MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: [login] Correctly convert old password hash to blowfish

pull/6896/head
Jakub Onderka 2021-01-21 10:34:59 +01:00
parent a39427cf01
commit 294e4a620b
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/Controller/UsersController.php
View File

@ -1150,9 +1150,8 @@ class UsersController extends AppController
if ($oldHash) {
// Convert old style password hash to blowfish
$passwordToSave = $this->request->data['User']['password'];
$hasher = new BlowfishPasswordHasher();
$hashedPassword = $hasher->hash($passwordToSave);
$this->User->save(['id' => $this->Auth->user('id'), 'password' => $hashedPassword], false, ['password']);
// Password is converted to hashed form automatically
$this->User->save(['id' => $this->Auth->user('id'), 'password' => $passwordToSave], false, ['password']);
}
$this->_postlogin();
} else {