After running the user migration from D7 to D8 all user passwords seems invalid, e.g. It's impossible to login in D8. I noticed this today because of
Before this I was able to login with the user name and pass given during site install by
drush si. Now the original (D7) admin user is mapped to be the new admin user in D8 with the original password. I tried to login with some other user accounts too, but with no luck.
After doing a
drush uli and enter a new password for the admin I'm able to login back again. I'm using PostgreSQL 9.3 and migrating from a PostgreSQL 9.1 version.
So this could be a PostgreSQL only issue! I didn't have the time to see if we have a migration test verifying the successful login after a migration, but guess we don't. I think this is a migrate critical so adding as such.
- As a first analysis: Is this issue PostgreSQL only? - NO
- Is this because of bytea_escaping? - NO
This issue is occurring because the PasswordItem will hash all incoming values. This means the Drupal 7 password is hashed again - which breaks it. At the moment we wrap the password service with one that migrate can change its behaviour for Drupal 6 passwords. However this wrapping is always on even if the migrate module is not installed.
The current patch:
- Adds a flag to PasswordItem to say that the password is already hashed so it won't be hashed by its preSave() method
- Removes the password service wrapper
- Uses the new flag for both Drupal 6 and Drupal 7 passwords during a user migration
This patch results in less run-time complexity for all sites and a cleaner approach to migrating passwords because now we have one less stateful service.
This patch is acceptable for 8.1.x because UserServiceProvider is not API and the MigratePassword is part of migrate (although it's in the user module) and therefore experimental. MigratePassword also effects all existing sites because every time a user logs in there are unnecessary method calls.
Write patch Write tests
User interface changes
pre_hashedflag on PasswordItem
- Removes MigratePassword and the UserServiceProvider which performed a weird decoration of the password service