Merge pull request #4782 from Alkarex/fix-update-password

Fix update password rehash
This commit is contained in:
Hypolite Petovan 2018-04-17 07:25:52 -04:00 committed by GitHub
commit 6d2d15a80d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -127,13 +127,23 @@ class User
{ {
$user = self::getAuthenticationInfo($user_info); $user = self::getAuthenticationInfo($user_info);
if ($user['legacy_password']) { if (strpos($user['password'], '$') === false) {
//Legacy hash that has not been replaced by a new hash yet
if (self::hashPasswordLegacy($password) === $user['password']) {
self::updatePassword($user['uid'], $password);
return $user['uid'];
}
} elseif (!empty($user['legacy_password'])) {
//Legacy hash that has been double-hashed and not replaced by a new hash yet
//Warning: `legacy_password` is not necessary in sync with the content of `password`
if (password_verify(self::hashPasswordLegacy($password), $user['password'])) { if (password_verify(self::hashPasswordLegacy($password), $user['password'])) {
self::updatePassword($user['uid'], $password); self::updatePassword($user['uid'], $password);
return $user['uid']; return $user['uid'];
} }
} elseif (password_verify($password, $user['password'])) { } elseif (password_verify($password, $user['password'])) {
//New password hash
if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) { if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) {
self::updatePassword($user['uid'], $password); self::updatePassword($user['uid'], $password);
} }