ottoka opened a new pull request #753: URL: https://github.com/apache/james-project/pull/753
See https://issues.apache.org/jira/browse/JAMES-3674 for a general description. This comes in two commits for clarification: 1. Extend `Algorithm.HashingMode` with new options `salted` and `legacy_salted`, and renaming `default` to `plain` now that there are multiple options. Remove the implicit factory mechanism in favor of an explicit second parameter, i.e.`Algorithm.of(algorithmName, hashingMode)`. Then have `DefaultUser` include the username when the selected algorithm requires salting. 2. Introduce a `CassandraUsersRepository` to pass configuration options to the user DAO. Extend the latter to remember the preferred algorithm and hashing mode from the configuration, and use them when hashing new passwords. But add an explicit `hashingmode` colum next to `algorithm` and `password` in the user table, and use them together during verification. Add a new configuration option `hashingModeFallback` to use when the `hashingmode` column is `null`, which avoids a costly migration solution and reduces upgrading to a single CQL command (see upgrade-instructions.md). Note that this only works for Cassandra. I believe it should be easy to do something similar for JPA, but I have never used it and do not feel comfortable with touching that part of the code base. Obviously does not apply to LDAP. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
