add auth.local.passwordHashMethod field

website/server/controllers/api-v3/auth.js

@@ -125,6 +125,7 @@ api.registerLocal = {
           email,
           salt,
           hashed_password, // eslint-disable-line camelcase
+          passwordHashMethod: 'sha1',
         },
       },
       preferences: {

website/server/models/user/hooks.js

@@ -10,7 +10,7 @@ import schema from './schema';
 schema.plugin(baseModel, {
   // noSet is not used as updating uses a whitelist and creating only accepts specific params (password, email, username, ...)
   noSet: [],
-  private: ['auth.local.hashed_password', 'auth.local.salt', '_cronSignature', '_ABtest', '_ABtests'],
+  private: ['auth.local.hashed_password', 'auth.local.passwordHashMethod', 'auth.local.salt', '_cronSignature', '_ABtest', '_ABtests'],
   toJSONTransform: function userToJSON (plainObj, originalDoc) {
     plainObj._tmp = originalDoc._tmp; // be sure to send down drop notifs
     delete plainObj.filters;

website/server/models/user/schema.js

@@ -54,7 +54,12 @@ let schema = new Schema({
       // Store a lowercase version of username to check for duplicates
       lowerCaseUsername: String,
       hashed_password: String, // eslint-disable-line camelcase
-      salt: String,
+      // Legacy password are hashed with SHA1, new ones with bcrypt
+      passwordHashMethod: {
+        type: String,
+        enum: ['bcrypt', 'sha1'],
+      },
+      salt: String, // Salt for SHA1 encrypted passwords, not stored for bcrypt
     },
     timestamps: {
       created: {type: Date, default: Date.now},