From 5c0697ad1ecbd25ff245a93ea5af55c07817249e Mon Sep 17 00:00:00 2001
From: zeripath <art27@cantab.net>
Date: Thu, 3 Sep 2020 19:58:31 +0100
Subject: Use argon as default password hash algorithm (#12688)

* Restrict TLS connections to 1.2 minimum

* Set Argon2 as the default KDF

* Fix user.yml

* Remove TLS minversion changes

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add migration as per @techknowlogick

Signed-off-by: Andrew Thornton <art27@cantab.net>

* set the password algo in the fixtures

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Remove the v148 migration - it needs recreate table to change the defaults

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Nadim Kobeissi <nadim@symbolic.software>
---
 modules/setting/setting.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/setting')

diff --git a/modules/setting/setting.go b/modules/setting/setting.go
index ae15f68faa..5b8aefdaa4 100644
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@@ -819,7 +819,7 @@ func NewContext() {
 	ImportLocalPaths = sec.Key("IMPORT_LOCAL_PATHS").MustBool(false)
 	DisableGitHooks = sec.Key("DISABLE_GIT_HOOKS").MustBool(false)
 	OnlyAllowPushIfGiteaEnvironmentSet = sec.Key("ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET").MustBool(true)
-	PasswordHashAlgo = sec.Key("PASSWORD_HASH_ALGO").MustString("pbkdf2")
+	PasswordHashAlgo = sec.Key("PASSWORD_HASH_ALGO").MustString("argon2")
 	CSRFCookieHTTPOnly = sec.Key("CSRF_COOKIE_HTTP_ONLY").MustBool(true)
 
 	InternalToken = loadInternalToken(sec)
-- 
cgit v1.2.3