Skip to content
This repository was archived by the owner on Sep 10, 2021. It is now read-only.

Commit 03cbdc9

Browse files
zachmullenzachmullen
committed
ENH: refs #952. Database upgrade for new password storage system
1 parent bc420ab commit 03cbdc9

File tree

1 file changed

+67
-0
lines changed

1 file changed

+67
-0
lines changed

core/database/upgrade/3.2.12.php

Lines changed: 67 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,67 @@
1+
<?php
2+
3+
/**
4+
* Upgrade 3.2.12 improves the password salting and hashing system
5+
*/
6+
class Upgrade_3_2_12 extends MIDASUpgrade
7+
{
8+
9+
public function preUpgrade()
10+
{
11+
}
12+
13+
public function mysql()
14+
{
15+
$this->db->query("ALTER TABLE `user` ADD COLUMN `hash_alg` varchar(32) NOT NULL default ''");
16+
$this->db->query("ALTER TABLE `user` ADD COLUMN `salt` varchar(64) NOT NULL default ''");
17+
18+
$this->db->query("CREATE TABLE `password` (
19+
`hash` varchar(128) NOT NULL,
20+
PRIMARY KEY (`hash`)
21+
)");
22+
$this->_movePasswords();
23+
24+
$this->db->query("ALTER TABLE `user` DROP `password`");
25+
}
26+
27+
public function pgsql()
28+
{
29+
$this->db->query("ALTER TABLE \"user\" ADD COLUMN hash_alg character varying(32) NOT NULL DEFAULT ''");
30+
$this->db->query("ALTER TABLE \"user\" ADD COLUMN salt character varying(64) NOT NULL DEFAULT ''");
31+
32+
$this->db->query("CREATE TABLE password (
33+
hash character varying(128) NOT NULL,
34+
CONSTRAINT password_hash PRIMARY KEY (hash)
35+
)");
36+
$this->_movePasswords();
37+
38+
// In pgsql we must explicitly sort the rows by using the cluster command
39+
$this->db->query("CLUSTER password USING password_hash");
40+
41+
$this->db->query("ALTER TABLE \"user\" DROP COLUMN password");
42+
}
43+
44+
public function postUpgrade()
45+
{
46+
}
47+
48+
/**
49+
* Moves passwords from the user table to the new password hash table
50+
*/
51+
private function _movePasswords()
52+
{
53+
// Move hashes from user table to password table
54+
$sql = $this->db->select()
55+
->from(array('user'), array('password'))
56+
->distinct();
57+
$rows = $this->db->fetchAll($sql);
58+
foreach($rows as $row)
59+
{
60+
$this->db->insert('password', array('hash' => $row['password']));
61+
}
62+
// Set the salt and hash alg to be the old instance wide salt and md5 for legacy users (i.e. all users currently in the system)
63+
$instanceSalt = Zend_Registry::get('configGlobal')->password->prefix;
64+
$this->db->update('user', array('hash_alg' => 'md5', 'salt' => $instanceSalt));
65+
}
66+
}
67+
?>

0 commit comments

Comments
 (0)