From 8e8e8ee150a70e882bf4661fab84382befe29ac0 Mon Sep 17 00:00:00 2001 From: zeripath Date: Sun, 13 Dec 2020 00:01:44 +0000 Subject: [PATCH] Whenever the password is updated ensure that the hash algorithm is too (#13966) (#13967) Backport #13966 `user.HashPassword` may potentially - and in fact now likely does - change the `passwd_hash_algo` therefore whenever the `passwd` is updated, this also needs to be updated. Fix #13832 Thanks @fblaese for the hint Signed-off-by: Andrew Thornton --- cmd/admin.go | 2 +- routers/user/auth.go | 4 ++-- routers/user/setting/account.go | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cmd/admin.go b/cmd/admin.go index 9f81f5284d..597aeb8eb1 100644 --- a/cmd/admin.go +++ b/cmd/admin.go @@ -283,7 +283,7 @@ func runChangePassword(c *cli.Context) error { } user.HashPassword(c.String("password")) - if err := models.UpdateUserCols(user, "passwd", "salt"); err != nil { + if err := models.UpdateUserCols(user, "passwd", "passwd_hash_algo", "salt"); err != nil { return err } diff --git a/routers/user/auth.go b/routers/user/auth.go index 02cebe6a0e..893cad09be 100644 --- a/routers/user/auth.go +++ b/routers/user/auth.go @@ -1496,7 +1496,7 @@ func ResetPasswdPost(ctx *context.Context) { } u.HashPassword(passwd) u.MustChangePassword = false - if err := models.UpdateUserCols(u, "must_change_password", "passwd", "rands", "salt"); err != nil { + if err := models.UpdateUserCols(u, "must_change_password", "passwd", "passwd_hash_algo", "rands", "salt"); err != nil { ctx.ServerError("UpdateUser", err) return } @@ -1572,7 +1572,7 @@ func MustChangePasswordPost(ctx *context.Context, cpt *captcha.Captcha, form aut u.HashPassword(form.Password) u.MustChangePassword = false - if err := models.UpdateUserCols(u, "must_change_password", "passwd", "salt"); err != nil { + if err := models.UpdateUserCols(u, "must_change_password", "passwd", "passwd_hash_algo", "salt"); err != nil { ctx.ServerError("UpdateUser", err) return } diff --git a/routers/user/setting/account.go b/routers/user/setting/account.go index 9b72e2a31a..4fb2e4be40 100644 --- a/routers/user/setting/account.go +++ b/routers/user/setting/account.go @@ -68,7 +68,7 @@ func AccountPost(ctx *context.Context, form auth.ChangePasswordForm) { return } ctx.User.HashPassword(form.Password) - if err := models.UpdateUserCols(ctx.User, "salt", "passwd"); err != nil { + if err := models.UpdateUserCols(ctx.User, "salt", "passwd_hash_algo", "passwd"); err != nil { ctx.ServerError("UpdateUser", err) return }