Talking with my co-workers we might have found the reason why the hash is so different.
On Thursday, February 26, 2015 at 3:48:16 PM UTC-5, mcloide wrote:
-- The original hash was made in php 5.3, this test was made in php 5.6, when I first tested the issue that generated this thread it was also under php 5.6 which means, that, knowing that php has changed it's hash mechanisms it might explain why the hash string is so far apart.
On Thursday, February 26, 2015 at 3:48:16 PM UTC-5, mcloide wrote:
Well I did more than simply doing some gists but it did help me see that my current application has something wrong in sense that you are correct, cake2 to cake3 Simple and Weak methods are the same.This is my path for troubleshooting:Create a new cake 2.6.2 application from scratch, add authentication, and users creation.Create a new cake 3 application from scratch, add authentication and users creation.In summary both apps looks just like the Blog tutorials from both Cake 2.6 and Cake 3. In the gist there are the important files related to both apps.Based on the resulting table (also on the gist), you are 100% right, my cake 3 application should be able to login using my cake 2 application password since it doesn't, I needed to troubleshoot a bit more and I have found out that I had a double Auth entry on my cake 2 app controller.The part that is killing me right now is how did the "changeme" password got saved as "cb15d8050a3da1c302e62d27b57e12 8fb4aef8207b39cd17d44afb383839 0c43" instead of " c88333b093105e07acff5b19be6fba f51e6482b1" and, even after the App Controller authentication was corrected, removing the 2nd 'Auth" entry the login still works on the old application in which I would assume it wouldn't. Is there any way that I can know what hashing method is if ($this->Auth->login()) using at the login moment?
On Thursday, February 26, 2015 at 3:19:37 AM UTC-5, José Lorenzo wrote:How did you configure the salt and your Weak password hasher? Please show the code in gist or here.I can guarantee that passwords can be used from cake 2 in cake 3 because I've migrated a couple apps already.
On Thursday, February 26, 2015 at 9:06:57 AM UTC+1, mcloide wrote:This is a scenario that is true to me and it is leading me to take the decision to not upgrade to Cake3 at this moment.I have 2 applications and one has to communicate with another. One application has been fully built with the latest stable version of cake 2 and the new application, that is on legacy code, was going to be using cake 3 so we could benefit of all of the new perks. Unfortunately with the removal of the cipherseed and the cipher functions a password that was generated in cake2 now can't be used in cake3.Example of password encryption results using CakePHP 2.6 and CakePHP 3password = changemeSalt and Cipherseed where kept the same among both versions.CakePHP 2.6HashClass = SimpleHashType = SHA256Encryption result = cb15d8050a3da1c302e62d27b57e128fb4aef8207b39cd17d44afb383839 0c43 CakePHP 3HashClass = WeakHashType = SHA256Encryption result = c88333b093105e07acff5b19be6fbaf51e6482b1 I had asked this on twitter before and the response that I got was that there would be backwards compatibility if you were using Simple password hasher in CakePHP 2.6 and upgraded it to CakePHP 3 so I wouldn't need to change all my users passwords through the database or force them to reset their password.Based on the result above I don't see how I can use the same password system from Cake 2 to Cake 3 and it also doesn't seem like it is using the hashType set on config.Is there anything I'm missing here. Can anyone help?I need to decide really quick if I will move forth with Cake 3 or keep development with Cake 2.Thanks in advance.
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscribe@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment