From d6dda575139a485af627fd3d0d0a5a50359ade5c Mon Sep 17 00:00:00 2001
From: Matteo Mara <matteo.mara@sonarsource.com>
Date: Tue, 7 Jan 2025 11:51:27 +0100
Subject: SONAR-19225 Drop BCRYPT hash method for user passwords

---
 server/sonar-db-dao/src/it/java/org/sonar/db/user/UserDaoIT.java      | 4 ++--
 .../src/it/java/org/sonar/db/user/UserDaoWithPersisterIT.java         | 2 +-
 server/sonar-db-dao/src/main/java/org/sonar/db/user/UserDto.java      | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

(limited to 'server/sonar-db-dao')

diff --git a/server/sonar-db-dao/src/it/java/org/sonar/db/user/UserDaoIT.java b/server/sonar-db-dao/src/it/java/org/sonar/db/user/UserDaoIT.java
index 18c19baa8f7..33ee933299c 100644
--- a/server/sonar-db-dao/src/it/java/org/sonar/db/user/UserDaoIT.java
+++ b/server/sonar-db-dao/src/it/java/org/sonar/db/user/UserDaoIT.java
@@ -465,7 +465,7 @@ class UserDaoIT {
       .setResetPassword(true)
       .setSalt("12345")
       .setCryptedPassword("abcde")
-      .setHashMethod("BCRYPT")
+      .setHashMethod("PBKDF2")
       .setExternalLogin("johngithub")
       .setExternalIdentityProvider("github")
       .setExternalId("EXT_ID")
@@ -485,7 +485,7 @@ class UserDaoIT {
     assertThat(reloaded.getSortedScmAccounts()).containsExactly("jo.hn", "john2", "johndoo");
     assertThat(reloaded.getSalt()).isEqualTo("12345");
     assertThat(reloaded.getCryptedPassword()).isEqualTo("abcde");
-    assertThat(reloaded.getHashMethod()).isEqualTo("BCRYPT");
+    assertThat(reloaded.getHashMethod()).isEqualTo("PBKDF2");
     assertThat(reloaded.getExternalLogin()).isEqualTo("johngithub");
     assertThat(reloaded.getExternalIdentityProvider()).isEqualTo("github");
     assertThat(reloaded.getExternalId()).isEqualTo("EXT_ID");
diff --git a/server/sonar-db-dao/src/it/java/org/sonar/db/user/UserDaoWithPersisterIT.java b/server/sonar-db-dao/src/it/java/org/sonar/db/user/UserDaoWithPersisterIT.java
index 474f5e4760c..cdb44c43719 100644
--- a/server/sonar-db-dao/src/it/java/org/sonar/db/user/UserDaoWithPersisterIT.java
+++ b/server/sonar-db-dao/src/it/java/org/sonar/db/user/UserDaoWithPersisterIT.java
@@ -92,7 +92,7 @@ class UserDaoWithPersisterIT {
       .setResetPassword(true)
       .setSalt("12345")
       .setCryptedPassword("abcde")
-      .setHashMethod("BCRYPT")
+      .setHashMethod("PBKDF2")
       .setExternalLogin("johngithub")
       .setExternalIdentityProvider("github")
       .setExternalId("EXT_ID")
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/user/UserDto.java b/server/sonar-db-dao/src/main/java/org/sonar/db/user/UserDto.java
index 0bcfcf15c6a..a6e4fab242c 100644
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/user/UserDto.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/user/UserDto.java
@@ -43,7 +43,7 @@ public class UserDto implements UserId {
   private String externalIdentityProvider;
   // Hashed password that may be null in case of external authentication
   private String cryptedPassword;
-  // Salt used for PBKDF2, null when bcrypt is used or for external authentication
+  // Null for external authentication
   private String salt;
   // Hash method used to generate cryptedPassword, my be null in case of external authentication
   private String hashMethod;
-- 
cgit v1.2.3