Remove support for deprecated password-hashing algorithm

* Remove all methods implementing and checking for the old algorithm * Document a pre-upgrade step to check for remaining obsolete passwords * Remove config.salt
2026-02-05 23:41:48 +01:00 · 2014-11-15 09:46:59 -05:00 · 2014-11-15 09:46:59 -05:00 · ea0d40060a
commit ea0d40060a
parent 6caa2de318
19 changed files with 17 additions and 164 deletions
--- a/features/handling_users_with_deprecated_password_hashes.feature
+++ b/features/handling_users_with_deprecated_password_hashes.feature
@ -1,35 +0,0 @@
-Feature: Handling users with deprecated passwords hashes
-  In order to have my password hashed with BCrypt
-  As a user with password hashed with SHA1
-  I have to be redirected to the password resetting form
-
-  Background:
-    Given the following user records with hash algorithm
-      | login         | password        | algorithm  |
-      | new_hash_user | first_secret    | bcrypt     |
-      | old_hash_user | another_secret  | sha1       |
-
-  Scenario Outline: A user with SHA1 password
-    Given I have logged in as "old_hash_user" with password "another_secret"
-    When I go to the <name> page
-    Then I should be redirected to the change password page
-    And I should see "You have to reset your password"
-    When I change my password to "newer_better_password"
-    Then I should be redirected to the preference page
-
-    Examples:
-      | name        |
-      | home        |
-      | preferences |
-      | notes       |
-      | tickler     |
-
-  Scenario: A user with SHA1 password goes straight to the change password page
-    Given I have logged in as "old_hash_user" with password "another_secret"
-    When I go to the change password page
-    Then I should be on the change password page
-
-  Scenario: A user with BCrypt password
-    Given I have logged in as "new_hash_user" with password "first_secret"
-    When I go to the homepage
-    Then I should be on the homepage
--- a/features/step_definitions/user_steps.rb
+++ b/features/step_definitions/user_steps.rb
@ -6,34 +6,6 @@ Given /^the following user records?$/ do |table|
  end
 end

-Given /^the following user records with hash algorithm$/ do |table|
-  User.delete_all
-  table.hashes.each do | hash |
-    password = hash[:password]
-    algorithm = hash[:algorithm]
-    hash.delete("algorithm")
-
-    user = FactoryGirl.create(:user, hash)
-
-    case algorithm
-    when 'bcrypt'
-      user.change_password( password, password )
-      user.reload
-      expect(BCrypt::Password.new(user.crypted_password)).to eq(password)
-    when 'sha1'
-      user.password = user.password_confirmation = nil
-      user.send(:write_attribute, :crypted_password, user.sha1(password))
-      user.save
-      user.reload
-      expect(user.crypted_password).to eq(user.sha1(password))
-    else
-      raise "Unknown hashing algorithm: #{algorithm}"
-    end
-
-    user.create_preference({:locale => 'en'})
-  end
-end
-
 Given("no users exists") do
  User.delete_all
 end