From 671174d02c5a8d8d038e23e5a154a18a7c380160 Mon Sep 17 00:00:00 2001 From: Tomas Cohen Arazi Date: Mon, 30 Aug 2021 11:08:57 -0300 Subject: [PATCH] Bug 28772: Add a warning about hash_password usage in updatedatabase.pl Signed-off-by: Tomas Cohen Arazi Signed-off-by: Martin Renvoize Signed-off-by: Marcel de Rooy Signed-off-by: Jonathan Druart --- Koha/AuthUtils.pm | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/Koha/AuthUtils.pm b/Koha/AuthUtils.pm index 49d2723c54..8345f50a5f 100644 --- a/Koha/AuthUtils.pm +++ b/Koha/AuthUtils.pm @@ -54,9 +54,15 @@ user passwords. my $hash = Koha::AuthUtils::hash_password($password, $settings); +Hash I<$password> using Bcrypt. Accepts an extra I<$settings> parameter for salt. +If I<$settings> is not passed, a new salt is generated. + +WARNING: If this method implementation is changed in the future, as of +bug 28772 there's at least one DBRev that uses this code and should +be taken care of. + =cut -# Using Bcrypt method for hashing. This can be changed to something else in future, if needed. sub hash_password { my $password = shift; $password = Encode::encode( 'UTF-8', $password ) -- 2.39.5