Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MCR-3137 Modernize password hashing and hash verification #1028

Merged
merged 8 commits into from
Aug 13, 2024
Merged

MCR-3137 Modernize password hashing and hash verification #1028

merged 8 commits into from
Aug 13, 2024

Conversation

toKrause
Copy link
Contributor

@toKrause toKrause commented Jul 4, 2024
edited
Loading

@toKrause toKrause requested a review from yagee-de July 4, 2024 12:15
@toKrause toKrause force-pushed the issues/MCR-3137_Modernize-password-hashing-and-hash-verification branch 2 times, most recently from c9e58df to b6d20ef Compare July 16, 2024 13:16
@erodde
Copy link
Contributor

erodde commented Jul 18, 2024
edited
Loading

Tested new hashing with following test setup:

  1. Setup new MIR with codebase main in mycore and mir
  2. Created new testuser with old hashing mechanism
  3. Created publication with testuser
  4. Switched mir and mycore to branches with name issues/MCR-3137_Modernize-password-hashing-and-hash-verification and rebuilt
  5. Using H2 database in local setup, dropped corresponding constraint
  6. Restarted MIR and tried to login with user
  7. Login was successful. Publication could still be edited by user
  8. Logged in with administrator - Login was successful
  9. Checked hashtype in database, hashtype now has value "argon2"

Codebase in MIR at the time of testing step 4 was a merge of branches "issues/MCR-3137_Modernize-password-hashing-and-hash-verification and rebuilt" and "issues/MIR-1320-mir_support_for_solr_authentication_and_solr_cloud". MIR combined with mycore main is not runnable right now without the code from the latter. Test was successful. I deem this save to merge.

@toKrause toKrause mentioned this pull request Jul 30, 2024
Merged
@toKrause toKrause force-pushed the issues/MCR-3137_Modernize-password-hashing-and-hash-verification branch from 7164de3 to dff345c Compare August 9, 2024 11:00
@toKrause toKrause force-pushed the issues/MCR-3137_Modernize-password-hashing-and-hash-verification branch from dff345c to 4d97b73 Compare August 12, 2024 21:05
@sebhofmann sebhofmann merged commit 684786e into main Aug 13, 2024
2 checks passed
@sebhofmann sebhofmann deleted the issues/MCR-3137_Modernize-password-hashing-and-hash-verification branch August 13, 2024 13:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@erodde erodde erodde requested changes

@kkrebs kkrebs kkrebs approved these changes

@yagee-de yagee-de Awaiting requested review from yagee-de

Assignees
No one assigned
Labels
important
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@toKrause @erodde @kkrebs @sebhofmann