From 5843cbb3a31a58c94408c9836bcceb27ebe9720f Mon Sep 17 00:00:00 2001
From: Tomas Cohen Arazi <tomascohen@theke.io>
Date: Mon, 30 Aug 2021 11:08:57 -0300
Subject: [PATCH] Bug 28772: Add a warning about hash_password usage in
 updatedatabase.pl

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
(cherry picked from commit d1fbe564b689d4c13c6bc70c013c4a4625dcd503)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
---
 Koha/AuthUtils.pm | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/Koha/AuthUtils.pm b/Koha/AuthUtils.pm
index 7c4dcd1002..c5fb69ce86 100644
--- a/Koha/AuthUtils.pm
+++ b/Koha/AuthUtils.pm
@@ -50,9 +50,15 @@ user passwords.
 
     my $hash = Koha::AuthUtils::hash_password($password, $settings);
 
+Hash I<$password> using Bcrypt. Accepts an extra I<$settings> parameter for salt.
+If I<$settings> is not passed, a new salt is generated.
+
+WARNING: If this method implementation is changed in the future, as of
+bug 28772 there's at least one DBRev that uses this code and should
+be taken care of.
+
 =cut
 
-# Using Bcrypt method for hashing. This can be changed to something else in future, if needed.
 sub hash_password {
     my $password = shift;
     $password = Encode::encode( 'UTF-8', $password )
-- 
2.39.5