-
-
Notifications
You must be signed in to change notification settings - Fork 78
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Migrate to argon2id for storing passwords #564
base: development
Are you sure you want to change the base?
Commits on Oct 7, 2022
-
Configuration menu - View commit details
-
Copy full SHA for 5556fac - Browse repository at this point
Copy the full SHA 5556facView commit details -
Configuration menu - View commit details
-
Copy full SHA for a0b6a18 - Browse repository at this point
Copy the full SHA a0b6a18View commit details -
Configuration menu - View commit details
-
Copy full SHA for 5b26d1d - Browse repository at this point
Copy the full SHA 5b26d1dView commit details -
Configuration menu - View commit details
-
Copy full SHA for a1be3ba - Browse repository at this point
Copy the full SHA a1be3baView commit details -
Implement database updating system
This allows password to be automatically rehashed if the database is old
Configuration menu - View commit details
-
Copy full SHA for acda9d3 - Browse repository at this point
Copy the full SHA acda9d3View commit details -
Configuration menu - View commit details
-
Copy full SHA for 1498a92 - Browse repository at this point
Copy the full SHA 1498a92View commit details -
Configuration menu - View commit details
-
Copy full SHA for 892b9a9 - Browse repository at this point
Copy the full SHA 892b9a9View commit details -
Bump server api version to 4.0
This is so that we can drop support for submit and register for old clients, which use 3.0
Configuration menu - View commit details
-
Copy full SHA for 6fe590c - Browse repository at this point
Copy the full SHA 6fe590cView commit details -
Reject
submit
andregister
from old clientsThis is required to properly migrate away from md5, as old clients performed hashing on client side.
Configuration menu - View commit details
-
Copy full SHA for 11befe7 - Browse repository at this point
Copy the full SHA 11befe7View commit details -
Update server code to use argon2id
- Passwords are now hashed on the server, with a salt. - After the database update has run, for old accounts we are left with their old md5 hash rehashed using argon2id, so to verify their password, we hash first using md5 and then rehash with argon2id.
Configuration menu - View commit details
-
Copy full SHA for 2e91d62 - Browse repository at this point
Copy the full SHA 2e91d62View commit details -
Migrate hash to argon2id when a user logs in
This way we can gradually remove the rehashed md5 hashes
Configuration menu - View commit details
-
Copy full SHA for b76cc59 - Browse repository at this point
Copy the full SHA b76cc59View commit details -
Configuration menu - View commit details
-
Copy full SHA for d19e38f - Browse repository at this point
Copy the full SHA d19e38fView commit details -
Configuration menu - View commit details
-
Copy full SHA for 921476e - Browse repository at this point
Copy the full SHA 921476eView commit details -
Configuration menu - View commit details
-
Copy full SHA for aee9a63 - Browse repository at this point
Copy the full SHA aee9a63View commit details -
Configuration menu - View commit details
-
Copy full SHA for 0ffa12d - Browse repository at this point
Copy the full SHA 0ffa12dView commit details -
Temporarily disable failing test
This test results in a request to lib.haxe.org, which does not provide api version 4.0 yet
Configuration menu - View commit details
-
Copy full SHA for a3460af - Browse repository at this point
Copy the full SHA a3460afView commit details
Commits on Nov 26, 2022
-
Automatically add new table columns
This will be done via sql statements for now, because I'm not sure how to run `skeema push` automatically.
Configuration menu - View commit details
-
Copy full SHA for 2e96da8 - Browse repository at this point
Copy the full SHA 2e96da8View commit details -
Configuration menu - View commit details
-
Copy full SHA for 894950a - Browse repository at this point
Copy the full SHA 894950aView commit details
Commits on Nov 28, 2022
-
Configuration menu - View commit details
-
Copy full SHA for fd4990e - Browse repository at this point
Copy the full SHA fd4990eView commit details
Commits on Nov 29, 2022
-
Configuration menu - View commit details
-
Copy full SHA for e3b379c - Browse repository at this point
Copy the full SHA e3b379cView commit details