--- 1463624-37-move-password-inc-to-dic.patch	2012-11-14 12:19:05.000000000 +0100
+++ 1463624-43-move-password-inc-to-dic.patch	2012-11-14 22:30:17.000000000 +0100
@@ -293,28 +293,31 @@
 -  return (_password_get_count_log2($account->pass) !== $count_log2);
 -}
 diff --git a/core/lib/Drupal/Core/CoreBundle.php b/core/lib/Drupal/Core/CoreBundle.php
-index bbc4e2e..99b4e9f 100644
+index bbc4e2e..bf9e7cb 100644
 --- a/core/lib/Drupal/Core/CoreBundle.php
 +++ b/core/lib/Drupal/Core/CoreBundle.php
-@@ -80,6 +80,12 @@ public function build(ContainerBuilder $container) {
+@@ -80,6 +80,15 @@ public function build(ContainerBuilder $container) {
      $container->register('nested_matcher', 'Drupal\Core\Routing\NestedMatcher')
        ->addTag('chained_matcher', array('priority' => 5));
  
-+    // Add password hashing service
++    // Add password hashing service. The argument to PhpassHashedPassword
++    // constructor is the log2 number of iterations for password stretching.
++    // This should increase by 1 every Drupal version in order to counteract
++    // increases in the speed and power of computers available to crack the
++    // hashes. The current password hashing method was introduced in Drupal 7
++    // with a log2 count of 15.
 +    $container->register('password', 'Drupal\Core\Password\PhpassHashedPassword')
-+      ->addArgument(new Reference('config.factory'))
-+      ->setFactoryClass('Drupal\Core\Password\PhpassFactory')
-+      ->setFactoryMethod('get');
++      ->addArgument(16);
 +
      // The following services are tagged as 'nested_matcher' services and are
      // processed in the RegisterNestedMatchersPass compiler pass. Each one
      // needs to be set on the matcher using a different method, so we use a
 diff --git a/core/lib/Drupal/Core/Password/PasswordInterface.php b/core/lib/Drupal/Core/Password/PasswordInterface.php
 new file mode 100644
-index 0000000..89f1806
+index 0000000..e14a6d8
 --- /dev/null
 +++ b/core/lib/Drupal/Core/Password/PasswordInterface.php
-@@ -0,0 +1,63 @@
+@@ -0,0 +1,64 @@
 +<?php
 +
 +/**
@@ -362,9 +365,10 @@
 +   *
 +   * This is typically called during the login process when the plain text
 +   * password is available. A new hash is needed when the desired iteration
-+   * count has changed through a change in the config setting phpass.count_log2
-+   * in system.password or if the user's password hash was generated in an
-+   * update like user_update_7000() (see the Drupal 7 documentation).
++   * count has changed by a modification of the password-service in the
++   * dependency injection container or if the user's password hash was
++   * generated in an update like user_update_7000() (see the Drupal 7
++   * documentation).
 +   *
 +   * Alternative implementations of this function might use other criteria based
 +   * on the fields in $account.
@@ -378,40 +382,6 @@
 +  public function userNeedsNewHash($account);
 +
 +}
-diff --git a/core/lib/Drupal/Core/Password/PhpassFactory.php b/core/lib/Drupal/Core/Password/PhpassFactory.php
-new file mode 100644
-index 0000000..b52de56
---- /dev/null
-+++ b/core/lib/Drupal/Core/Password/PhpassFactory.php
-@@ -0,0 +1,28 @@
-+<?php
-+
-+/**
-+ * @file
-+ * Definition of Drupal\Core\Password\PhpassFactory
-+ */
-+
-+namespace Drupal\Core\Password;
-+use Drupal\Core\Password\PhpassHashedPassword;
-+
-+/**
-+ * Instantiate phpass password hashing algorithm with the parameters given in
-+ * the system.password config.
-+ */
-+class PhpassFactory {
-+
-+  /**
-+   * Return an instance of Drupal\Core\Password\PhpassHashedPassword
-+   */
-+  public static function get($configfactory) {
-+    $count_log2 = (int)$configfactory
-+      ->get('system.password')
-+      ->load()
-+      ->get('phpass.count_log2');
-+
-+    return new PhpassHashedPassword($count_log2);
-+  }
-+}
 diff --git a/core/lib/Drupal/Core/Password/PhpassHashedPassword.php b/core/lib/Drupal/Core/Password/PhpassHashedPassword.php
 new file mode 100644
 index 0000000..d5ae542
@@ -677,14 +647,6 @@
 +    return ($this->getCountLog2($account->pass) !== $count_log2);
 +  }
 +}
-diff --git a/core/modules/system/config/system.password.yml b/core/modules/system/config/system.password.yml
-new file mode 100644
-index 0000000..54b9044
---- /dev/null
-+++ b/core/modules/system/config/system.password.yml
-@@ -0,0 +1,2 @@
-+phpass:
-+    count_log2: '16'
 diff --git a/core/modules/system/lib/Drupal/system/Tests/System/PasswordHashingTest.php b/core/modules/system/lib/Drupal/system/Tests/System/PasswordHashingTest.php
 index eb9c634..92e37be 100644
 --- a/core/modules/system/lib/Drupal/system/Tests/System/PasswordHashingTest.php
@@ -776,37 +738,20 @@
      db_query("UPDATE {users} SET pass = :pass WHERE uid = :uid", array(':pass' => $user1->pass, ':uid' => $user1->uid));
      $this->drupalLogin($user1);
      $this->drupalGet($this->update_url, array('external' => TRUE));
-diff --git a/core/modules/system/lib/Drupal/system/Tests/Upgrade/SystemUpgradePathTest.php b/core/modules/system/lib/Drupal/system/Tests/Upgrade/SystemUpgradePathTest.php
-index 283765d..18d78ff 100644
---- a/core/modules/system/lib/Drupal/system/Tests/Upgrade/SystemUpgradePathTest.php
-+++ b/core/modules/system/lib/Drupal/system/Tests/Upgrade/SystemUpgradePathTest.php
-@@ -89,6 +89,10 @@ public function testVariableUpgrade() {
-       'fallback_format' => 'plain_text'
-     );
- 
-+    $expected_config['system.password'] = array(
-+      'phpass.count_log2' => '42',
-+    );
-+
-     foreach ($expected_config as $file => $values) {
-       $config = config($file);
-       $this->verbose(print_r($config->get(), TRUE));
 diff --git a/core/modules/system/system.install b/core/modules/system/system.install
-index e29674e..5caac99 100644
+index e29674e..451d221 100644
 --- a/core/modules/system/system.install
 +++ b/core/modules/system/system.install
-@@ -2224,6 +2224,17 @@ function system_update_8035() {
+@@ -2224,6 +2224,15 @@ function system_update_8035() {
  }
  
  /**
-+ * Converts password_count_log2 variable to config.
++ * Remove the 'password_count_log2' variable.
 + *
 + * @ingroup config_upgrade
 + */
 +function system_update_8036() {
-+  update_variables_to_config('system.password', array(
-+    'password_count_log2' => 'phpass.count_log2'
-+  ));
++  update_variable_del('password_count_log2');
 +}
 +
 +/**
@@ -845,7 +790,7 @@
      // We cannot use $account->save() here, because this would result in the
      // password being hashed again.
 diff --git a/core/modules/user/lib/Drupal/user/Tests/UserLoginTest.php b/core/modules/user/lib/Drupal/user/Tests/UserLoginTest.php
-index 0b6eeba..15d9f5e 100644
+index 0b6eeba..45a3bdf 100644
 --- a/core/modules/user/lib/Drupal/user/Tests/UserLoginTest.php
 +++ b/core/modules/user/lib/Drupal/user/Tests/UserLoginTest.php
 @@ -8,6 +8,7 @@
@@ -856,7 +801,7 @@
  
  /**
   * Functional tests for user logins, including rate limiting of login attempts.
-@@ -102,10 +103,12 @@ function testPerUserLoginFloodControl() {
+@@ -102,25 +103,32 @@ function testPerUserLoginFloodControl() {
     * Test that user password is re-hashed upon login after changing $count_log2.
     */
    function testPasswordRehashOnLogin() {
@@ -865,7 +810,7 @@
 -    // Set initial $count_log2 to the default, DRUPAL_HASH_COUNT.
 -    variable_set('password_count_log2', DRUPAL_HASH_COUNT);
 +    // Determine default log2 for phpass hashing algoritm
-+    $count_log2 = (int)config('system.password')->get('phpass.count_log2');
++    $default_count_log2 = 16;
 +
 +    // Retrieve instance of password hashing algorithm
 +    $password_hasher = drupal_container()->get('password');
@@ -873,23 +818,28 @@
      // Create a new user and authenticate.
      $account = $this->drupalCreateUser(array());
      $password = $account->pass_raw;
-@@ -113,14 +116,16 @@ function testPasswordRehashOnLogin() {
+     $this->drupalLogin($account);
      $this->drupalLogout();
-     // Load the stored user. The password hash should reflect $count_log2.
+-    // Load the stored user. The password hash should reflect $count_log2.
++    // Load the stored user. The password hash should reflect $default_count_log2.
      $account = user_load($account->uid);
 -    $this->assertIdentical(_password_get_count_log2($account->pass), DRUPAL_HASH_COUNT);
-+    $this->assertIdentical($password_hasher->getCountLog2($account->pass), $count_log2);
-+
-     // Change $count_log2 and log in again.
+-    // Change $count_log2 and log in again.
 -    variable_set('password_count_log2', DRUPAL_HASH_COUNT + 1);
-+    $count_log2++;
-+    config('system.password')->set('phpass.count_log2', $count_log2)->save();
++    $this->assertIdentical($password_hasher->getCountLog2($account->pass), $default_count_log2);
++
++    // Change the required number of iterations by loading a test-module 
++    // containing the necessary container builder code and then verify that the 
++    // users password gets rehashed during the login.
++    $overridden_count_log2 = 19;
++    module_enable(array('user_custom_phpass_params_test'));
++
      $account->pass_raw = $password;
      $this->drupalLogin($account);
      // Load the stored user, which should have a different password hash now.
      $account = user_load($account->uid, TRUE);
 -    $this->assertIdentical(_password_get_count_log2($account->pass), DRUPAL_HASH_COUNT + 1);
-+    $this->assertIdentical($password_hasher->getCountLog2($account->pass), $count_log2);
++    $this->assertIdentical($password_hasher->getCountLog2($account->pass), $overridden_count_log2);
    }
  
    /**
@@ -907,6 +857,47 @@
        // Abort if the hashing failed and returned FALSE.
        if (!$entity->pass) {
          throw new EntityMalformedException('The entity does not have a password.');
+diff --git a/core/modules/user/tests/user_custom_phpass_params_test/lib/Drupal/user_custom_phpass_params_test/UserCustomPhpassParamsTestBundle.php b/core/modules/user/tests/user_custom_phpass_params_test/lib/Drupal/user_custom_phpass_params_test/UserCustomPhpassParamsTestBundle.php
+new file mode 100644
+index 0000000..ab68d2e
+--- /dev/null
++++ b/core/modules/user/tests/user_custom_phpass_params_test/lib/Drupal/user_custom_phpass_params_test/UserCustomPhpassParamsTestBundle.php
+@@ -0,0 +1,20 @@
++<?php
++
++/**
++ * @file
++ * Definition of Drupal\user_custom_phpass_params_test\UserCustomPhpassParamsTestBundle
++ */
++
++namespace Drupal\user_custom_phpass_params_test;
++
++use Symfony\Component\DependencyInjection\ContainerBuilder;
++use Symfony\Component\HttpKernel\Bundle\Bundle;
++
++class UserCustomPhpassParamsTestBundle extends Bundle
++{
++  public function build(ContainerBuilder $container) {
++    // Override the default password hashing service parameters
++    $container->register('password', 'Drupal\Core\Password\PhpassHashedPassword')
++      ->addArgument(19);
++  }
++}
+diff --git a/core/modules/user/tests/user_custom_phpass_params_test/user_custom_phpass_params_test.info b/core/modules/user/tests/user_custom_phpass_params_test/user_custom_phpass_params_test.info
+new file mode 100644
+index 0000000..be72cf8
+--- /dev/null
++++ b/core/modules/user/tests/user_custom_phpass_params_test/user_custom_phpass_params_test.info
+@@ -0,0 +1,6 @@
++name = "User custom phpass params test"
++description = "Support module for testing custom phpass password algorithm parameters."
++package = Testing
++version = VERSION
++core = 8.x
++;hidden = TRUE
+diff --git a/core/modules/user/tests/user_custom_phpass_params_test/user_custom_phpass_params_test.module b/core/modules/user/tests/user_custom_phpass_params_test/user_custom_phpass_params_test.module
+new file mode 100644
+index 0000000..e69de29
 diff --git a/core/modules/user/user.module b/core/modules/user/user.module
 index 68b45ea..9ac0316 100644
 --- a/core/modules/user/user.module