|
@@ -1113,6 +1113,11 @@ func (am *AccountManager) checkPassphrase(accountName, passphrase string) (accou
|
1113
|
1113
|
if passwd.CompareHashAndPassword(account.Credentials.PassphraseHash, []byte(passphrase)) != nil {
|
1114
|
1114
|
err = errAccountInvalidCredentials
|
1115
|
1115
|
}
|
|
1116
|
+ if err == nil && account.Credentials.SCRAMCreds.Iters == 0 {
|
|
1117
|
+ // XXX: if the account was created prior to 2.8, it doesn't have SCRAM credentials;
|
|
1118
|
+ // since we temporarily have access to a valid plaintext password, create them:
|
|
1119
|
+ am.rehashPassword(account.Name, passphrase)
|
|
1120
|
+ }
|
1116
|
1121
|
case -1:
|
1117
|
1122
|
err = am.checkLegacyPassphrase(migrations.CheckAthemePassphrase, accountName, account.Credentials.PassphraseHash, passphrase)
|
1118
|
1123
|
case -2:
|
|
@@ -1132,11 +1137,15 @@ func (am *AccountManager) checkLegacyPassphrase(check migrations.PassphraseCheck
|
1132
|
1137
|
return errAccountInvalidCredentials
|
1133
|
1138
|
}
|
1134
|
1139
|
// re-hash the passphrase with the latest algorithm
|
1135
|
|
- err = am.setPassword(account, passphrase, true)
|
|
1140
|
+ am.rehashPassword(account, passphrase)
|
|
1141
|
+ return nil
|
|
1142
|
+}
|
|
1143
|
+
|
|
1144
|
+func (am *AccountManager) rehashPassword(accountName, passphrase string) {
|
|
1145
|
+ err := am.setPassword(accountName, passphrase, true)
|
1136
|
1146
|
if err != nil {
|
1137
|
|
- am.server.logger.Error("internal", "could not upgrade user password", err.Error())
|
|
1147
|
+ am.server.logger.Error("internal", "could not upgrade user password", accountName, err.Error())
|
1138
|
1148
|
}
|
1139
|
|
- return nil
|
1140
|
1149
|
}
|
1141
|
1150
|
|
1142
|
1151
|
func (am *AccountManager) loadWithAutocreation(accountName string, autocreate bool) (account ClientAccount, err error) {
|