Drop wgPasswordSalt, deprecated since 1.24

Depends-On: Ic9952a1bd8563f218c3c581d4b206ebd6c6c9c44 Change-Id: I8b1d43aba62859645221caf5ff340903e4d61787
2019-07-12 16:44:38 -07:00 · 2019-07-12 16:44:38 -07:00 · 2e909bcb5f
commit 2e909bcb5f
parent e745bfed82
4 changed files with 3 additions and 20 deletions
--- a/RELEASE-NOTES-1.34
+++ b/RELEASE-NOTES-1.34
@ -70,6 +70,8 @@ For notes on 1.33.x and older releases, see HISTORY.
 * $wgDebugPrintHttpHeaders - The default of including HTTP headers in the
  debug log channel is no longer configurable. The debug log itself remains
  configurable via $wgDebugLogFile.
+* $wgPasswordSalt – This setting, used for migrating exceptionally old, insecure
+  password setups and deprecated since 1.24, is now removed.

 === New user-facing features in 1.34 ===
 * Special:Mute has been added as a quick way for users to block unwanted emails
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@ -4710,12 +4710,6 @@ $wgRemoveCredentialsBlacklist = [
 	\MediaWiki\Auth\PasswordAuthenticationRequest::class,
 ];

-/**
- * For compatibility with old installations set to false
- * @deprecated since 1.24 will be removed in future
- */
-$wgPasswordSalt = true;
-
 /**
 * Specifies the minimal length of a user password. If set to 0, empty pass-
 * words are allowed.
--- a/includes/auth/LocalPasswordPrimaryAuthenticationProvider.php
+++ b/includes/auth/LocalPasswordPrimaryAuthenticationProvider.php
@ -113,11 +113,7 @@ class LocalPasswordPrimaryAuthenticationProvider
 		// Check for *really* old password hashes that don't even have a type
 		// The old hash format was just an md5 hex hash, with no type information
 		if ( preg_match( '/^[0-9a-f]{32}$/', $row->user_password ) ) {
-			if ( $this->config->get( 'PasswordSalt' ) ) {
-				$row->user_password = ":B:{$row->user_id}:{$row->user_password}";
-			} else {
-				$row->user_password = ":A:{$row->user_password}";
-			}
+			$row->user_password = ":B:{$row->user_id}:{$row->user_password}";
 		}

 		$status = $this->checkPasswordValidity( $username, $req->password );
--- a/tests/phpunit/includes/auth/LocalPasswordPrimaryAuthenticationProviderTest.php
+++ b/tests/phpunit/includes/auth/LocalPasswordPrimaryAuthenticationProviderTest.php
@ -336,15 +336,6 @@ class LocalPasswordPrimaryAuthenticationProviderTest extends \MediaWikiTestCase
 		);

 		// Correct handling of really old password hashes
-		$this->config->set( 'PasswordSalt', false );
-		$password = md5( 'FooBar' );
-		$dbw->update( 'user', [ 'user_password' => $password ], [ 'user_name' => $userName ] );
-		$req->password = 'FooBar';
-		$this->assertEquals(
-			AuthenticationResponse::newPass( $userName ),
-			$provider->beginPrimaryAuthentication( $reqs )
-		);
-
 		$this->config->set( 'PasswordSalt', true );
 		$password = md5( "$id-" . md5( 'FooBar' ) );
 		$dbw->update( 'user', [ 'user_password' => $password ], [ 'user_name' => $userName ] );