-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for bcrypt #22
Comments
(for now, I'm assuming we only have bcrypt-ed password, no "stormpath hash" -- which they say is unlikely) |
@elmigranto urgent, so take this task only if you have time today or tomorrow. Otherwise I'll handle it. Please let me know. |
Will work on this today. |
Took a look, here's the scope with bit more specifics:
[1] What if someones password starts with
Let me know if any of this sounds off to you. |
Correct me if I'm wrong, password hash will only be on users ported using What's the format of that with password hash included? |
If that's the case, I wonder whether it would be easier to just replace password's hash directly in DB after creating a user (from import script that is): we assemble payload, remember user ID, send request, and replace db doc with |
Yes it's only meant to be used with Also, to make I'd say, let's go for the easier. Maybe it's also simple to test the current plaintext password for a condition like |
I'd rather not, let's keep w/ever spec/lib does.
Well, looks like the simplest would be to make |
Sounds good. startsWith From https://en.wikipedia.org/wiki/Bcrypt :
|
It will be good enough to detect what kind of hash passed in when verifying plain text password against it ( |
As we're migrating from stormpath, we'll retrieve encrypted
bcrypt
passwords.We need to:
hashedPassword
data in body as an alternative topassword
when creating/editing accounts.Ref: https://stormpath.com/export#use-pw
The text was updated successfully, but these errors were encountered: