Whenever the password is updated ensure that the hash algorithm is too (#13966) ...

Backport #13966

`user.HashPassword` may potentially - and in fact now likely does - change
the `passwd_hash_algo` therefore whenever the `passwd` is updated, this
also needs to be updated.

Fix #13832

Thanks @fblaese for the hint

Signed-off-by: Andrew Thornton <art27@cantab.net>

diff --git a/cmd/admin.go b/cmd/admin.go
index 9f81f5284dd6d44dde3a8bcf8383b03e0d31964c..597aeb8eb120c1d65dd77db820024d566c840faa 100644 (file)
--- a/cmd/admin.go
+++ b/cmd/admin.go
@@ -283,7 +283,7 @@ func runChangePassword(c *cli.Context) error {
        }
        user.HashPassword(c.String("password"))
 
-       if err := models.UpdateUserCols(user, "passwd", "salt"); err != nil {
+       if err := models.UpdateUserCols(user, "passwd", "passwd_hash_algo", "salt"); err != nil {
                return err
        }
 

diff --git a/routers/user/auth.go b/routers/user/auth.go
index 02cebe6a0e3e57ffb50fcea63c41dff3d0c68bcf..893cad09beee0fe809a6e0eefa8118278dde3726 100644 (file)
--- a/routers/user/auth.go
+++ b/routers/user/auth.go
@@ -1496,7 +1496,7 @@ func ResetPasswdPost(ctx *context.Context) {
        }
        u.HashPassword(passwd)
        u.MustChangePassword = false
-       if err := models.UpdateUserCols(u, "must_change_password", "passwd", "rands", "salt"); err != nil {
+       if err := models.UpdateUserCols(u, "must_change_password", "passwd", "passwd_hash_algo", "rands", "salt"); err != nil {
                ctx.ServerError("UpdateUser", err)
                return
        }
@@ -1572,7 +1572,7 @@ func MustChangePasswordPost(ctx *context.Context, cpt *captcha.Captcha, form aut
        u.HashPassword(form.Password)
        u.MustChangePassword = false
 
-       if err := models.UpdateUserCols(u, "must_change_password", "passwd", "salt"); err != nil {
+       if err := models.UpdateUserCols(u, "must_change_password", "passwd", "passwd_hash_algo", "salt"); err != nil {
                ctx.ServerError("UpdateUser", err)
                return
        }

diff --git a/routers/user/setting/account.go b/routers/user/setting/account.go
index 9b72e2a31a23fb752556482434a1bff6b4298d4f..4fb2e4be402eeff5c1736660523176f0d032744f 100644 (file)
--- a/routers/user/setting/account.go
+++ b/routers/user/setting/account.go
@@ -68,7 +68,7 @@ func AccountPost(ctx *context.Context, form auth.ChangePasswordForm) {
                        return
                }
                ctx.User.HashPassword(form.Password)
-               if err := models.UpdateUserCols(ctx.User, "salt", "passwd"); err != nil {
+               if err := models.UpdateUserCols(ctx.User, "salt", "passwd_hash_algo", "passwd"); err != nil {
                        ctx.ServerError("UpdateUser", err)
                        return
                }