We want to migrate our current users to UserFrosting. One issue is that the existing system uses a different hash function. Is there an example of overriding or replacing the hash function at the site level? Ideally, we would like new users to use the UserFrosting hash but maintain compatibility with existing users
As of a few hotfixes ago, you can now override the passwordHasher
service, to use your own custom Hasher
class. The getHashType
method of this class should be modified to determine what type of hashing was used on the password.
We should probably implement an interface for this, so that it will be easier for people to implement their own custom hash recognition.
Meanwhile, in the User
class, the onLogin
method updates the password to the latest hashing function when the user next logs in (see https://github.com/userfrosting/UserFrosting/blob/master/app/sprinkles/account/src/Database/Models/User.php#L344-L380).
In 4.2, we should probably factor this out so that everything can be done in one custom Hash
class.