-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Magento 2 not supporting BCRYPT passwords introduced in SUPEE-11219 #26731
Comments
Thanks for opening this issue! |
Hi @SamJUK. Thank you for your report.
Please make sure that the issue is reproducible on the vanilla Magento instance following Steps to reproduce. To deploy vanilla Magento instance on our environment, please, add a comment to the issue:
For more details, please, review the Magento Contributor Assistant documentation. @SamJUK do you confirm that you were able to reproduce the issue on vanilla Magento instance following steps to reproduce?
|
Hi @engcom-Bravo. Thank you for working on this issue.
|
@sdzhepa The issue is reproducible if migrate to Magento 2.4-develop Rechecked with: Actual Result:After migrating, the customers appeared in Magento 2.4- develop Customers - All Customers grid |
✅ Confirmed by @sdzhepa Issue Available: @sdzhepa, You will be automatically unassigned. Contributors/Maintainers can claim this issue to continue. To reclaim and continue work, reassign the ticket to yourself. |
Hi, I have this issue migrating from 1.9.4.X to 2.3.4. I just found this issue while partway through a migration and now have thousands of accounts with passwords that will not work on the M2.3.4 site. Do you have a workaround? |
We got the client to just get customers to reset their password until a offical mage fix, since its around 5% of the userbase affected. If you wanted to implement a fix, although i haven't tried it, you could do something along the lines of modifying the So something like public function isValidHash($password, $hash)
{
if (stripos($hash, '$2y$') === 0) {
return password_verify($password, $hash);
}
...
} |
Thanks for your comment @SamJUK - I've just implemented almost the same patch myself in that class since posting my question:
|
Is it just me, or does the function password_hash and/or password_verify does not exist in Encryptor.php on Magento 2.3.3? Edit: ah! |
Both |
@SamJUK @Fidelity88 @pipe-devnull You can try to use this fix magento/data-migration-tool@3c7f83b clean cache and empty magento_root/generated directory. When customers login the tool will validate the password and rehash it in algorithm which Magento 2 understand. |
Hi @sdzhepa or @victor-v-rad What is the status over here? Thanks! |
@hostep @SamJUK |
Thank you @victor-v-rad for the update and details cc: @hostep |
Preconditions (*)
Steps to reproduce (*)
Expected result (*)
Actual result (*)
Additional Information
2.4-develop
This case has been verified for current
2.4-develop
and was confirmed here that issue still actualRechecked with:
Magento 1.9.3.9 and SUPEE-11219_CE_1939
Data Migration tool
2.3.4
Magento 2.4-develop
Actual Result:
After migrating, the customers appeared in Magento 2.4- develop Customers - All Customers grid
But Sign In to Storefront fails
The customer is still able to Sign In Magento 1.9.3.9 Storefront
The text was updated successfully, but these errors were encountered: