Switched password hashing algorithm

Removed obsolete config file
2026-03-28 07:39:25 +01:00 · 2026-03-22 17:29:38 +01:00 · 2026-03-07 18:20:48 +01:00
5 changed files with 7 additions and 15 deletions
--- a/.devtools/data_generation_scripts/9999_reset_admin_password.php
+++ b/.devtools/data_generation_scripts/9999_reset_admin_password.php
@ -15,5 +15,5 @@ if ($adminUserRow == null)
 }

 $adminUserRow->update([
-	'password' => password_hash('admin', PASSWORD_DEFAULT)
+	'password' => password_hash('admin', PASSWORD_ARGON2ID)
 ]);
--- a/.editorconfig
+++ b/.editorconfig
@ -1,8 +0,0 @@
-root = true
-
-[*]
-indent_style = tab
-indent_size = 4
-charset = utf-8
-trim_trailing_whitespace = true
-insert_final_newline = true
--- a/middleware/DefaultAuthMiddleware.php
+++ b/middleware/DefaultAuthMiddleware.php
@ -40,10 +40,10 @@ class DefaultAuthMiddleware extends AuthMiddleware
 				$sessionKey = SessionService::getInstance()->CreateSession($user->id, $stayLoggedInPermanently);
 				self::SetSessionCookie($sessionKey);

-				if (password_needs_rehash($user->password, PASSWORD_DEFAULT))
+				if (password_needs_rehash($user->password, PASSWORD_ARGON2ID))
 				{
 					$user->update([
-						'password' => password_hash($inputPassword, PASSWORD_DEFAULT)
+						'password' => password_hash($inputPassword, PASSWORD_ARGON2ID)
 					]);
 				}

--- a/migrations/0027.php
+++ b/migrations/0027.php
@ -9,7 +9,7 @@ if (defined('GROCY_HTTP_USER'))
 	// Migrate old user defined in config file to database
 	$newUserRow = $db->users()->createRow([
 		'username' => GROCY_HTTP_USER,
-		'password' => password_hash(GROCY_HTTP_PASSWORD, PASSWORD_DEFAULT)
+		'password' => password_hash(GROCY_HTTP_PASSWORD, PASSWORD_ARGON2ID)
 	]);
 	$newUserRow->save();
 }
@ -18,7 +18,7 @@ else
 	// Create default user "admin" with password "admin"
 	$newUserRow = $db->users()->createRow([
 		'username' => 'admin',
-		'password' => password_hash('admin', PASSWORD_DEFAULT)
+		'password' => password_hash('admin', PASSWORD_ARGON2ID)
 	]);
 	$newUserRow->save();
 }
--- a/services/UsersService.php
+++ b/services/UsersService.php
@ -12,7 +12,7 @@ class UsersService extends BaseService
 			'username' => $username,
 			'first_name' => $firstName,
 			'last_name' => $lastName,
-			'password' => password_hash($password, PASSWORD_DEFAULT),
+			'password' => password_hash($password, PASSWORD_ARGON2ID),
 			'picture_file_name' => $pictureFileName
 		]);
 		$newUserRow = $newUserRow->save();
@ -61,7 +61,7 @@ class UsersService extends BaseService
 				'username' => $username,
 				'first_name' => $firstName,
 				'last_name' => $lastName,
-				'password' => password_hash($password, PASSWORD_DEFAULT),
+				'password' => password_hash($password, PASSWORD_ARGON2ID),
 				'picture_file_name' => $pictureFileName
 			]);
 		}
Author	SHA1	Message	Date
Bernd Bestel	f32d0bb28d	Switched password hashing algorithm	2026-03-22 17:29:38 +01:00
Bernd Bestel	23af6adcee	Removed obsolete config file	2026-03-07 18:20:48 +01:00