Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Try Vanilla Forums Cloud product

In this Discussion

Vanilla 2.6 is here! It includes security fixes and requires PHP 7.0. We have therefore ALSO released Vanilla 2.5.2 with security patches if you are still on PHP 5.6 to give you additional time to upgrade.

Authentication plugins and database fields (HashMethod, Password)

ddumontddumont ✭✭
edited June 2011 in Development
@Todd

Taking a stroll through my user table today I see that everyone has a pw hash set, even those who've logged in via a connector plugin like google/fb/twitter/etc.

Sometimes the hashmethod is NULL, sometimes Random... sometimes Vanilla.
I'm assuming that Vanilla hash methods are native forum logins.

Do you think it would be possible then to key off of this difference and change the behavior of the 'change password' action in the user profile to either be 'set password' or not require the old password if the user has used a plugin to log into the forum?

I assume you would just check for HashMethod != 'Vanilla'...

Would you welcome a patch for this for .18 gold? I'm trying to figure out a good user auth story for my app integration to my forum and this looks like it might do fine as long as users can go set a password if they don't already have one.

The current workaround means they will have to request a pw reset, which kinda makes the instructions a bit more complicated than they should be.

My addons: NillaBlog | Vanoogle

Comments

  • ToddTodd Chief Product Officer Vanilla Staff
    I'd love a patch for this. The password stuff is a little messy wrt connect. I think what needs to happen is for connect passwords to be set to "Random" and have that be the criteria for not requiring a password on reset.

    For your information, I think both hash methods of blank and vanilla get hashed by our algorithm. There are also other types of hashes based on other forum imports: vBulletin, phpBB, and django.
  • ddumontddumont ✭✭
    edited June 2011
    Here you go this should work: https://github.com/vanillaforums/Garden/pull/1014

    It's fairly straight forward... but I didn't get to thoroughly test it because I haven't upgraded to .18 beta yet... I'll be doing that when you release beta 3

    My addons: NillaBlog | Vanoogle

  • @Todd was doing some more review and I found a problem with a condition in the password view. Added a new commit to the pull request to address it.

    Let me know if you would like me to change anything. I'd like to see this in before beta 3 comes out (if you have the time, that is). :)

    My addons: NillaBlog | Vanoogle

Sign In or Register to comment.