needsRehash always checks against PASSWORD_DEFAULT [#3334308]

Problem/Motivation

When checking if the password needs to be rehashed, PASSWORD_DEFAULT is provided as a parameter instead of the configured algorithm. If an alternate algorithm is configured, the password will always be rehashed even though not necessary.

Steps to reproduce

override the password.php service's arguments to provide a different algorithm (e.g. PASSWORD_ARGON2I

Proposed resolution

Update the value sent to password_rehash()

Remaining tasks

User interface changes

API changes

Data model changes

Issue fork php_password-3334308

Show commands

Start within a Git clone of the project using the version control instructions.

Add & fetch this issue fork’s repository

Or, if you do not have SSH keys set up on git.drupalcode.org:

Add & fetch this issue fork’s repository

3334308-needsrehash changes, plain diff MR !1
Check out this branch for the first time

Check out existing branch, if you already have it locally

About issue forks

Comments

Comment #1

17 January 2023 at 20:26

gapple created an issue. See original summary.

Comment #2

17 January 2023 at 20:29

gapple opened merge request !1

Comment #3

gapple

he/they

English

commented 17 January 2023 at 20:30

Title:	needsRehash always checks against PASSWORD_DEFAULT	» 3334308-needsrehash
Status:	Active	» Needs review

Comment #4

gapple

he/they

English

commented 17 January 2023 at 21:14

Title:

3334308-needsrehash

» needsRehash always checks against PASSWORD_DEFAULT

Comment #5

23 May 2023 at 15:52

neclimdul committed 725c7e56 on 8.x-1.x authored by gapple

Issue #3334308: needsRehash always checks against PASSWORD_DEFAULT

Comment #6

neclimdul

He/Him

commented 23 May 2023 at 15:53

Status:

Needs review

» Fixed

Thanks!

Comment #7

6 June 2023 at 15:54

Status:

Fixed

» Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

needsRehash always checks against PASSWORD_DEFAULT