-
Notifications
You must be signed in to change notification settings - Fork 6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authserver cleanup phase 3 - the account table unfuckening #25135
Conversation
This breaks https://github.com/TrinityCore/aowow, in particular login using TC as auth. See https://github.com/TrinityCore/aowow/blob/master/includes/user.class.php#L286 . It would be nice if that tool (and other tools under the TC umbrella) would be updated before merging this PR |
@jackpoz we want some of the changes in this PR before updating external tools re-added |
e7743fd
to
4be5b66
Compare
f460c0c
to
c909b0a
Compare
I would add https://github.com/TrinityCore/account-creator also to the list of apps that would be nice to fix before merging this |
- salt/verifier/sessionkey are now binary - old s/v/sha_pass_hash fields kept around for backwards compatibility - sha_pass_hash is only read if s/v have been manually changed - sha_pass_hash is still updated (for now), s/v are not - no longer use sha_pass_hash for anything else core-side (.account, SOAP, RA)
…definitely sure that this is a legacy tool)
c50dabc
to
9b35dc0
Compare
…r are nullable for now.
…just in case some tool does silly things.
…s this should be at least 256 bits (>256 makes no sense for our 256-bit N)
- no longer use sha_pass_hash for anything else core-side (.account, SOAP, RA) - salt/verifier/session_key are now binary - old s/v/sha_pass_hash fields kept around for backwards compatibility - sha_pass_hash is still updated (for now), s/v are not - sha_pass_hash is only read if s/v have been manually changed - SRP6 b now uses the full 32 bytes of randomness (instead of randomly only using 19) (cherry picked from commit 3164b58)
(This is part 3 of 5 in the deprecation process of
sha_pass_hash
, as outlined in #25157.)Changes
salt
andverifier
are nowBINARY(32)
, fromVARCHAR(64)
SessionKey
is nowBINARY(40)
, fromVARCHAR(80)
Backwards compatibility
sha_pass_hash
will still be updated, and external tools can still set itsha_pass_hash
will only be read if backwards-compatibility fieldss
/v
were changed by external tools