From 287b594803105ba517680aa50be478648d434035 Mon Sep 17 00:00:00 2001 From: zeripath Date: Sat, 12 Dec 2020 18:59:49 +0000 Subject: Whenever the password is updated ensure that the hash algorithm is too (#13966) `user.HashPassword` may potentially - and in fact now likely does - change the `passwd_hash_algo` therefore whenever the `passwd` is updated, this also needs to be updated. Fix #13832 Thanks @fblaese for the hint Signed-off-by: Andrew Thornton --- routers/user/auth.go | 4 ++-- routers/user/setting/account.go | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'routers/user') diff --git a/routers/user/auth.go b/routers/user/auth.go index 38e90cbef1..1e34099411 100644 --- a/routers/user/auth.go +++ b/routers/user/auth.go @@ -1514,7 +1514,7 @@ func ResetPasswdPost(ctx *context.Context) { } u.HashPassword(passwd) u.MustChangePassword = false - if err := models.UpdateUserCols(u, "must_change_password", "passwd", "rands", "salt"); err != nil { + if err := models.UpdateUserCols(u, "must_change_password", "passwd", "passwd_hash_algo", "rands", "salt"); err != nil { ctx.ServerError("UpdateUser", err) return } @@ -1590,7 +1590,7 @@ func MustChangePasswordPost(ctx *context.Context, cpt *captcha.Captcha, form aut u.HashPassword(form.Password) u.MustChangePassword = false - if err := models.UpdateUserCols(u, "must_change_password", "passwd", "salt"); err != nil { + if err := models.UpdateUserCols(u, "must_change_password", "passwd", "passwd_hash_algo", "salt"); err != nil { ctx.ServerError("UpdateUser", err) return } diff --git a/routers/user/setting/account.go b/routers/user/setting/account.go index 9b72e2a31a..4fb2e4be40 100644 --- a/routers/user/setting/account.go +++ b/routers/user/setting/account.go @@ -68,7 +68,7 @@ func AccountPost(ctx *context.Context, form auth.ChangePasswordForm) { return } ctx.User.HashPassword(form.Password) - if err := models.UpdateUserCols(ctx.User, "salt", "passwd"); err != nil { + if err := models.UpdateUserCols(ctx.User, "salt", "passwd_hash_algo", "passwd"); err != nil { ctx.ServerError("UpdateUser", err) return } -- cgit v1.2.3