Evergreen

a simple function should exist for setting a salted password in one step

Bug #1858833 reported by Rogan Hamby
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Evergreen
Fix Released
Wishlist
Unassigned
Evergreen 3.6-beta

Bug Description

Right now the set_password function needs a few steps to allow a systems administrator to set a password. For convenience it would be nice to have a single function handle the salt and password in one step as the migrate password function does.

Tags: pullrequest
Revision history for this message
Bill Erickson (berick) wrote :

What I have locally. Can branch-ify.

-- utility sql for modifying user 'main' passwords
CREATE OR REPLACE FUNCTION actor.change_password (user_id INT, new_pw TEXT, pw_type TEXT DEFAULT 'main')
RETURNS VOID AS $$
DECLARE
    new_salt TEXT;
BEGIN
    SELECT actor.create_salt(pw_type) INTO new_salt;

    IF pw_type = 'main' THEN
        -- Only 'main' passwords are required to have
        -- the extra layer of MD5 hashing.
        PERFORM actor.set_passwd(
            user_id, pw_type, md5(new_salt || md5(new_pw)), new_salt
        );

    ELSE
        PERFORM actor.set_passwd(user_id, pw_type, new_pw, new_salt);
    END IF;
END;
$$ LANGUAGE 'plpgsql';

Changed in evergreen:
status: New → Confirmed
Revision history for this message
Rogan Hamby (rogan-hamby) wrote :

That's functionally identical to what Jason Etheridge and I have bene using locally too. So, whoever branchifies first.... wins? (maybe a complimentary beverage)

Revision history for this message
Jason Stephenson (jstephenson) wrote :

We've got the "same" function at CW MARS as well. Comes in real handy.

Revision history for this message
Rogan Hamby (rogan-hamby) wrote :

branch here: user/rogan/lp1858833_set_salted_password

https://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads/user/rogan/lp1858833_set_salted_password

tags: added: pullrequest
Rogan Hamby (rogan-hamby)
Changed in evergreen:
assignee: Rogan Hamby (rogan-hamby) → nobody
Bill Erickson (berick)
Changed in evergreen:
assignee: nobody → Bill Erickson (berick)
milestone: none → 3.6-beta
Revision history for this message
Bill Erickson (berick) wrote :

Thanks, Rogan. Merged to master in prep for 3.6.

Changed in evergreen:
assignee: Bill Erickson (berick) → nobody
status: Confirmed → Fix Committed
Evergreen Bug Maintenance (bugmaster)
Changed in evergreen:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.