Restored ability to automatically migrate hashing algorithm (#8672)

2025-07-15 18:55:14 +08:00 · 2023-04-21 08:52:29 +02:00 · 2023-04-21 08:52:29 +02:00 · 882fb8eca5
commit 882fb8eca5
parent ff70011b69
3 changed files with 15 additions and 1 deletions
--- a/src/Orchard.Web/Modules/Orchard.Users/Services/MembershipService.cs
+++ b/src/Orchard.Web/Modules/Orchard.Users/Services/MembershipService.cs
@ -150,7 +150,8 @@ namespace Orchard.Users.Services {
                Password = user.Password,
                HashAlgorithm = user.HashAlgorithm,
                PasswordFormat = user.PasswordFormat,
-                PasswordSalt = user.PasswordSalt
+                PasswordSalt = user.PasswordSalt,
+                User = user
            }, password)) {
                validationErrors.Add(T("The username or e-mail or password provided is incorrect."));
                return null;
--- a/src/Orchard.Web/Modules/Orchard.Users/Services/PasswordService.cs
+++ b/src/Orchard.Web/Modules/Orchard.Users/Services/PasswordService.cs
@ -8,6 +8,7 @@ using System.Web.Helpers;
 using System.Web.Security;
 using Orchard.Environment.Configuration;
 using Orchard.Security;
+using Orchard.Users.Models;

 namespace Orchard.Users.Services {
    public class PasswordService : IPasswordService {
@ -56,6 +57,12 @@ namespace Orchard.Users.Services {
                if (String.IsNullOrEmpty(keepOldConfiguration) || keepOldConfiguration.Equals("false", StringComparison.OrdinalIgnoreCase)) {
                    context.HashAlgorithm = DefaultHashAlgorithm;
                    context.Password = PasswordExtensions.ComputeHashBase64(context.HashAlgorithm, saltBytes, plaintextPassword);
+                    // Actually persist the migration of the algorithm
+                    var pwdUser = context.User as UserPart;
+                    if (pwdUser != null) {
+                        pwdUser.HashAlgorithm = context.HashAlgorithm;
+                        pwdUser.Password = context.Password;
+                    }
                }
            }

--- a/src/Orchard/Security/PasswordContext.cs
+++ b/src/Orchard/Security/PasswordContext.cs
@ -9,5 +9,11 @@ namespace Orchard.Security {
        public string PasswordSalt { get; set; }
        public string HashAlgorithm { get; set; }
        public MembershipPasswordFormat PasswordFormat { get; set; }
+
+        // In some rare cases, it's important to carry information about a user
+        // this password belongs to. A practical example is when we have to force
+        // an upgrade of the hashing/encryption scheme used for the password, and
+        // store corresponding information.
+        public IUser User { get; set; }
    }
 }