-
-
Notifications
You must be signed in to change notification settings - Fork 950
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: allow importing salted sha hashing algorithms #2741
Conversation
I'll get started on updating the docs soon! |
Codecov Report
@@ Coverage Diff @@
## master #2741 +/- ##
==========================================
- Coverage 77.78% 77.40% -0.38%
==========================================
Files 316 312 -4
Lines 19881 19484 -397
==========================================
- Hits 15464 15082 -382
+ Misses 3258 3244 -14
+ Partials 1159 1158 -1
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you very much for your PR. It looks very good already. I have just left some comments for you.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the update! It looks very good now 🎉, but I think we still need to iterate over the salting. 🧂
Definitely having the possibility of prepending the salt would save many lifes (i.e. many password resets) |
@hugotiburtino you have a use case where you are using SSHA, SSHA256, or SSHA512 where the salt is prepended instead of being appended? There is another thread where the latest comment @aeneasr thought to use the initial solution for SSHA (not using PHC). I want to be sure to consider everyone's needs. Even though using the Edit: punctuation |
Our use case (same org. as @hugotiburtino) is actually not SSHA but a custom flavour of SHA so we would be well served with the PHC syntax. Thanks for your consideration. If we can help you with this PR in any way, just get in touch. |
merge first into ory/kratos's master.
to maintain the convention.
since the former's hash comparator was added after the latter's one.
Refactor SSHA and SHA comparators
Revert "Refactor SSHA and SHA comparators"
Abstract SSHA comparator and minor changes without merging from ory/kratos master
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the changes, LGTM!
There was a bug in the error handling for short SSHA passwords that I fixed in fea0bbd. PTAL.
We probably also need to update the documentation to now include regular SHA? |
@aeneasr that's right. I'm awaiting the review of ory/docs#1090 so we can explain the formatting in the same way and can add the changes then. |
That's merged now! There's a few conflicts left that need resolving. @hperl are the changes good to go now? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks very good now 🎉!
I just merged master, if CI passes we should be ready to merge 💪
epic! |
Allows importing of salted SHA (SSHA, SSHA256, and SSHA512) passwords into Ory Kratos
Related issue(s)
#2422
Checklist
introduces a new feature.
contributing code guidelines.
vulnerability. If this pull request addresses a security. vulnerability, I
confirm that I got green light (please contact
security@ory.sh) from the maintainers to push
the changes.
works.