Allow MD5 passwords to be re-hashed [#2182481]

Similar to contrib Migrate we need a destination option that allows passwords that comes in with MD5 hashing to be salted and rehashed in a Drupal >=7 way.

Few notes:

This should be a main migrate module feature as not only Drupal 6 have such passwords. There are many legacy systems providing MD5 hashed passwords.
This cannot be done in a processor. When user entity saves it already rehash poor passwords. We need to act after saving (see https://api.drupal.org/api/drupal/modules%21user%21user.install/function...).

Comment	File	Size	Author
#6	interdiff.txt	2.41 KB	chx
#5	2182481-5.patch	8.84 KB	claudiu.cristea
#3	2182481-3.patch	14.74 KB	claudiu.cristea
#1	2182481-1.patch	2.24 KB	claudiu.cristea

Comments

Comment #1

claudiu.cristea

Romanian

Arad 🇷🇴

commented 27 January 2014 at 07:28

Status	File	Size
new	2182481-1.patch	2.24 KB

A user migration wanting to rehash MD5 passwords will need to use the new entity_user destination plugin and set the md5_passwords to true:

destination:
  plugin: entity_user
  md5_passwords: true

Comment #2

claudiu.cristea

Romanian

Arad 🇷🇴

commented 27 January 2014 at 07:27

Status:

Active

» Needs review

Comment #3

claudiu.cristea

Romanian

Arad 🇷🇴

commented 27 January 2014 at 19:13

Status	File	Size
new	2182481-3.patch	14.74 KB

1 file was hidden/shown/deleted

Status	File	Size
hidden	2182481-1.patch	2.24 KB

Here's a new patch after IRC discussion with @chx.

I added also a simpletest. Why not phpunit test? Because we need to full test also the later password rehashing when user is logging in.

Thank you so much! This really is great. I have two problems: being logged in should be checked by $this->assertTrue($this->drupalUserIsLoggedIn($account));. The other is the test module -- all the other tests are using Drupal 6 dumps, why we can't do that? I mean, sure, we don't yet have a d6 user migration but you could start it. I understand those are migrate_drupal tests, well, for example, the entity destination is only tested by those too so I would see no problems adding a migrate_drupal test for this as well. You could have a d6_user migration doing the basics, uid,name,mail and of course password and then we will finish it later. Thanks again.

Comment #5

claudiu.cristea

Romanian

Arad 🇷🇴

commented 27 January 2014 at 20:19

Status	File	Size
new	2182481-5.patch	8.84 KB

1 file was hidden/shown/deleted

Status	File	Size
hidden	2182481-3.patch	14.74 KB

OK. Then the test will go in the future d6_user migration as we have there the dump and we can test all together.

Comment #6

chx commented 27 January 2014 at 20:28

Status:

Needs review

» Fixed

Status	File	Size
new	interdiff.txt	2.41 KB

Thanks, I committed this with some small changes. See attached interdiff.

Comment #7

claudiu.cristea

Romanian

Arad 🇷🇴

commented 28 January 2014 at 09:54

Indeed, we need that additional check.

I changed also docs at https://drupal.org/node/2174881 and added a new subpage for this new plugin at https://drupal.org/node/2183357

Comment #8

11 February 2014 at 10:00

Status:

Fixed

» Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

Allow MD5 passwords to be re-hashed

Comments

Comment #1

Comment #2

Comment #3

Comment #4

Comment #5

Comment #6

Comment #7

Comment #8

News items

Our community

Documentation

Drupal code base

Governance of community