I noticed MWOldPassword is broken while working on
I7024b287a7. When generating new passwords for it,
a superfluous : is being added to the serialized hash
within the database (and that breaks parsing so that
people can't ever log in).
As this is not really relevant in the real world (as
nobody is hopefully using plain MD5 passwords anymore),
this doesn't need any backward compatibility handling
for the broken hashes.
Change-Id: I753c135a6de39008488bd7462c2bfcda2cbac116
Deprecated the old User::crypt, et. al password hashing
system and implemented an extensible password hashing
API.
The new Password class allows registering of child classes
and provides factory functions for creating new Password
objects. The built-in hash types are the old MediaWiki MD5
types, which are for backwards-compatibility only, and bcrypt.
Also included is support for wrapping existing hashes as well
as encrypting passwords with a configured encryption key.
Bug: 54948
Bug: 28419
Change-Id: I0a9c972931a0eff0cfb2619cef3ddffd03710285
