Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/opac
History
Srikanth Dhondi f2162a86b0 Bug 9611: Change the password hashing algorithm from MD5 to Bcrypt 
What this patch aims to accomplish?

 * All new passwords are stored as Bcrypt-hashes
 * For password verification:
     - If the user was created before this patch was applied then use
        MD5 to hash the entered password <-- backwards compatibility
     - If the user was created after this patch was applied then use
       Bcrypt to hash the entered password
 * Any password change made via the staff interface or the OPAC will
   be automatically Bcrypt-hashed; this applies to old users whose
   passwords were stored as MD5 hashes previously

Test plan:
  1) Add new users and check whether their passwords are stored as
     Bcrypt hashes or not.
  2) To test that authentication works for both old as well as new
     users:
       a) Login as an existing user whose password is stored as a
          MD5 hash
       b) Login as an existing user whose password is stored as a
          Bcrypt hash
  3) In the staff interface, change the password of an existing user
     whose password is stored as an MD5 hash
	a) Check the new password is stored as a Bcrypt-hash in the database
	b) Try to login with the new password
  4) In the OPAC, verify that
    a) Old user with old pass can change password, new format
    b) New user with new pass can change password
    c) Old and new user with self-updated pass can login

Whitespace cleanup was contributed by  Bernardo Gonzalez Kriegel.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-03 22:22:32 +00:00
..
errors Bug 4330 Fixing FSF statements 2012-05-28 17:53:51 +02:00
rss adding file just for creating the rss directory 2007-08-02 08:50:43 +00:00
sco Bug 9108: Followup: send the dateformat value from C4::Auth 2013-01-17 21:59:30 -05:00
svc Bug 10320: (follow-up) handle OverDrive authentication failure more gracefully 2013-09-08 07:04:50 +00:00
ilsdi.pl Bug 10549: (follow-up) make sure ILS-DI GetAvailability response is emitted as UTF-8 2013-07-17 19:14:37 +00:00
maintenance.pl Bug 7853 - opac-maintanance.pl should correctly redirect back to opac-main.pl, if no updates are outstanding 2013-04-07 13:34:12 -04:00
oai.pl Bug 4330 Fixing FSF statements 2012-05-28 17:53:51 +02:00
opac-account.pl Bug 4330 : Fixing FSF address and copyright statements 2012-05-28 17:53:46 +02:00
opac-addbybiblionumber.pl Bug 5894: Display all titles when confirming copy of items from cart to list 2013-07-05 07:04:02 -07:00
opac-alert-subscribe.pl Bug 4289: 'OpacPublic' feature 2011-01-19 14:30:34 +13:00
opac-authorities-home.pl Bug 9132: Paging through OPAC authority search results does not work 2012-11-28 08:13:18 -05:00
opac-authoritiesdetail.pl Bug 8981 follow-up: case 2012-11-29 22:07:29 -05:00
opac-basket.pl Bug 10026 - OPAC cart not showing location anymore 2013-04-23 08:43:50 -04:00
opac-browser.pl Bug 4289: 'OpacPublic' feature 2011-01-19 14:30:34 +13:00
opac-changelanguage.pl Bug 4330 Fixing FSF statements 2012-05-28 17:53:51 +02:00
opac-course-details.pl bug 8215: (followup) don't allow deleting course reserves from OPAC 2013-05-21 15:51:02 -07:00
opac-course-reserves.pl bug 8215: (followup) make sure C4::CourseReserves doesn't export anything 2013-05-21 15:51:01 -07:00
opac-detail.pl Bug 10584 - Hide OPAC biblio details if all items are hidden 2013-09-18 15:31:04 +00:00
opac-downloadcart.pl bug 5579 : Fixes several exports to embed items 2011-04-19 22:35:15 +12:00
opac-downloadshelf.pl Bug 7788: [SIGNED-OFF] Remove two unused calls to GetShelf 2012-05-22 12:06:25 +02:00
opac-export.pl Bug 3652: close XSS vulnerabilities in opac-export 2012-10-24 15:40:18 +02:00
opac-ics.pl Bug 5549 : GetPendingIssues now returns DateTime objects 2012-03-20 12:33:37 +13:00
opac-image.pl Bug 8255: allow local cover images to be cached 2012-06-25 18:12:29 +02:00
opac-imageviewer.pl Bug 4321: clean C4::Biblio::GetBiblio and uses 2012-09-18 12:11:54 +02:00
opac-ISBDdetail.pl Bug 10584 - Hide OPAC biblio details if all items are hidden 2013-09-18 15:31:04 +00:00
opac-main.pl Bug 9395: Problem with callnumber and standard number searches 2013-02-15 18:30:15 -05:00
opac-MARCdetail.pl Bug 10876: Fix opac-MARCdetail.pl displaying items that are meant to be hidden 2013-09-18 16:03:45 +00:00
opac-memberentry.pl Bug 10204 - Patron image no longer appears in the OPAC 2013-05-08 09:47:38 -04:00
opac-messaging.pl Talking Tech Support - Phase I 2012-06-10 17:46:52 +02:00
opac-modrequest-suspend.pl Bug 7641: Suspend Reserves 2012-03-29 14:37:49 +02:00
opac-modrequest.pl Bug 9394: Use reserve_id where possible 2013-07-24 05:04:55 +00:00
opac-mymessages.pl Bug 4330 : Fixing FSF address and copyright statements 2012-05-28 17:53:46 +02:00
opac-overdrive-search.pl Bug 10320: (follow-up) correct license statement 2013-09-08 07:04:45 +00:00
opac-passwd.pl Bug 9611: Change the password hashing algorithm from MD5 to Bcrypt 2013-10-03 22:22:32 +00:00
opac-patron-image.pl Bug 10201 - Old OPAC patron update system should be removed 2013-05-12 09:54:07 -04:00
opac-privacy.pl Bug 6506: When AnonymousPatron not set, deletion of issue history silently failed. 2013-05-01 08:44:11 -04:00
opac-ratings-ajax.pl Bug 8315 - fix 'C4::Output 3.02' errors in Koha 2012-06-29 11:59:13 +02:00
opac-ratings.pl Bug 5668 - Star ratings in the opac 2012-04-10 14:40:49 +02:00
opac-readingrecord.pl Bug 8017 reduce manipulation of GetAllIssues return 2012-09-13 18:51:45 +02:00
opac-registration-verify.pl Bug 7067 - QA Followup - Fix error when confirming via email 2012-12-14 08:09:02 -05:00
opac-renew.pl Bug 7551 : Can only renew for the user you are logged in as now 2012-02-17 09:12:21 +01:00
opac-reserve.pl Bug 10272: make CheckReserves respect ReservesControlBranch 2013-09-08 01:20:01 +00:00
opac-review.pl Bug 4289: 'OpacPublic' feature 2011-01-19 14:30:34 +13:00
opac-search-history.pl Bug 9916 - Use DataTables in the OPAC 2013-08-19 14:19:02 +00:00
opac-search.pl Bug 10320 - Integrate OverDrive search into OPAC 2013-09-08 07:00:40 +00:00
opac-sendbasket.pl Bug 8626: Fix encoding in cart emails for use of quoted-printable 2012-08-29 18:14:32 +02:00
opac-sendshelf.pl Bug 3651 Follow-up, Require patron login to send shelves and baskets 2012-01-06 15:57:57 +01:00
opac-serial-issues.pl Bug 6195 : Opac user should not have serial manage tab 2011-04-19 13:29:01 +12:00
opac-shelves.pl Bug 7310: Code changes for Improving list permissions 2012-03-21 16:46:40 +01:00
opac-showmarc.pl Bug 9570 - view plain not working in ccsr 2013-03-07 09:33:57 -05:00
opac-showreviews.pl Bug 6679 :[SIGNED-OFF] Fixing some perlcritic violations in the opac 2012-04-10 13:45:00 +02:00
opac-suggestions.pl Bug 9457 - Followup - Ordering branches should be case independent (2) 2013-03-20 15:36:19 -04:00
opac-tags.pl bug 9401: remove direct reads of CGISESSID cookie by JavaScript 2013-02-01 11:05:35 -05:00
opac-tags_subject.pl Bug 4289: 'OpacPublic' feature 2011-01-19 14:30:34 +13:00
opac-topissues.pl Bug 10588: improve selection of default branch for OPAC popular items pag 2013-09-04 17:14:22 +00:00
opac-user.pl Bug 10672 - Add subtitle to display of checkouts, overdues, and holds on the patron summary 2013-09-07 21:07:28 +00:00
search.pl Bug 8233 : SearchEngine: Add a Koha::SearchEngine module 2012-07-06 16:51:58 +02:00
tracklinks.pl Bug 8917 : Shifting db dependent code to a module 2013-03-07 11:14:25 -05:00
unapi Bug 10085: unapi does not function under Plack 2013-04-23 08:33:51 -04:00