[FIX] Hashing password-reset tokens before storing #508
Conversation
rosamarsky
force-pushed
the
506-fix-password-resets-hashing-issue
branch
from
214d9eb to
3e2b5b2
Compare
rosamarsky
changed the title
Codecov Report
@@ Coverage Diff @@
## 1.7 #508 +/- ##
============================================
- Coverage 56.83% 56.80% -0.04%
- Complexity 829 830 +1
============================================
Files 102 102
Lines 2303 2308 +5
============================================
+ Hits 1309 1311 +2
- Misses 994 997 +3
Continue to review full report at Codecov.
|
|
As @dpslwk pointed out, this is invalidating all existing tokens. Though we never release a new major so cannot really see how else we can solve this... |
|
@eigan, maybe you can create a dev branch with all backward incompatible commits and tag it with git like BTW, I don't see a problem if this commit invalidates all tokens. You can just use the password recovery request again to get a new link with a new token. |
|
I believe |
|
oh and looks like we should have also done this change back around v5.2.31 (2016-04-27), as the change to APP_KEY gen was introduced in v5.2.26 (2016-03-25) |
rosamarsky
force-pushed
the
506-fix-password-resets-hashing-issue
branch
from
3e2b5b2 to
af5d1ec
Compare
|
@dpslwk sorry, I forgot to add this file to the commit |
no worries its why we have code review 😉 |
|
Thank you @rosamarsky and @dpslwk! Going for a release announcement instead of bc. Sorry in advance for anyone getting angry users over this. |
|
make some sense, I mean these a reset tokens they should only have a short lifetime anyway so effects should only be during a short transition period |
1.7.13 - Hashing password-reset tokens before storing (laravel-doctrine#508 laravel-doctrine#506) @rosamarsky - Trying to print_r circular entity dependency results in OOM in InteractsWithEntities (laravel-doctrine#510) @k0ka Breaking change: - All password reset tokens will be invalidated.
[FIX] Fix for issue #506. Hashing password-reset tokens before storing.