Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FIX Don't use the deprecated 'none' encryptor #272

Merged
merged 2 commits into from
May 28, 2024
Merged

FIX Don't use the deprecated 'none' encryptor #272

merged 2 commits into from
May 28, 2024

Conversation

GuySartorelli
Copy link
Member

Setting a Member's PasswordEncryption to "none" ends up using the deprecated PasswordEncryptor_None class.

There's no reason to not use encryption here.

Issue

@GuySartorelli GuySartorelli mentioned this pull request May 23, 2024
Closed
emteknetnz
emteknetnz requested changes May 24, 2024
View reviewed changes
Copy link
Member

@emteknetnz emteknetnz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You'll need to run this one across sink .. there may actually be a reason we don't know about

@GuySartorelli
Copy link
Member Author

GuySartorelli commented May 24, 2024
edited
Loading

Sink seems excessive, I'd have thought installer maybe. But to avoid ping pong I'll just do it with all of sink. Link to CI run will be in the linked issue description.

GuySartorelli
GuySartorelli commented May 28, 2024
View reviewed changes
src/Context/LoginContext.php
Comment on lines 317 to +323
// make sure any validation for password is skipped, since we're not testing complexity here
$validator = Member::password_validator();
Member::set_password_validator(null);
$nullValidator = new PasswordValidator();
$nullValidator->setMinLength(0);
$nullValidator->setMinTestScore(0);
$nullValidator->setHistoricCount(0);
Member::set_password_validator($nullValidator);
Copy link
Member Author

@GuySartorelli GuySartorelli May 28, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Without this change, we get this error:

You've already used that password in the past, please choose a new password

The comment makes it clear this was the intention here.
Outside of testing I can't see any reason to not have a member password validator, and the current behaviour is when null is passed in the result is the default password validator is instantiated which IMO is good behaviour.

GuySartorelli
GuySartorelli commented May 28, 2024
View reviewed changes
src/Context/LoginContext.php
$member->FirstName = $identifier;
$member->Surname = "User";
$member->Email = $email;
$member->PasswordEncryption = "none";
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the main change for this PR - anything else is done to support this change.

@emteknetnz emteknetnz merged commit 678358e into silverstripe:5.3 May 28, 2024
9 checks passed
@emteknetnz emteknetnz deleted the pulls/5.3/no-deprecated-encryptor branch May 28, 2024 21:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@emteknetnz emteknetnz emteknetnz approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@GuySartorelli @emteknetnz