Details
-
Bug
-
Resolution: Fixed
-
High
-
2017.12
-
None
-
[2.2] Sprint 6
Description
Reproduced with LegacyBridge, but should be possible to reproduce on every non-ee installation with ezpublish-legacy >= v2017.12.0
ezsystems/ezpublish-legacy v2017.12.2.1 ezsystems/ezpublish-kernel v6.13.1.2 ezsystems/legacy-bridge v1.4.7
This is a regression from https://jira.ez.no/browse/EZP-28214 (https://github.com/ezsystems/ezpublish-legacy/pull/1334). If the PASSWORD_HASH_MD5_PASSWORD is used as a password_hash_type for a user then it is not possible to log in.
When a user tries to log in, he can't and immediately ends-up with the following error in logs:
eZDebug::writeError( "Password hash type ID '$type' is not recognized. " .
'Defaulting to eZUser::DEFAULT_PASSWORD_HASH.' );
$str = self::createHash( $user, $password, $site, self::DEFAULT_PASSWORD_HASH, $hash );
Steps to reproduce
1. Install eZ Platform 2018 with LegacyBridge
2. Revert https://github.com/ezsystems/ezpublish-legacy/commit/81a53da8030f9ec4175c92a167d3ebb4ca982725
3. Edit settings/override/site.ini*, set [UserSettings] HashType=md5_password
4. Create a new user. Verify that it can login.
5. Re-apply https://github.com/ezsystems/ezpublish-legacy/commit/81a53da8030f9ec4175c92a167d3ebb4ca982725
6. Verify that the new user cannot login, see error message above.
7. Apply the PR https://github.com/ezsystems/ezpublish-legacy/pull/1354
8. Verify that the new user can login.
9. Verify that other users can also login as normal.