function Location
1 () JROOT\libraries\src\User\UserHelper.php:414
2 Joomla\CMS\User\UserHelper::hashPassword() JROOT\libraries\src\User\UserHelper.php:476
3 Joomla\CMS\User\UserHelper::verifyPassword() JROOT\plugins\authentication\joomla\joomla.php:79
4 PlgAuthenticationJoomla->onUserAuthenticate() JROOT\libraries\src\Authentication\Authentication.php:177
5 Joomla\CMS\Authentication\Authentication->authenticate() JROOT\libraries\src\Application\CMSApplication.php:759
6 Joomla\CMS\Application\CMSApplication->login() JROOT\libraries\src\Application\SiteApplication.php:750
7 Joomla\CMS\Application\SiteApplication->login() JROOT\components\com_users\src\Controller\UserController.php:122
8 Joomla\Component\Users\Site\Controller\UserController->login() JROOT\libraries\src\MVC\Controller\BaseController.php:729
9 Joomla\CMS\MVC\Controller\BaseController->execute() JROOT\libraries\src\Dispatcher\ComponentDispatcher.php:146
10 Joomla\CMS\Dispatcher\ComponentDispatcher->dispatch() JROOT\libraries\src\Component\ComponentHelper.php:389
11 Joomla\CMS\Component\ComponentHelper::renderComponent() JROOT\libraries\src\Application\SiteApplication.php:206
12 Joomla\CMS\Application\SiteApplication->dispatch() JROOT\libraries\src\Application\SiteApplication.php:245
13 Joomla\CMS\Application\SiteApplication->doExecute() JROOT\libraries\src\Application\CMSApplication.php:231
14 Joomla\CMS\Application\CMSApplication->execute() JROOT\includes\app.php:63
15 require_once() JROOT\index.php:36
Expected result AFTER applying this Pull Request
Login works.
Documentation Changes Required
No.
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | Libraries |
| Labels |
Added:
?
|
||
| Status | Pending | ⇒ | Fixed in Code Base |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2020-10-17 11:07:05 |
| Closed_By | ⇒ | wilsonge |
Thanks!