Encrypt transition #189
Open
Encrypt transition #189
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Store information whether account has been migrated or not - Authenticate user either with the old or new system depending on whether they have been marked already migrated - Create new accounts as already migrated ones This first part does NOT implement migration of existing accounts. Signed-off-by: Marko Lindqvist <[email protected]>
Accounts are migrated when they login the first time during the transition period. Plain-text passwords that the client sends for authentication are also encrypted with the new method, and the password encrypted with the old method are replaced by those. Signed-off-by: Marko Lindqvist <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Patch or patches to start transition from the old password encryption to the new one, required by upcoming database engine update.
First commit implements authentication part (authentication of each account by the method matching how password is currently stored) + creation of the new accounts (always) with the new encryption. At least this one is needed.
The second commit adds migration of existing accounts to the above. When user gets successfully authenticated by the old method (i.e. when user of an existing account logins for the first time since this commit has been applied), the plain-text password used is encrypted with the new method, and updated to the database.
I've tested these with persistent (one first populated without these commits & ENCRYPT change already in the master branch) database living on ubuntu-18.04 virtual machine. Both pre-existing and new accounts created after applying the commits authenticate correctly. Database fields seem to update in a sane way ('auth' table gets the new column, indicating whether account has already migrated or not, when freeciv-web is first updated, information on the table is changing as expected when accounts are created and authenticated).
What still needs to be tested is that this really resolves the issue for which it exist - to allow updating the database engine (as part of OS update) with all the migrated accounts still working.
These leave it open what happens when the account migration period ends - what old information we still keep after we lose the ability to do further migrations.