Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Migrate to argon2id for storing passwords #564

Open
wants to merge 20 commits into
base: development
Choose a base branch
from

Commits on Oct 7, 2022

  1. Add argon2 binding for neko

    tobil4sk committed Oct 7, 2022
    Configuration menu
    Copy the full SHA
    5556fac View commit details
    Browse the repository at this point in the history
  2. Configuration menu
    Copy the full SHA
    a0b6a18 View commit details
    Browse the repository at this point in the history
  3. Implement argon2id hashing

    tobil4sk committed Oct 7, 2022
    Configuration menu
    Copy the full SHA
    5b26d1d View commit details
    Browse the repository at this point in the history
  4. Configuration menu
    Copy the full SHA
    a1be3ba View commit details
    Browse the repository at this point in the history
  5. Implement database updating system

    This allows password to be automatically rehashed if the database is old
    tobil4sk committed Oct 7, 2022
    Configuration menu
    Copy the full SHA
    acda9d3 View commit details
    Browse the repository at this point in the history
  6. Configuration menu
    Copy the full SHA
    1498a92 View commit details
    Browse the repository at this point in the history
  7. Configuration menu
    Copy the full SHA
    892b9a9 View commit details
    Browse the repository at this point in the history
  8. Bump server api version to 4.0

    This is so that we can drop support for submit and register for old
    clients, which use 3.0
    tobil4sk committed Oct 7, 2022
    Configuration menu
    Copy the full SHA
    6fe590c View commit details
    Browse the repository at this point in the history
  9. Reject submit and register from old clients

    This is required to properly migrate away from md5, as old clients
    performed hashing on client side.
    tobil4sk committed Oct 7, 2022
    Configuration menu
    Copy the full SHA
    11befe7 View commit details
    Browse the repository at this point in the history
  10. Update server code to use argon2id

    - Passwords are now hashed on the server, with a salt.
    
    - After the database update has run, for old accounts we are left with
    their old md5 hash rehashed using argon2id, so to verify their password,
    we hash first using md5 and then rehash with argon2id.
    tobil4sk committed Oct 7, 2022
    Configuration menu
    Copy the full SHA
    2e91d62 View commit details
    Browse the repository at this point in the history
  11. Migrate hash to argon2id when a user logs in

    This way we can gradually remove the rehashed md5 hashes
    tobil4sk committed Oct 7, 2022
    Configuration menu
    Copy the full SHA
    b76cc59 View commit details
    Browse the repository at this point in the history
  12. Configuration menu
    Copy the full SHA
    d19e38f View commit details
    Browse the repository at this point in the history
  13. Configuration menu
    Copy the full SHA
    921476e View commit details
    Browse the repository at this point in the history
  14. Configuration menu
    Copy the full SHA
    aee9a63 View commit details
    Browse the repository at this point in the history
  15. Configuration menu
    Copy the full SHA
    0ffa12d View commit details
    Browse the repository at this point in the history
  16. Temporarily disable failing test

    This test results in a request to lib.haxe.org, which does not provide
    api version 4.0 yet
    tobil4sk committed Oct 7, 2022
    Configuration menu
    Copy the full SHA
    a3460af View commit details
    Browse the repository at this point in the history

Commits on Nov 26, 2022

  1. Automatically add new table columns

    This will be done via sql statements for now, because I'm not sure
    how to run `skeema push` automatically.
    tobil4sk committed Nov 26, 2022
    Configuration menu
    Copy the full SHA
    2e96da8 View commit details
    Browse the repository at this point in the history
  2. Configuration menu
    Copy the full SHA
    894950a View commit details
    Browse the repository at this point in the history

Commits on Nov 28, 2022

  1. Add missing file close

    tobil4sk committed Nov 28, 2022
    Configuration menu
    Copy the full SHA
    fd4990e View commit details
    Browse the repository at this point in the history

Commits on Nov 29, 2022

  1. Configuration menu
    Copy the full SHA
    e3b379c View commit details
    Browse the repository at this point in the history