add auth.local.passwordHashMethod field

2025-12-17 06:37:23 +01:00 · 2017-01-23 10:38:41 +01:00
parent 2bbc4f4f4d
commit 070c4a8fbd
3 changed files with 8 additions and 2 deletions
--- a/website/server/controllers/api-v3/auth.js
+++ b/website/server/controllers/api-v3/auth.js
@@ -125,6 +125,7 @@ api.registerLocal = {
          email,
          salt,
          hashed_password, // eslint-disable-line camelcase
+          passwordHashMethod: 'sha1',
        },
      },
      preferences: {
--- a/website/server/models/user/hooks.js
+++ b/website/server/models/user/hooks.js
@@ -10,7 +10,7 @@ import schema from './schema';
 schema.plugin(baseModel, {
  // noSet is not used as updating uses a whitelist and creating only accepts specific params (password, email, username, ...)
  noSet: [],
-  private: ['auth.local.hashed_password', 'auth.local.salt', '_cronSignature', '_ABtest', '_ABtests'],
+  private: ['auth.local.hashed_password', 'auth.local.passwordHashMethod', 'auth.local.salt', '_cronSignature', '_ABtest', '_ABtests'],
  toJSONTransform: function userToJSON (plainObj, originalDoc) {
    plainObj._tmp = originalDoc._tmp; // be sure to send down drop notifs
    delete plainObj.filters;
--- a/website/server/models/user/schema.js
+++ b/website/server/models/user/schema.js
@@ -54,7 +54,12 @@ let schema = new Schema({
      // Store a lowercase version of username to check for duplicates
      lowerCaseUsername: String,
      hashed_password: String, // eslint-disable-line camelcase
-      salt: String,
+      // Legacy password are hashed with SHA1, new ones with bcrypt
+      passwordHashMethod: {
+        type: String,
+        enum: ['bcrypt', 'sha1'],
+      },
+      salt: String, // Salt for SHA1 encrypted passwords, not stored for bcrypt
    },
    timestamps: {
      created: {type: Date, default: Date.now},