Upgrade blank passwords to bcrypt hashes
Previously, blank passwords were not upgraded to bcrypt hashes. This is annoying and problematic because it makes it difficult to remove the old password hashing system because those passwords might still be checked against non-bcrypt hashes.
This commit is contained in:
Lucas Nicodemus
parent
b17c4cfc13
commit
211b70ca37
2 changed files with 2 additions and 5 deletions
|
|
@ -444,15 +444,11 @@ namespace TShockAPI.DB
|
|||
UpgradePasswordWorkFactor(password);
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
catch (SaltParseException)
|
||||
{
|
||||
if (String.Equals(HashPassword(password), Password, StringComparison.InvariantCultureIgnoreCase))
|
||||
{
|
||||
// Return true to keep blank passwords working but don't convert them to bcrypt.
|
||||
if (Password == "non-existant password") {
|
||||
return true;
|
||||
}
|
||||
// The password is not stored using BCrypt; upgrade it to BCrypt immediately
|
||||
UpgradePasswordToBCrypt(password);
|
||||
return true;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue