Merge remote-tracking branch 'forgejo/v1.18/forgejo-development' into v1.18/forgejo

Author: Loïc Dachary

custom/conf/app.example.ini

@@ -439,8 +439,8 @@ INTERNAL_TOKEN=
 ;;Classes include "lower,upper,digit,spec"
 ;PASSWORD_COMPLEXITY = off
 ;;
-;; Password Hash algorithm, either "argon2", "pbkdf2", "scrypt" or "bcrypt"
-;PASSWORD_HASH_ALGO = pbkdf2
+;; Password Hash algorithm, either "argon2", "pbkdf2"/"pbkdf2_v2", "pbkdf2_hi", "scrypt" or "bcrypt"
+;PASSWORD_HASH_ALGO = pbkdf2_hi
 ;;
 ;; Set false to allow JavaScript to read CSRF cookie
 ;CSRF_COOKIE_HTTP_ONLY = true

modules/auth/password/hash/setting.go

@@ -3,7 +3,14 @@
 
 package hash
 
-const DefaultHashAlgorithmName = "pbkdf2"
+// DefaultHashAlgorithmName represents the default value of PASSWORD_HASH_ALGO
+// configured in app.ini.
+//
+// It is NOT the same and does NOT map to the defaultEmptyHashAlgorithmSpecification.
+//
+// It will be dealiased as per aliasAlgorithmNames whereas
+// defaultEmptyHashAlgorithmSpecification does not undergo dealiasing.
+const DefaultHashAlgorithmName = "pbkdf2_hi"
 
 var DefaultHashAlgorithm *PasswordHashAlgorithm
 

modules/auth/password/hash/setting_test.go

@@ -28,11 +28,11 @@ func TestCheckSettingPasswordHashAlgorithm(t *testing.T) {
 		})
 	}
 
-	t.Run("pbkdf2_v2 is the default when default password hash algorithm is empty", func(t *testing.T) {
+	t.Run("pbkdf2_hi is the default when default password hash algorithm is empty", func(t *testing.T) {
 		emptyConfig, emptyAlgo := SetDefaultPasswordHashAlgorithm("")
-		pbkdf2v2Config, pbkdf2v2Algo := SetDefaultPasswordHashAlgorithm("pbkdf2_v2")
+		pbkdf2hiConfig, pbkdf2hiAlgo := SetDefaultPasswordHashAlgorithm("pbkdf2_hi")
 
-		assert.Equal(t, pbkdf2v2Config, emptyConfig)
-		assert.Equal(t, pbkdf2v2Algo.Name, emptyAlgo.Name)
+		assert.Equal(t, pbkdf2hiConfig, emptyConfig)
+		assert.Equal(t, pbkdf2hiAlgo.Name, emptyAlgo.Name)
 	})
 }

tests/mssql.ini.tmpl

@@ -98,6 +98,7 @@ COLORIZE             = true
 LEVEL                = Debug
 
 [security]
+PASSWORD_HASH_ALGO = argon2
 DISABLE_GIT_HOOKS = false
 INSTALL_LOCK   = true
 SECRET_KEY     = 9pCviYTWSb

tests/mysql.ini.tmpl

@@ -117,6 +117,7 @@ COLORIZE             = true
 LEVEL                = Debug
 
 [security]
+PASSWORD_HASH_ALGO = argon2
 DISABLE_GIT_HOOKS = false
 INSTALL_LOCK   = true
 SECRET_KEY     = 9pCviYTWSb

tests/mysql8.ini.tmpl

@@ -95,6 +95,7 @@ COLORIZE             = true
 LEVEL                = Debug
 
 [security]
+PASSWORD_HASH_ALGO = argon2
 DISABLE_GIT_HOOKS = false
 INSTALL_LOCK   = true
 SECRET_KEY     = 9pCviYTWSb

tests/pgsql.ini.tmpl

@@ -99,6 +99,7 @@ COLORIZE             = true
 LEVEL                = Debug
 
 [security]
+PASSWORD_HASH_ALGO = argon2
 DISABLE_GIT_HOOKS = false
 INSTALL_LOCK   = true
 SECRET_KEY     = 9pCviYTWSb

tests/sqlite.ini.tmpl

@@ -94,6 +94,7 @@ COLORIZE             = true
 LEVEL                = Debug
 
 [security]
+PASSWORD_HASH_ALGO = argon2
 DISABLE_GIT_HOOKS = false
 INSTALL_LOCK   = true
 SECRET_KEY     = 9pCviYTWSb