From d1fbe564b689d4c13c6bc70c013c4a4625dcd503 Mon Sep 17 00:00:00 2001 From: Tomas Cohen Arazi Date: Mon, 30 Aug 2021 11:08:57 -0300 Subject: [PATCH] Bug 28772: Add a warning about hash_password usage in updatedatabase.pl Signed-off-by: Tomas Cohen Arazi Signed-off-by: Martin Renvoize Signed-off-by: Marcel de Rooy Signed-off-by: Wainui Witika-Park --- Koha/AuthUtils.pm | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/Koha/AuthUtils.pm b/Koha/AuthUtils.pm index 7c4dcd1002..c5fb69ce86 100644 --- a/Koha/AuthUtils.pm +++ b/Koha/AuthUtils.pm @@ -50,9 +50,15 @@ user passwords. my $hash = Koha::AuthUtils::hash_password($password, $settings); +Hash I<$password> using Bcrypt. Accepts an extra I<$settings> parameter for salt. +If I<$settings> is not passed, a new salt is generated. + +WARNING: If this method implementation is changed in the future, as of +bug 28772 there's at least one DBRev that uses this code and should +be taken care of. + =cut -# Using Bcrypt method for hashing. This can be changed to something else in future, if needed. sub hash_password { my $password = shift; $password = Encode::encode( 'UTF-8', $password ) -- 2.39.5