[Bps-public-commit] rt-extension-resetpassword branch, sha256-instead-of-md5-for-token-generation, repushed
Dianne Skoll
dianne at bestpractical.com
Fri Sep 4 15:31:56 EDT 2020
The branch sha256-instead-of-md5-for-token-generation was deleted and repushed:
was 2754310da63d4a15609748bbbe1440e0f6ae20bc
now b2aa780f9bc7449825be589368b9c60cc47a423f
1: 2754310 ! 1: 3ca5051 Refactor code to avoid duplicating token-generating code.
@@ -1,8 +1,6 @@
Author: Dianne Skoll <dianne at bestpractical.com>
- Refactor code to avoid duplicating token-generating code.
-
- Also, use SHA256 as the hash function instead of MD5.
+ Refactor code to avoid duplicating token-generating code.
diff --git a/html/NoAuth/ResetPassword/Reset/dhandler b/html/NoAuth/ResetPassword/Reset/dhandler
--- a/html/NoAuth/ResetPassword/Reset/dhandler
@@ -30,11 +28,7 @@
--- a/lib/RT/Extension/ResetPassword.pm
+++ b/lib/RT/Extension/ResetPassword.pm
@@
- use strict;
- use warnings;
-+use Digest::SHA qw(sha256_hex);
-+
our $VERSION = '1.06';
-sub CreateTokenAndResetPassword {
@@ -47,16 +41,16 @@
+ RT::Logger->error( "Need to provide a loaded RT::User object for CreateToken" );
+ return undef;
}
-
+-
- my $token = Digest::MD5->new()->add(
-+ return sha256_hex(
++ return Digest::MD5->new()->add(
$user->id,
$user->__Value('Password'),
$RT::DatabasePassword,
$user->LastUpdated,
@{[$RT::WebPath]} . '/NoAuth/ResetPassword/Reset'
- )->hexdigest();
-+ );
++ )->hexdigest();
+}
+
+sub CreateTokenAndResetPassword {
@@ -67,3 +61,4 @@
my ($status, $msg) = RT::Interface::Email::SendEmailUsingTemplate(
To => $user->EmailAddress,
+
-: ------- > 2: b2aa780 Use SHA256 instead of MD5 to generate the token.
More information about the Bps-public-commit
mailing list