lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2025-07-16 04:23:13 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Restored ability to automatically migrate hashing algorithm (#8672)

Browse Source
This commit is contained in:
Matteo Piovanelli 2023-04-21 08:52:29 +02:00 committed by GitHub
parent ff70011b69
commit 882fb8eca5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/Orchard.Web/Modules/Orchard.Users/Services/MembershipService.cs
View File

@ -150,7 +150,8 @@ namespace Orchard.Users.Services {
Password = user.Password, Password = user.Password,
HashAlgorithm = user.HashAlgorithm, HashAlgorithm = user.HashAlgorithm,
PasswordFormat = user.PasswordFormat, PasswordFormat = user.PasswordFormat,
PasswordSalt = user.PasswordSalt PasswordSalt = user.PasswordSalt,
User = user
}, password)) { }, password)) {
validationErrors.Add(T("The username or e-mail or password provided is incorrect.")); validationErrors.Add(T("The username or e-mail or password provided is incorrect."));
return null; return null;

7
src/Orchard.Web/Modules/Orchard.Users/Services/PasswordService.cs
View File

@ -8,6 +8,7 @@ using System.Web.Helpers;
using System.Web.Security; using System.Web.Security;
using Orchard.Environment.Configuration; using Orchard.Environment.Configuration;
using Orchard.Security; using Orchard.Security;
using Orchard.Users.Models;
namespace Orchard.Users.Services { namespace Orchard.Users.Services {
public class PasswordService : IPasswordService { public class PasswordService : IPasswordService {
@ -56,6 +57,12 @@ namespace Orchard.Users.Services {
if (String.IsNullOrEmpty(keepOldConfiguration) || keepOldConfiguration.Equals("false", StringComparison.OrdinalIgnoreCase)) { if (String.IsNullOrEmpty(keepOldConfiguration) || keepOldConfiguration.Equals("false", StringComparison.OrdinalIgnoreCase)) {
context.HashAlgorithm = DefaultHashAlgorithm; context.HashAlgorithm = DefaultHashAlgorithm;
context.Password = PasswordExtensions.ComputeHashBase64(context.HashAlgorithm, saltBytes, plaintextPassword); context.Password = PasswordExtensions.ComputeHashBase64(context.HashAlgorithm, saltBytes, plaintextPassword);
// Actually persist the migration of the algorithm
var pwdUser = context.User as UserPart;
if (pwdUser != null) {
pwdUser.HashAlgorithm = context.HashAlgorithm;
pwdUser.Password = context.Password;
}
} }
} }

6
src/Orchard/Security/PasswordContext.cs
View File

@ -9,5 +9,11 @@ namespace Orchard.Security {
public string PasswordSalt { get; set; } public string PasswordSalt { get; set; }
public string HashAlgorithm { get; set; } public string HashAlgorithm { get; set; }
public MembershipPasswordFormat PasswordFormat { get; set; } public MembershipPasswordFormat PasswordFormat { get; set; }
// In some rare cases, it's important to carry information about a user
// this password belongs to. A practical example is when we have to force
// an upgrade of the hashing/encryption scheme used for the password, and
// store corresponding information.
public IUser User { get; set; }
} }
} }