SONAR-19225 Drop BCRYPT hash method for user passwords

author: Matteo Mara <matteo.mara@sonarsource.com> 2025-01-07 11:51:27 +0100
committer: sonartech <sonartech@sonarsource.com> 2025-01-09 20:03:23 +0000
commit: d6dda575139a485af627fd3d0d0a5a50359ade5c (patch)
tree: e5c6256987229c4f1fab4c77be1e731d895e3084 /server/sonar-db-dao
parent: d047326a1aa1a745cb4e3c0a50f4bda9e745d4e7 (diff)
download: sonarqube-d6dda575139a485af627fd3d0d0a5a50359ade5c.tar.gz
sonarqube-d6dda575139a485af627fd3d0d0a5a50359ade5c.zip
3 files changed, 4 insertions, 4 deletions
diff --git a/server/sonar-db-dao/src/it/java/org/sonar/db/user/UserDaoIT.java b/server/sonar-db-dao/src/it/java/org/sonar/db/user/UserDaoIT.java
index 18c19baa8f7..33ee933299c 100644
--- a/server/sonar-db-dao/src/it/java/org/sonar/db/user/UserDaoIT.java
+++ b/server/sonar-db-dao/src/it/java/org/sonar/db/user/UserDaoIT.java
@@ -465,7 +465,7 @@ class UserDaoIT {
       .setResetPassword(true)
       .setSalt("12345")
       .setCryptedPassword("abcde")
-      .setHashMethod("BCRYPT")
+      .setHashMethod("PBKDF2")
       .setExternalLogin("johngithub")
       .setExternalIdentityProvider("github")
       .setExternalId("EXT_ID")
@@ -485,7 +485,7 @@ class UserDaoIT {
     assertThat(reloaded.getSortedScmAccounts()).containsExactly("jo.hn", "john2", "johndoo");
     assertThat(reloaded.getSalt()).isEqualTo("12345");
     assertThat(reloaded.getCryptedPassword()).isEqualTo("abcde");
-    assertThat(reloaded.getHashMethod()).isEqualTo("BCRYPT");
+    assertThat(reloaded.getHashMethod()).isEqualTo("PBKDF2");
     assertThat(reloaded.getExternalLogin()).isEqualTo("johngithub");
     assertThat(reloaded.getExternalIdentityProvider()).isEqualTo("github");
     assertThat(reloaded.getExternalId()).isEqualTo("EXT_ID");
diff --git a/server/sonar-db-dao/src/it/java/org/sonar/db/user/UserDaoWithPersisterIT.java b/server/sonar-db-dao/src/it/java/org/sonar/db/user/UserDaoWithPersisterIT.java
index 474f5e4760c..cdb44c43719 100644
--- a/server/sonar-db-dao/src/it/java/org/sonar/db/user/UserDaoWithPersisterIT.java
+++ b/server/sonar-db-dao/src/it/java/org/sonar/db/user/UserDaoWithPersisterIT.java
@@ -92,7 +92,7 @@ class UserDaoWithPersisterIT {
       .setResetPassword(true)
       .setSalt("12345")
       .setCryptedPassword("abcde")
-      .setHashMethod("BCRYPT")
+      .setHashMethod("PBKDF2")
       .setExternalLogin("johngithub")
       .setExternalIdentityProvider("github")
       .setExternalId("EXT_ID")
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/user/UserDto.java b/server/sonar-db-dao/src/main/java/org/sonar/db/user/UserDto.java
index 0bcfcf15c6a..a6e4fab242c 100644
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/user/UserDto.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/user/UserDto.java
@@ -43,7 +43,7 @@ public class UserDto implements UserId {
   private String externalIdentityProvider;
   // Hashed password that may be null in case of external authentication
   private String cryptedPassword;
-  // Salt used for PBKDF2, null when bcrypt is used or for external authentication
+  // Null for external authentication
   private String salt;
   // Hash method used to generate cryptedPassword, my be null in case of external authentication
   private String hashMethod;
author	Matteo Mara <matteo.mara@sonarsource.com>	2025-01-07 11:51:27 +0100
committer	sonartech <sonartech@sonarsource.com>	2025-01-09 20:03:23 +0000
commit	d6dda575139a485af627fd3d0d0a5a50359ade5c (patch)
tree	e5c6256987229c4f1fab4c77be1e731d895e3084 /server/sonar-db-dao
parent	d047326a1aa1a745cb4e3c0a50f4bda9e745d4e7 (diff)
download	sonarqube-d6dda575139a485af627fd3d0d0a5a50359ade5c.tar.gz sonarqube-d6dda575139a485af627fd3d0d0a5a50359ade5c.zip