issue2551265 - deprecate SSHA password hash method

rouilj · rouilj · commit 9d9bd9d0804c · 2023-04-01T20:48:02.000-04:00
Users using SSHA passwords will have their passwords transprently
upgraded to PBKDF2 derived hash on next login.
diff --git a/CHANGES.txt b/CHANGES.txt
@@ -118,6 +118,9 @@ Features:
   like "[issue23] subject". (John Rouillard)
 - [doc]: add section on implementing CSP for Roundup to admin
   doc. (John Rouillard)
+- issue2551265 - deprecate SSHA password hash method. Users using SSHA
+  passwords will have their passwords transprently upgraded to PBKDF2
+  derived hash on next login. (John Rouillard)
 
 2022-07-13 2.2.0
 
diff --git a/roundup/password.py b/roundup/password.py
@@ -395,9 +395,9 @@ class Password(JournalPassword):
     1
     """
 
-    deprecated_schemes = ["SHA", "MD5", "crypt", "plaintext"]
+    deprecated_schemes = ["SSHA", "SHA", "MD5", "crypt", "plaintext"]
     experimental_schemes = ["PBKDF2S5"]
-    known_schemes = ["PBKDF2", "SSHA"] + experimental_schemes + \
+    known_schemes = ["PBKDF2"] + experimental_schemes + \
                     deprecated_schemes
 
     def __init__(self, plaintext=None, scheme=None, encrypted=None,

Original file line number	Diff line number	Diff line change
`@@ -395,9 +395,9 @@ class Password(JournalPassword):`
`395`	`395`	`1`
`396`	`396`	`"""`
`397`	`397`
`398`		`- deprecated_schemes = ["SHA", "MD5", "crypt", "plaintext"]`
	`398`	`+ deprecated_schemes = ["SSHA", "SHA", "MD5", "crypt", "plaintext"]`
`399`	`399`	`experimental_schemes = ["PBKDF2S5"]`
`400`		`- known_schemes = ["PBKDF2", "SSHA"] + experimental_schemes + \`
	`400`	`+ known_schemes = ["PBKDF2"] + experimental_schemes + \`
`401`	`401`	`deprecated_schemes`
`402`	`402`
`403`	`403`	`def __init__(self, plaintext=None, scheme=None, encrypted=None,`